Security Bulletin – Clarity SFTP Service Vulnerability & Remediation

Rego is dedicated to protecting and securing your data stored in Clarity, hosted by Rego on Amazon Web Services.  Rego abides by the security frameworks published by NIST, AWS, and other organizations to ensure we meet our legal and contractual obligations with all of our customers. As part of this commitment, we routinely evaluate security threats and remediate issues as necessary.

Rego plans to update the AWS SFTP security policy by removing deprecated weak security ciphers by August 17th, 2024 in the Canada region and on September 21st, 2024 for the USA region. For connections to the Clarity SFTP site, cryptographic algorithms will be restricted to the list below.

** Immediate attention is required if you are using a weak cipher not included in the list below. In such cases, please collaborate with your Information Security team and SFTP client vendor to update your SFTP client connection to a supported cryptographic algorithm. If you have any additional questions please contact our support team. **

Please note that there is a single SFTP service which is common for all environments. Hence when the change implemented, it will apply to all environments at the same time.  We have thus set up a test SFTP server with the updated security policy implemented, so that you can test new SFTP connectivity and functionality.