What is FIPS
Federal Information Processing Standards (FIPS) defines a security standard that the US and Canadian governments use to ensure they properly test and approve encryption in IT products. When a product passes validation, the certifying authority issues a certificate that lists the product name, version, and security assurance level, which ranges from level 1 to level 4.
FIPS 140-3 certification is often required for US federal agencies and contractors handling government data. It’s also widely adopted in other sectors where data protection is critical, such as healthcare, finance, and defense, to meet regulatory or customer security expectations.
Eligible Unitrends devices will be FIPS 140-3 compliant when enabling the FIPS mode on the device.
For more information on the security standards, refer to: FIPS 140-3: Understanding the new security standard.
FIPS certificates
When FIPS mode is enabled, Unitrends confirms the device and encrypted backups conform to the Safelogic CryptoComply - Certificate #5196.
FIPS-compliant agents
These specific Unitrends agent versions are required to support FIPS:
- Windows agent version 10.9.7-1 or higher.
- Linux agent version 10.9.7-1 or higher.
Learn how to find which version of the Unitrends agent is installed on your protected assets.
Hardware
All Unitrends Generation 10 hardware supports FIPS mode.
NOTE If a device is not imaged with the FIPS image, it needs to be re-imaged using the FIPS image found on our website.
NOTE Some restored data is provided over a secure channel to the user in unencrypted form.
Organizations are responsible for handling restored data with appropriate security controls consistent with FIPS requirements.
To ensure compliance, follow the Unitrends FIPS Validation Matrix.
Operating systems
Unitrends supports FIPS mode for the following operating systems and restore levels.
| Operating System | File-level Restore | Image-level Restore ** |
|---|---|---|
| Windows Server 2019, 2022 (x64) | ✔ | ✔ |
| Windows 10, 11 (x64) | ✔ | ✔ |
| Hyper-V* 2019, 2022 (x64) | ✔ | ✔ |
| Ubuntu 22.04 LTS (x64) | ✔ | ✖ |
| RHEL 9.x (x64) | ✔ | ✖ |
| AlmaLinux 9 (x64) | ✔ | ✖ |
* - Host-level protection of Hyper-V is achieved through the Unitrends Windows agent. Hyper-V guest backups are considered agentless.
** - Image-level restores are only supported through the UI.
Unitrends FIPS validation matrix
| Backup | Recovery | |
|---|---|---|
| File-level - Windows | ✔ | ✔ |
| File-level - Linux | ✔ | ✔ |
| Image-level - Windows | ✔ | ✔* |
| Windows UBMR - File-level | -- | ✔ |
| Windows UBMR - Image-based | -- | ✔ |
| Host-level | ||
| VMware (ESXi versions 8.0 and higher) | ✔ |
✔ |
| Hyper-V | ✔ | ✔ |
| Nutanix | Supported via Unitrends Agents |
Supported via Unitrends Agents |
| Applications | ||
| Exchange 2016 | ✔ | ✔** |
| SQL 2019 and 2022 | ✔ | ✔** |
| SharePoint | ✖ | ✖ |
| Oracle | ✖ | ✖ |
| NAS | ||
| CIFS/SMB | ✖ | ✖ |
| NFS | ✖ | ✖ |
| NDMP | ✖ | ✖ |
| Backup copies | ||
| To Unitrends on-premises | ✔ | ✔ |
| To Unitrends Cloud | Evaluating | Evaluating |
| To Cloud storage (AWS, GCP, Azure, etc) | ✔ | ✔ |
| To HDD | ✔ | ✔ |
| To Tape | ✔ | ✔ |
| To NAS | ✖ | ✖ |
* - On-appliance selective file restore (without SMB share) or full-image restore only.
** - File-level recovery via SMB mounts is not supported.
Limitations
The following features are not currently FIPS validated:
- iSCSI connections
- iSCSI shares
- Volume Restores
- iSCSI rollback
- Hosted NAS shares
- External NAS share backup
- File Level Recovery (FLR) on Samba
- Hypervisor connections (VMware and Nutanix)
Questions and answers
Can I make existing non-FIPS backups into FIPS backups?
No. Currently, Unitrends only supports FIPS mode for new backups.
Once I move to FIPS mode, can I go back to non-FIPS?
No. Non-FIPS is not available once FIPS mode is in place.
