BLOG

Embracing Security with the New FIPS-Ready F5 rSeries

Matt Shaw Miniatur
Matt Shaw
Published June 01, 2023

As IT environments continue to grow more complex in the modern digital landscape, ensuring the security and reliability of applications is paramount. Organizations, particularly those handling sensitive data or operating in regulated industries, need robust solutions that meet stringent security standards. The FIPS-ready F5 rSeries r5920-DF and r10920-DF empower organizations with compliant and secure application delivery.

Understanding FIPS Compliance

The Federal Information Processing Standards (FIPS) consist of a set of guidance and requirements published by the National Institute of Standards and Technology (NIST), a part of the U.S. Department of Commerce. These standards describe document processing, encryption algorithms, and other information technology standards for adoption and use in non-military government agencies and by government contractors and vendors who work with relevant agencies. In particular, the FIPS 140-2 standard is a U.S. government computer security standard that specifies the security requirements for cryptographic modules.

What we are describing as “FIPS-ready” is hardware that is currently being tested by an independent accredited laboratory that submits results to the NIST Cryptographic Module Validation Program (CMVP) to receive final certification. The r5920-DF and r10920-DF ship with a Marvell NITROX III CNN35XX-NFBE HSM pre-installed for cryptographic key storage, similar to previous generation F5 ADCs with the same HSM model. (See the *note below for more information.)

The F5 rSeries r5920-DF and r10920-DF

The new r5920-DF and r10920-DF appliances are FIPS-ready, underscoring F5’s commitment to providing secure, robust, and reliable solutions. These powerful platforms deliver top-tier application services while meeting stringent security standards. This approach allows organizations to ensure that their critical data and applications are secure, performing optimally, and available at all times.

Secure Encryption: FIPS-compliant algorithms and the Marvell NITROX III CNN35XX-NFBE HSM implemented within the F5 rSeries ensure the confidentiality and integrity of sensitive data. This is particularly crucial when handling classified or regulated information, such as personally identifiable information (PII) or financial data.

Trusted Authentication: FIPS compliance requires robust authentication mechanisms, such as strong multifactor authentication and secure key management. The r5920-DF and r10920-DF enable organizations to enforce stringent access controls, ensuring that only authorized individuals can interact with applications and services.

Regulatory Compliance: Many industries and government agencies have specific regulatory requirements, such as HIPAA (Health Insurance Portability and Accountability Act) in healthcare or PCI DSS (Payment Card Industry Data Security Standard) in the financial sector. The FIPS-ready r5920-DF and r10920-DF help organizations meet these regulations and demonstrate adherence to industry best practices.

Advanced Threat Protection: F5’s rSeries provides the highest reliability, security, and access control for your critical applications with advanced network and application protections and mitigates attacks across your threat landscape.

Scalability and Performance: Beyond its remarkable security features, the F5 rSeries shines in scalability and performance. Its highly efficient architecture can handle high volumes of traffic while ensuring optimal application performance and scalability through more FPGAs and ECC ciphers, increased CPU utilization, and a multi-tenancy architecture to consolidate application services on one platform. With F5 rSeries, you can plan for future performance needs today and then scale to meet your capacity requirements as they grow.

Whether it’s a government agency, a contractor, or a private sector business handling sensitive data, the F5 rSeries offers a cutting-edge solution that can keep up with evolving security needs and performance demands. This blend of security and scalability makes the F5 rSeries r5920-DF and r10920-DF a remarkable choice in today’s ever-expanding digital landscape while reinforcing F5’s commitment to delivering high-performance, scalable, and secure ADCs.

Helpful Resources

*Note: While the Marvell NITROX III CNN35XX-NFBE HSM model, as a hardware unit, has previously been FIPS Validated, the latest version that will be installed will be v2.08-12, which is currently “FIPS In-Process,” described by CMVP here.

The Marvell NITROX III CNN35XX-NFBE HSM with firmware version 2.08-12 has been tested, and the results were submitted to NIST in early 2022. The results have been in the “Coordination” stage since May 10, 2022. The “Coordination” stage means that the results are pending review by NIST CMVP before a Validation certificate can be issued.

Due to lengthy delays at NIST CMVP, F5, and Marvell cannot guarantee a timeframe for when a Validation certificate will be received. However, we can attest that an independent laboratory has successfully tested the HSM, and the results have been submitted to NIST for review.

Further, please note that as the module progresses at NIST, Marvell may update the firmware version to receive the final Validation certificate. In the future, an upgrade may be required to the firmware on HSMs to use the final validated version.