FIPS 140-3 compliant cryptographic communication for agents and client applications (Remote Desktop, mobile application) will be supported for SaaS customers from November 2025 (v10.23). It will be extended to on-premises customers in a later release (this article will be updated when the release details are confirmed).
VSA 9
VSA 9 achieved FIPS 140-2 certification for cryptographic communication in December 2021, with a sunset date of September 21st, 2025.
FIPS 140-3 supersedes FIPS 140-2 with updated security requirements, international alignment, testing procedures, and the underlying standards they reference. FIPS 140-2 is being phased out with full sunset by September 2026.
After September 21st, 2026, FIPS certification for VSA 9 will be classified as historic, meaning that:
It will no longer be considered valid for new deployments or government procurements that require current FIPS validation.
For existing government customers, continued use of the product may still be permitted at the discretion of the agency's Authorizing Official (AO), considering the environment remains unchanged. However, this status introduces compliance risk during contract renewals, program reauthorizations (e.g., FedRAMP, FISMA, CMMC Level 2), or if system changes trigger a reassessment.
Development is currently in progress to update VSA 9 to FIPS 140-3 by September 2026.
