Is the Symantec Endpoint Encryption 11.X cryptographic module (Symantec PGP Cryptographic Engine version 4.3) a validated FIPS 140-2 cryptographic module?
Yes, the Symantec PGP Cryptographic Engine version 4.3 is a validated FIPS 140-2 cryptographic module.
Important Note: FIPS Validation for Symantec Encryption products has entered a "Historic" status for SDK version 4.3. As stated in the NIST documentation, FIPS validation is still considered valid and is not considered, "Revoked", "Expired" or "Invalid". The V4.3 SDK is still considered FIPS validated and would remain valid pending the status were to enter a "Revoked" status, in which NIST would no longer recommend using such code.
Symantec Enterprise Division has already been working with NIST to re-validate on newer code (SDK v4.4) and is currently awaiting NIST to complete the validation process and is in its final stages of validation for the new SDK for Encryption Products. A public URL is available to check that this validation is taking place:
In the meantime, all previously-established FIPS validations remain intact and are considered current. For more details on this, please contact Symantec Enterprise Division support.
FIPS 140 details
The Cryptographic Module Validation Program webpage http://csrc.nist.gov/groups/STM/cmvp/index.html has the following description of the importance of FIPS 140-2 to US federal agencies:
FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems. Unvalidated cryptography is viewed by NIST as providing no protection to the information or data - in effect the data would be considered unprotected plaintext. If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated.
The FIPS 140 validation certificate 2377, for Symantec PGP Cryptographic Engine, is posted on the Cryptographic Module Validation Program website at: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2377
To check which Cryptographic engine you are using with Symantec Endpoint Encryption, right-click the "PGPce.dll" file in the "c:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption" folder, and click the "Details" tab to check the "File Version" value. If the value is 4.3 as mentioned above, the client is covered by FIPS validation. The SEE client is always running with the FIPS validated module.
For Symantec Endpoint Encryption 8.2.1 and FIPS validation information, see article HOWTO101701.
For Symantec Encryption Desktop 10.x and Symantec Encryption Management Server 3.x and FIPS validation information, see article https://knowledge.broadcom.com/external/article?articleId=178330.