Why does this exist?
Summary to be written.
In short, US DoD Defense Contractors who have the requirements to implement NIST SP 800-171 on their Covered Contractor Information Systems must use FIPS 140 Validated Cryptography when protecting the confidentiality of Controlled Unclassified Information (CUI). Many Applications break when such cryptography is enforced, and many vendors charge a surcharge or hide this cryptography under a premium license.
Applications that break while utilizing FIPS
Vendors listed here have programs/products that break in significant manners when FIPS cryptography is enabled on a host machine.
| Vendor | Base Pricing | Source | Date Updated |
|---|---|---|---|
| AutoDesk | Breaks in FIPS Mode | 🔗 | 2024-10-30 |
| ReadMe | $99 per project/mo | 🔗 | 2020-10-30 |
Vendors that charge a premium for FIPS
Some vendors simply do not list their pricing for FIPS because the pricing is negotiated with an account manager. These vendors get their own table as we assume they apply a significant premium for FIPS.
| Vendor | Base Pricing | FIPS Pricing | % Increase | Source | Date Updated |
|---|
FAQs
This doesn’t scale linearly for number of seats!
Correct. Since we don’t know who’s reading the page, it’s easiest to just assume a team with no volume discount.
How is base pricing determined?
We disregard free tier pricing, as we can assume these aren’t intended for long term business customer use. We also disregard “single person” pricing, under the assumption that we’re looking on behalf of a team of 5, 10, or more people.
What does “Quote” mean in the Source column?
If a vendor doesn’t list pricing but a user has submitted pricing based on a quote, it can be included here. If a vendor feels that their actual pricing is inaccurately reflected by this quote, feel free to let me know and I’ll update the page.
I’m a vendor and this data is wrong!
Please feel free to submit a PR to this page, or reach out at sso @ myGitHubUsername dotcom. I only want this data to be accurate.
I’m a vendor and this doesn’t reflect the value-add of our Enterprise tier!
That’s the point. Decouple your security features from your value-added services. They should be priced separately.
But it costs money to get FIPS Validation, so we can’t offer it for free!
TBD