Areas of non-compliance with FIPS
The following table displays processes used by the Clearswift Gateway that are currently non-compliant with 
FIPS 140-2.
| Area | Description |
|---|---|
| Java Secure Socket Extension (JSSE) | Enables secure Internet communications. |
| Bouncy Castle | Cryptography Java library used for importing (and extracting information from) certificates. |
| SSH | Cryptographic protocol used for secure communication. Uses low level digest APIs and MD5 in password validation. |
| SNMP alerts | SNMP alerts are implemented using an SNMPv1 client. Community strings are passed in plaintext. |
| BATV Bounce Address Tag Validation |
Untagging uses an unapproved low level digest API. |
| Unacceptable Images | Image Classification Content Manager uses an MD5 checksum to determine whether images are acceptable. |
| PMM Mobile | Uses an unsupported mode of AES encryption (ECB). |
| PDFs | Decryption of PDF documents uses MD5. |
| BATV secret key obfuscation | MD5 is used to obfuscate the BATV secret key. |
| Replication between Gateways | The task for replicating commands and data between Gateways validates using MD5 hashes. |
| Peer status monitor | The Peer status task checks for peer status changes using MD5 hashes. |
| TRUSTManager reputation check | Checks requests and responses from an SMTP client using MD5 hashes. |
| User Interface Certificate Management | Generates MD5 hashes for certificate users. |
| Downloading Missing Manager lists | The infrastructure task for downloading lists uses an MD5 hash to check for changes. |
| LDAP Address List Service | Uses MD5 to verify downloaded files. |
| TRUSTManager reputation uploader | Uses an MD5 hash to communicate with TRUSTManager server alongside uploaded file. |
| Upgrade Service | Calculates MD5 hashes for downloaded files, in order to compare them with patch control files. |
| Downloading Managed Lists | Calculates MD5 hashes for comparison of downloaded files. |
| Kaspersky License Updater | Calculates MD5 hashes for comparison of downloaded files. The license updater task also uses unsupported mode of AES encryption (ECB). |
| Service Availability List downloader | Calculates MD5 hash for comparison of downloaded files. |