Encryption

Encryption is enforced by default for all sensitive data both in-transit and in-rest.

All data stored on the server side is encrypted using the Advanced Encryption Standard (AES) 256-bit key and kept in the Nintex database. All decryption is done on the client side only, so data is transmitted encrypted. No data is stored on the client side: once a robot is finished executing the relevant process and the session ends, all sensitive data is cleared.

• The encryption mechanism and key length for all encryption processes used within this product, including data in transit, data at rest (stored within the application), and any special storage (such as passwords), are as follows:

  • AES-256

  • SHA-256

• When the product communicates with itself, a client system, or another third-party system, the encryption options available to facilitate the communication in a secure manner are as follows:

  • HTTPS TLS 1.3

  • Secured Net.TCP

• Passwords are stored in a non-reversible format, SHA-256 or better

• All sensitive configuration data parameters, such as passwords and connection strings, can be encrypted

• The key exchange procedure used is Diffie-Hellman Key Exchange

• See Credentials Vault for details regarding the encryption methodology used by the Nintex Credentials Vault.

FIPS compliance

The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB140-2), is a U.S. government computer security standard used to approve cryptographic modules.

All encryption methods used by Nintex, both client and server-side, are FIPS compliant.