Agility does not natively include FIPS 140‑2/140‑3 validated cryptography for cryptographic services and for protecting sensitive data and secrets.

For Federal Space Agility requires integration with a FIPS‑validated cryptographic module (e.g., Digital.ai Key & Data Protection, cert #4910) to satisfy Federal agency cryptographic requirements for Security Authorization.

VA and other Federal agencies policies requires FIPS‑validated cryptography when encrypting sensitive information at rest or in transit. As such, encryption services (data at rest, secrets, credentials, tokens) should be provided through Digital.ai Key & Data Protection or other validated cryptographic module, not Agility’s internal mechanisms.

Reference: VA Office of Information & Technology – TRM Agility Entry
https://www.oit.va.gov/Services/TRM/ToolPage.aspx?tid=15130

Analysis tab> Risk Mitigation section>Second bullet point:

"IPR/SAR Adoption Risk - Digital.ai Agility Platform is not Federal Information Processing Standards (FIPS) 140-2 (or its successor) certified. However, Digital.ai offers a separate product, Key and Data Protection, that is a FIPS-validated cryptographic module (certificate #4910) to achieve FIPS compliance."

by: Andrei A. | 16 days ago | Other