FIPS Compliance for PingDirectory

The Federal Risk and Authorization Management Program (FedRAMP) could require that United States government agencies and organizations that work with those agencies ensure that their cloud-based services adhere to either the FIPS 140-2 or FIPS 140-3 specification. These specifications define requirements for cryptographic processing.

The PingDirectory, PingDirectoryProxy, and PingDataSync servers support running in FIPS-compliant mode using either the FIPS 140-2 or FIPS 140-3 specification.

When setting up in FIPS-compliant mode, the server uses the Bouncy Castle FIPS Java API in approved-only mode, which rejects attempts to use non-FIPS-compliant cryptography.