Federal Information Processing Standards (FIPS) are mandated under US Public Law (100-235 and 104-106).
The Federal Information Security Management Act of 2002 eliminated any agencies ability to waive mandatory Federal Information Processing Standards.
Department of Defense National Security Telecommunications Information Systems Security Policy (NSTISSP) # 11 is acquisition policy that must be complied with prior to the purchase of information technology (IT) for DoD. NSTISSP #11 mandated FIPS 140-2 for all systems that encrypt DoD information.
FIPS 140-2 is the mandatory standards associated with encryption of unclassified information. There are three basic approaches to achieving compliance with FIPS 140-2, all require the use of a National Institute of Standards and Technology (NIST) certified encryption module. FIPS 140-2 Level 1 can be achieved by incorporating a software based certified encryption module. FIPS 104-2 Level 2 can be achieved by incorporating a hardware based certified encryption module. FIPS 140-2 Level 2 can also be achieved by integration with a networked hardware based certified encryption module.
For Further Information
Please contact our government sales team at:
Load Balancers/Application Delivery Controllers include functionality for encryption of data in motion. This function is often referred to as Secure Socket Layer (SSL) or Transport Layer Security (TLS) and is also mandated to protect sensitive DoD information. SSL/TLS must use only FIPS 140-2 compliant cryptography to meet the mandates in the above references.
KEMP Technologies is fully aware of these federal mandates and public laws and has incorporated a FIPS 140-2 certified software encryption module into our core operating system and made it available to all our LoadMaster application delivery controllers/load balancers. (OpenSSL FIPS Object Module certificate # 1747.)
KEMP also understands that some customers require additional protection above that which is mandatory and we have incorporated FIPS 140-2 certified hardware security modules (HSMs) into select KEMP Hardware LoadMasters. (Cavium certificate # 2316).
KEMP has enabled all our LoadMasters to interface with FIPS 140-2 certified network-based HSMs to add additional protection for the private keys used in FIPS 140-2 encryption processes. The associated FIPS certificates for these solutions are held by the networked HSM vendors.
In summary, all KEMP LoadMasters (physical, virtual, cloud, multitenant, and bare metal) incorporate NIST certified FIPS 140-2 encryption.