Hello,

Recently in my company's infrastructure we have found the need to meet FIPS 140-2 compliance standards. We are currently using Nagios for monitoring which is far from adequate and is not compliant. I wanted to know whether or not PRTG meets these standards. I know Nagios was using plain text for monitoring and I want to find a better solution, and I have used PRTG before and was considering it. Can anyone answer this? I believe off the top of my head it requires all data to be encrypted at 128-bit or better, must not use the RC4 cipher or SSLv3.

Article Comments

Hi Josh,

We are constantly improving the security of PRTG and we are implementing technologies, which allow a secure monitoring. If those protocols are supported by the target devices, PRTG will also be able to encrypt the communication.

The webserver of PRTG already allows only 'state-of-the-art' encryption (new TLS protocols, newest Ciphers). PRTG is also checked by third party service providers who perform regular penetration tests. We of course want to protect our customer's data, but we do not intent to get a certification.

Best regards, Felix


Sep, 2015 - Permalink

Does that mean that PRTG is not FIPS 140-2 compliant? If that is the case, how can it be accepted by government organizations that are requiring FIPS 140.2?


Dec, 2015 - Permalink

Hello,

As mentioned before, PRTG already complies with many specifications of the FIPS 140.2 certification, but currently there are no plans to get PRTG Network Monitor certified, sorry.

Kindly follow this link to see which security features PRTG offers.

Best regards, Felix


Dec, 2015 - Permalink