F5 NGINX Offer FIPS-Ready Application Delivery on Red Hat Enterprise Linux in AWS Marketplace

FIPS are standards and guidelines issued by the U.S. National Institute of Standards and Technology (NIST) for federal computer systems. The core purpose of FIPS, particularly FIPS 140-2 and the newer FIPS 140-3, is to ensure that cryptographic modules—the components that handle encryption and decryption—meet stringent security requirements. This is vital for protecting sensitive but unclassified information, from citizen data to internal government communications. 

In addition, U.S. federal government agencies, and contractors working with them, must use FIPS-validated cryptographic modules for applications and infrastructure running government systems. Non-compliance can lead to significant risks, including loss of contracts, and the U.S. government has stepped up enforcement of FIPS compliance in recent years. 

FIPS standards also promote interoperability between different systems by ensuring they adhere to common security protocols. FIPS interoperability allows for easier creation of packaged solutions, such as the one described in this blog. Our new Red Hat Enterprise Linux  and NGINX solution leverages encryption efforts by Red Hat’s team on OpenSSL modules and applies them to F5 NGINX Plus images. 

Essentially, FIPS compliance means that a product's cryptographic functions meet the U.S. government's high bar for security, ensuring data is properly protected. Applications running on FIPS-compliant platforms present a hardened target that both discourages attackers and protects users and systems. 

Our new marketplace offering is a complete package that includes NGINX Plus on Red Hat Enterprise Linux. It significantly simplifies FIPS compliance for applications, APIs, and AI running in the cloud through the following features: 

• Leveraging FIPS-validated cryptography. Red Hat Enterprise Linux has already achieved FIPS 140-2/3 certification for its cryptographic modules, and our new package bundles this with F5 NGINX Plus. A key component is its OpenSSL library, which provides fundamental cryptographic functions like encryption, decryption, and hashing. 
• Direct use of FIPS-validated OpenSSL. Within this integrated package, NGINX Plus is specifically configured to utilize the FIPS-validated OpenSSL cryptographic libraries provided by the Red Hat Enterprise Linux operating system. This means that when NGINX Plus performs cryptographic operations (like handling HTTPS traffic), it relies directly on these Red Hat Enterprise Linux -provided modules that have already undergone rigorous FIPS validation. This ensures that the cryptographic functions handled by NGINX Plus operate in accordance with FIPS requirements. 
• Out-of-the-box compliance. Customers receive a pre-configured package where FIPS is already enabled within the Red Hat Enterprise Linux  foundation. This reduces the complex and time-consuming process of sourcing, building, configuring, and validating FIPS-compliant cryptographic modules on their own. 
• Simplified deployment and management on AWS. By providing this integrated package as an "appliance-like" experience available through the AWS Marketplace, we streamline the deployment and ongoing management of NGINX Plus in FIPS-constrained environments. It’s a "drop-in" solution for FIPS environments that can be up and running in minutes, not days or weeks. 
• Continuous compliance and support. One joint package covers OS, crypto modules, and NGINX Plus. Red Hat and F5 ship coordinated patches that keep the entire stack inside its validated boundary, simplifying renewals and reducing operational risk. 

NGINX Plus is the enterprise-grade version of the widely adopted NGINX traffic management solution, designed to deliver advanced capabilities for modern applications. It combines proven performance and scalability with enterprise-focused features. By leveraging NGINX Plus, organizations can ensure high availability, robust security, and deep observability across their application environments. Here’s a closer look at some of the powerful features now available through the new packaged solution on AWS Marketplace. 

NGINX Plus provides robust security through advanced features like JWT authentication, OpenID Connect integration for single sign-on, and support for F5 NGINX App Protect (WAF and DoS protection). The F5 NGINX One AI Assistant enhances the expertise of developers and DevOps teams with configuration and context-aware security suggestions. 

Users gain comprehensive observability with real-time visibility of applications, APIs, and AI, with over 240 extended status metrics via a JSON API. They also get easy integration and export features with third-party dashboard and monitoring tools or with the NGINX One SaaS management console.  

F5. NGINX Plus provides performance, high availability, and resilience through a wide array of load balancing algorithms, a lightweight runtime environment, an efficient data plane, and active health checks to ensure reliability. High availability features include active-active clustering and state sharing. 

The solution also streamlines operational efficiency by simplifying management and reducing administrative overhead with the NGINX Plus API for dynamic configuration of upstream servers and key-value stores without service interruptions. This integrates automatically with the NGINX One SaaS management console to give a single observability, security, and management plane for all NGINX instances.