VSA FIPS Certification Updates

August 2025 update

Implementation of FIPS 140-3 compliant cryptography is currently in active development.
We expect to achieve certification in Q4 2025 (this article will be updated when the exact date and release details are confirmed).

VSA 9 achieved FIPS 140-2 certification for cryptographic communication in December 2021, with a sunset date of October 15th, 2025.
The 9.5.24 release contains an update enabling a new FIPS 140-2 certificate to be issued with a sunset date of March 8th, 2026.
After March 8th, 2026, FIPS certification for VSA 9 will be classified as historic, meaning that:
- It will no longer be considered valid for new deployments or government procurements that require current FIPS validation.
- For existing government customers, continued use of the product may still be permitted at the discretion of the agency's Authorizing Official (AO), considering the environment remains unchanged. However, this status introduces compliance risk during contract renewals, program reauthorizations (e.g., FedRAMP, FISMA, CMMC Level 2), or if system changes trigger a reassessment.
Customers who require FIPS compliance are recommended to migrate to VSA 10 to benefit from updated FIPS 140-3 compliance from Q4 2025.
FIPS 140-3 supersedes FIPS 140-2 with updated security requirements, international alignment, testing procedures, and the underlying standards they reference. FIPS 140-2 is being phased out with full sunset by September 2026.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.