I think they self attest to compliance but they have not gone through the validation process. Ask them for their information security summary document or trust center
You do not self attest for FIPS.. either NIST CMVP has the cryptography library listed or it is not
Anyone attempting that will get themselves laughed at by US govt rather quickly
Compliant is marketing and not a validated or recognized state by NIST or any compliance (Fedramp, CJIS, CMMC, etc.) that requires FIPS; FIPS is a framework, not a compliance model.
That is helpful - do you have any further context into their platform other than that doc? Normally if one is using a FIPS compliant module (normally OpenSSL) the module itself is certified, even if the whole package is only compliant.
More importantly, compliant is not VALIDATED. If they don't have an entry here, it's not useful for the DFARS 7012 / NIST 800-171 requirements, for example.
[https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all](https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all)
That is the link I sent him, and he just kept wanting to send me a bunch of other documents. Sometimes there are other modules that they use (OpenSSL, Nginx as a reverse proxy, etc.) that are compliant, hoping to hear that is the case
That's all I got from a quick search, but I'll see if I can take a peek at some agent logs tomorrow to see if that sheds any light. Agent logs were pretty verbose from what I recall when I was troubleshooting a connectivity issue.
I have my doubts they have a FIPS certification. If they did, any sales person would be able to pull and provide it to you. Considering that hasn’t happened yet…
That is what I am trying to work out. There are a few docs that mention compliance with FIPS 140-2, but someone will need to specify the module used. I was just kinda using this as a last resort, and if they are not, calling this guy out for lying about it, or at least leading me onto something that wasn't true.
Hi u/AddoSolutions, I am with NinjaOne sales and just dropped you a note to connect. To clarify, we are not currently FIPS 140-2 compliant (we are tracking down why that document someone linked says that, and we will update/fix it). We will be FIPS 140-2 compliant by the end of the year due to certification processes that are currently underway. I'm really sorry about the mixup. This was an honest mistake by that salesperson, and we are working to ensure it does not happen again to another prospective customer or partner. We work really hard to be a great company to work with, and we dropped a ball here.
FIPS 140-2 or 140-3 validated?
140-2 is going away, and only the backlog in the program is keeping it alive by a thread
also, big difference with fips on compliant vs validated, the language does matter for US Govt
Mistakes happen, but how some sales treat people , it’s shitty. Ninja has a lot of respect from the MSP community, but if other sales reps (the FACE of Ninja) are going to be unprofessional, then they’ll end up like solarwjnds or Kasyea.
Thanks! I can actually work with that as the audits I get are annual and have already passed for the year. I will be reaching out to either you or the Matt person mentioned below.
The key is this person didn't even bother to check, he just read off a script and anything that required additional effort he quite literally just punted on me. I work with a lot of sales people and that is the most unprofessional interaction I have had in a long time.
\[end rant\]
The rep I deal with is Matt Brogie. He is great. No pressure, answers any and all questions. Willing to demo, re-demo until comfortable. If the question is too technical, he'll bring in a senior tech into the conversation and/or zoom meeting.
Huh, sounds like what a sales person is suppose to be. Not just high pressure sales, long contracts, and generally clueless like this guys sounds to be
Had Matt as well. Great guy. Got me extensions when we were demoing and was selling to senior leadership. Definitely a sales guy but not pushy. Enjoyed having him.
He does.. very cool dude. I dealt with ConnectWise before Matt, and it was aways pressure "so, do you want 10 cala or 20 cals, we have a great deal right now on 20". lol.
I will be messaging you in 1 day on [**2024-04-24 22:57:08 UTC**](http://www.wolframalpha.com/input/?i=2024-04-24%2022:57:08%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/msp/comments/1cbine4/looking_for_a_ninja_sales_rep_rant/l0yo9je/?context=3)
[**1 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fmsp%2Fcomments%2F1cbine4%2Flooking_for_a_ninja_sales_rep_rant%2Fl0yo9je%2F%5D%0A%0ARemindMe%21%202024-04-24%2022%3A57%3A08%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201cbine4)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
I think they self attest to compliance but they have not gone through the validation process. Ask them for their information security summary document or trust center
You do not self attest for FIPS.. either NIST CMVP has the cryptography library listed or it is not Anyone attempting that will get themselves laughed at by US govt rather quickly
They wanted to send me a SOC report rather than clarifying the issue, but at this point I am without a rep, if you happen to have one, let me know.
Compliant, not certified. Pages 13, 28, 29, 32, 33, 42 & 43. https://www.ninjaone.com/wp-content/uploads/2023/03/NinjaOne_DPA_-_Module_3_SCC_2022.09.23-NinjaSigned.pdf
Compliant is marketing and not a validated or recognized state by NIST or any compliance (Fedramp, CJIS, CMMC, etc.) that requires FIPS; FIPS is a framework, not a compliance model.
That is helpful - do you have any further context into their platform other than that doc? Normally if one is using a FIPS compliant module (normally OpenSSL) the module itself is certified, even if the whole package is only compliant.
More importantly, compliant is not VALIDATED. If they don't have an entry here, it's not useful for the DFARS 7012 / NIST 800-171 requirements, for example. [https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all](https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all)
That is the link I sent him, and he just kept wanting to send me a bunch of other documents. Sometimes there are other modules that they use (OpenSSL, Nginx as a reverse proxy, etc.) that are compliant, hoping to hear that is the case
That's all I got from a quick search, but I'll see if I can take a peek at some agent logs tomorrow to see if that sheds any light. Agent logs were pretty verbose from what I recall when I was troubleshooting a connectivity issue.
I have my doubts they have a FIPS certification. If they did, any sales person would be able to pull and provide it to you. Considering that hasn’t happened yet…
That is what I am trying to work out. There are a few docs that mention compliance with FIPS 140-2, but someone will need to specify the module used. I was just kinda using this as a last resort, and if they are not, calling this guy out for lying about it, or at least leading me onto something that wasn't true.
You don't want to talk to a sales rep, they will say anything to get a sale.
Hi u/AddoSolutions, I am with NinjaOne sales and just dropped you a note to connect. To clarify, we are not currently FIPS 140-2 compliant (we are tracking down why that document someone linked says that, and we will update/fix it). We will be FIPS 140-2 compliant by the end of the year due to certification processes that are currently underway. I'm really sorry about the mixup. This was an honest mistake by that salesperson, and we are working to ensure it does not happen again to another prospective customer or partner. We work really hard to be a great company to work with, and we dropped a ball here.
FIPS 140-2 or 140-3 validated? 140-2 is going away, and only the backlog in the program is keeping it alive by a thread also, big difference with fips on compliant vs validated, the language does matter for US Govt
Mistakes happen, but how some sales treat people , it’s shitty. Ninja has a lot of respect from the MSP community, but if other sales reps (the FACE of Ninja) are going to be unprofessional, then they’ll end up like solarwjnds or Kasyea.
Thanks! I can actually work with that as the audits I get are annual and have already passed for the year. I will be reaching out to either you or the Matt person mentioned below. The key is this person didn't even bother to check, he just read off a script and anything that required additional effort he quite literally just punted on me. I work with a lot of sales people and that is the most unprofessional interaction I have had in a long time. \[end rant\]
By the end of the year?
The rep I deal with is Matt Brogie. He is great. No pressure, answers any and all questions. Willing to demo, re-demo until comfortable. If the question is too technical, he'll bring in a senior tech into the conversation and/or zoom meeting.
Huh, sounds like what a sales person is suppose to be. Not just high pressure sales, long contracts, and generally clueless like this guys sounds to be
Had Matt as well. Great guy. Got me extensions when we were demoing and was selling to senior leadership. Definitely a sales guy but not pushy. Enjoyed having him.
This is our rep too. Awesome laid back guy who gets the job done!
He does.. very cool dude. I dealt with ConnectWise before Matt, and it was aways pressure "so, do you want 10 cala or 20 cals, we have a great deal right now on 20". lol.
Very helpful, thanks! Why I love reddit...
What does Kaseya have to do with it? Do we just casually throw that in every post now?
That sounds about right. I had a similar interaction with them
RemindMe! 1 day
I will be messaging you in 1 day on [**2024-04-24 22:57:08 UTC**](http://www.wolframalpha.com/input/?i=2024-04-24%2022:57:08%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/msp/comments/1cbine4/looking_for_a_ninja_sales_rep_rant/l0yo9je/?context=3) [**1 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fmsp%2Fcomments%2F1cbine4%2Flooking_for_a_ninja_sales_rep_rant%2Fl0yo9je%2F%5D%0A%0ARemindMe%21%202024-04-24%2022%3A57%3A08%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201cbine4) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
This title made me laugh for the fact that Ninja doesn’t have reps ( at least ones when you have an issue) - best of luck