FIPS Compliance/Security for sensitive apps? : Forums : PythonAnywhere

FIPS Compliance/Security for sensitive apps?

Hi there,

Some friends and I are taking on some contract work and we're thinking of hosting the project on PythonAnywhere. We're currently thinking through FIPS requirements and wondering if there are any issues here.

Does anyone know:

Does PythonAnywhere make any guarantees about FIPS compliance?
Do they specifically not encourage building secure applications on the platform for any reason?
Is the question of FIPS compliance largely orthogonal to PythonAnywhere as a PaaS host, and is really just a concern for us as developers?

Note: I am not asking about advice on how to write the program--those are details we can manage. I just want to know if there's any reason PythonAnywhere wouldn't be a suitable choice for this use case.

iamjameswalters | 2 posts | Oct. 5, 2022, 2:49 a.m. | permalink

We don't make any guarantees about FIPS compliance
We definitely don't discourage building secure apps (see: this help page -- it's mostly about securing the PA account, but has other information, too)
We believe so, but it's not something we're familiar with.

pafk | 2973 posts | PythonAnywhere staff | Oct. 5, 2022, 11:23 a.m. | permalink

Gotcha, that makes sense. I'll keep looking into exactly what FIPS requirements are and which might apply, and I'll follow up with any specific questions. Thanks!

In the meantime, if anyone else happens to have any related insights, please don't hesitate to share them. :-)

iamjameswalters | 2 posts | Oct. 5, 2022, 3:29 p.m. | permalink