MOVEit DMZ is used by a wide variety of health care, insurance, financial service and pharmaceutical organizations to satisfy data integrity, auditing and privacy concerns raised by HIPAA, FDIC, OCC, G-L-B Act, California SB 1386, Canadian PIPEDA Payment Card Industry ("PCI"), Sarbanes-Oxley (a.k.a. "SARBOX") and other regulations. Although a particular organization's fitness with regards to major industry-specific federal regulations is usually determined on a site-by-site basis by a dedicated auditing team, the "Privacy/Security/Auditing" guide in this section will help answer some "entry-level" questions regarding MOVEit DMZ's expected conformance.
If you are branch or agency of the U.S. federal government, you may be required to only purchase cryptography which is FIPS 140 validated. MOVEit DMZ meets this requirement with its own FIPS 140-2 validated MOVEit Crypto module, the heart of MOVEit DMZ and MOVEit Central. (MOVEit Crypto has been approved for use with information designated up through the Classified level.)
Certain agencies, vendors or providers may also be required to conform to other federal requirements such as those issued by the Food and Drug Administration ("FDA") or mandated by the Americans with Disabilities Act ("ADA") . As these requirements are frequently NOT the subject of their own audits, the applicable regulations and MOVEit DMZ's compliance statements are detailed in their own sections for easy inclusion into most conformance reports.
If you have a question about compliance with a specific regulation not specified above, please contact Ipswitch MOVEit compliance officer at moveitsales@ipswitch.com.