Is Gmail FIPS 140-2 compliant?

Google Cloud Platform uses a FIPS 140-2 validated encryption module called BoringCrypto (certificate 3318) in our production environment. This means that both data in transit to the customer and between data centers, and data at rest are encrypted using FIPS 140-2 validated encryption.

What FIPS 140-2?

The Federal Information Processing Standard 140-2 (FIPS 140-2) is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet well-defined security standards.

Is the FIPS 140-1 and 140-2 validated modules search?

The FIPS 140-1 and FIPS 140-2 validated modules search provides access to the official validation information of all cryptographic modules that have been tested and validated under the Cryptographic Module Validation Program as meeting requirements for FIPS PUB 140-1 and FIPS PUB 140-2.

Are there any encryption algorithms which are compliant with FIPS 140-2?

Is there any reference to check the list of encryption & signing algorithms which are compliant to FIPS 140-2. After an exhaustive search I could find only “AES”. Any suggestions would be much appreciated. Take a look at FIPS 140-2 Annex A. It lists the following: The current list of FIPS-approved cryptographical methods is here.

Who are the vendors of FIPS 140-1 CSRC?

BigFix, Inc. Biscom, Inc. BitArmor Systems, Inc. Bloombase, Inc. Blue Coat® Systems, Inc. Bluesocket, Inc. Box, Inc. 2583 – Box JCA Cryptographic Module Britestream Networks, Inc. 706 – Britestream nCipher Asymmetric Module Historical

How long does FIPS 140-3 stay on active list?

FIPS 140-3 submissions for validations are being accepted. Upon validation, modules will be placed on the Active list for 5 years and may be purchased for new and existing applications. CMVP is experiencing a significant backlog in the validation process. Use of validated modules currently on the active list is encouraged.