Skip to the content.

Why does this exist?

Summary to be written.

In short, US DoD Defense Contractors who have the requirements to implement NIST SP 800-171 on their Covered Contractor Information Systems must use FIPS 140 Validated Cryptography when protecting the confidentiality of Controlled Unclassified Information (CUI). Many Applications break when such cryptography is enforced, and many vendors charge a surcharge or hide this cryptography under a premium license.

Applications that break while utilizing FIPS

Vendors listed here have programs/products that break in significant manners when FIPS cryptography is enabled on a host machine.

VendorBase PricingSourceDate Updated
AutoDesk Breaks in FIPS Mode 🔗 2024-10-30
ReadMe $99 per project/mo 🔗 2020-10-30

Vendors that charge a premium for FIPS

Some vendors simply do not list their pricing for FIPS because the pricing is negotiated with an account manager. These vendors get their own table as we assume they apply a significant premium for FIPS.

VendorBase PricingFIPS Pricing% IncreaseSourceDate Updated

FAQs

This doesn’t scale linearly for number of seats!

Correct. Since we don’t know who’s reading the page, it’s easiest to just assume a team with no volume discount.

How is base pricing determined?

We disregard free tier pricing, as we can assume these aren’t intended for long term business customer use. We also disregard “single person” pricing, under the assumption that we’re looking on behalf of a team of 5, 10, or more people.

What does “Quote” mean in the Source column?

If a vendor doesn’t list pricing but a user has submitted pricing based on a quote, it can be included here. If a vendor feels that their actual pricing is inaccurately reflected by this quote, feel free to let me know and I’ll update the page.

I’m a vendor and this data is wrong!

Please feel free to submit a PR to this page, or reach out at sso @ myGitHubUsername dotcom. I only want this data to be accurate.

I’m a vendor and this doesn’t reflect the value-add of our Enterprise tier!

That’s the point. Decouple your security features from your value-added services. They should be priced separately.

But it costs money to get FIPS Validation, so we can’t offer it for free!

TBD

Footnotes