What is FIPS?
FIPS (Federal Information Processing Standards) refers to a set of rules on how cryptographic modules are implemented and applied to any part of a system utilizing cryptographic functions.
Most large organizations have compliance obligations around FIPS. These include customers in the U.S. Government, but many businesses consider FIPS a best practice that helps them meet other regulatory requirements and industry best practices.
Our ethos is security first.
We take security seriously.
There are also security requirements that extend beyond just technology. For products and implementations, FIPS validation can be achieved by submitting a cryptographic module for review and testing to a CMVP lab.
Key Features
- 140-2 FIPS Certified by NIST Approved Laboratory
Solo.io products and Istio builds include FIPS-validated cryptographic modules that have gone through the FIPS certification process. FIPS 140-3 certification for Solo products is currently in progress with CMVP.
- Vulnerability (CVEs) addressed within FedRAMP 800-53 controls
Solo works with customers to ensure that vulnerabilities are evaluated and addressed within FedRAMP required guidelines.
- Long-Term Support for Istio releases
Upstream Istio security and release support extends to n - 1.5 releases.. Solo provides support and security patches for n - 4 releases.
- FIPS Compliant Istio ARM Images
Save money using ARM images from the cloud vendors while maintaining FIPS compliance.
- Expertise in FedRAMP Process
The Solo.io team has helped multiple vendors ensure their FedRAMP auditors that the Gloo service mesh and API gateways embedded in their products are FedRAMP compliant.
FIPS compliant vs. FIPS certified/validated: What’s the difference?There are two levels of FIPS adherence; FIPS compliant and FIPS certified/validated.
- FIPS compliant is a self-certification. Meaning the vendor indicates they are adhering to the standards.
- FIPS certified/validated means the cryptographic modules used in product have been tested at a national lab and audited to confirm it adheres to FIPS standards..
Why choose Solo.io for FIPS-ready service meshes and API gateways?
Solo.io’s Gloo Mesh and Gloo Gateway deliver secure service meshes and API gateways by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy are unable to meet FIPS requirements. Encryption alone isn’t enough, and if you use purely open source you inherit the burden of developing and maintaining missing security features.
Solo.io provides enterprise distributions of Istio through our Gloo Mesh product.
The enterprise distribution comes with:
- Enterprise SLAs
- Long-term support (LTS for N-4)
- Expert guidance and architecture reviews
Solo.io provides a hardened FIPS 140-2 validated version of Istio service mesh. This supports compliant builds of both Istio’s control plane and data plane (Envoy Proxy).
Get in touch with our team to learn more.
