Core FTP client supports HIPAA compliant security via SSL, TLS or SSH/SFTP with at least a 128-bit secure connection.
How to make sure your connection is HIPAA
compliant:
In your site profile, select your secure options appropriately:
For SSL/TLS (options will be different for various types of SSL/TLS connections):
For SSH/SFTP:
Once you have connected to your remote secure FTP server, the following steps can be used to verify if your connection is secure:
Verification #1:
In the lower right hand corner of Core FTP, the secure icon will appear to show that a secure connection has been established.
If this secure icon is not displayed, a secure connection has not been established and you are not HIPAA compliant.
Most HIPAA compliant FTP servers will not allow anything except a secure connection, so this is often not an issue.
Verification #2:
Verify connection in the log:
For SSL/TLS:
AUTH SSL
234 AUTH SSL successful
TLSv1, cipher TLSv1/SSLv3 (EDH-RSA-DES-CBC3-SHA) - 168 bit
For SSH/SFTP:
Initialized AES-256 client->server encryption
Initialized AES-256 server->client encryption
Access granted
You will rarely ever see an SSL/TLS connection connect below 128 bits.
With SSH/SFTP, you should never see a connection via SSH2 lower than 128 bits.
The log information is for your reassurance only. If you see the secure icon displayed in the lower right corner, there is no need to worry if you cannot find the security bit count in the log.
HIPAA