---
title: FIPS Compliance for PingDirectory
description: The Federal Risk and Authorization Management Program (FedRAMP) could require that United States government agencies and organizations that work with those agencies ensure that their cloud-based services adhere to either the FIPS 140-2 or FIPS 140-3 specification. These specifications define requirements for cryptographic processing.
component: pingdirectory
version: 11.0
page_id: pingdirectory:fips_140-2_compliance_for_pingdirectory:pd_fips_compliance
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/fips_140-2_compliance_for_pingdirectory/pd_fips_compliance.html
revdate: September 13, 2023
page_aliases: ["pd_met_intro_fips_compliance.adoc"]
---

# FIPS Compliance for PingDirectory

The [Federal Risk and Authorization Management Program](https://www.fedramp.gov/) (FedRAMP) could require that United States government agencies and organizations that work with those agencies ensure that their cloud-based services adhere to either the [FIPS 140-2](https://csrc.nist.gov/pubs/fips/140-2/upd2/final) or [FIPS 140-3](https://csrc.nist.gov/pubs/fips/140-3/final) specification. These specifications define requirements for cryptographic processing.

The PingDirectory, PingDirectoryProxy, and PingDataSync servers support running in FIPS-compliant mode using either the FIPS 140-2 or FIPS 140-3 specification.

When setting up in FIPS-compliant mode, the server uses the [Bouncy Castle FIPS Java API](https://www.bouncycastle.org/fips-java/) in approved-only mode, which rejects attempts to use non-FIPS-compliant cryptography.