Encryption

Encryption is enforced by default for all sensitive data both in-transit and in-rest.

All data stored on the server side is encrypted using the Advanced Encryption Standard (AES) 256-bit key and kept in the Nintex database. Encryption is done on the client side only, so data is transmitted encrypted.

No data is stored on the client side: once a Discovery Robot is finished recording and the session ends, all sensitive data is cleared (unless “Standalone mode” is enabled)

• The encryption mechanism and key length for all encryption processes used within this product, including data in transit, data at rest (stored within the application), and any special storage (such as passwords), are as follows:

  • AES-256

  • SHA-256

• When the product communicates with itself, a client system, or another third- party system, the encryption options available to facilitate the communication in a secure manner are as follows:

  • HTTPS

  • TLS1.2

• Passwords are stored in a non-reversible format, SHA-256 or better

• RSA is used to encrypt/decrypt messages over the network using asymmetric keys.

• See Credentials Vault for details regarding the encryption methodology used by the Nintex Credentials Vault.

FIPS compliance

The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB140-2), is a U.S. government computer security standard used to approve cryptographic modules.

All encryption methods used by Nintex, both client and server-side, are FIPS compliant.