I am excited to announce that we have successfully completed the FIPS 140-2 validation process for BIG-IP version 15.1.
The requirements for FIPS 140-2 validation are stringent, and passing validation often presents several technical challenges. These issues were compounded by the effects of the pandemic, which have prolonged the time taken to reach validation levels. However, our teams worked diligently to overcome these barriers to ultimately ensure that our customers have a safe and secure platform.
“At F5, we have a long and distinguished history of providing the U.S. public sector and other customers in highly regulated industries with solutions to help them operate and stay compliant,” said Joe Scherer, VP Americas FSE at F5. “With version 15.1, we have once again demonstrated our commitment to providing our customers with the highest level of security and compliance.”
This commitment is not new; we have an established track record of delivering validated software and platforms, due to our robust approach to developing secure software. This is something we are proud of, and it enables us to make sure that customers are provided with industry-leading capabilities.
We are now in the process of working towards FIPS 140-3 validation for BIG-IP version 16.1. This is the next step in continuing to provide our customers with the highest level of security and compliance.
FIPS 140-3 is an evolution of FIPS 140-2 and is the latest standard for cryptographic module security. It brings with it several benefits, including increased flexibility and scalability, improved security, and better alignment with international standards. This provides more flexibility and scalability than the previous standard, allowing vendors to tailor their products to specific customer needs.
FIPS 140-3 also introduces new security requirements, such as the need for a cryptographic module to use a secure boot process to ensure that only trusted software is loaded onto the module. It also requires that cryptographic modules use secure firmware updates, and that the module’s software and firmware be digitally signed to ensure that only trusted software is running on the module. While these are new requirements for FIPS 140, this is similar to something F5 has been doing with our iSeries appliances and our Trusted Platform Module (TPM) since version 14.1, putting us in a great position for future validation efforts.
Finally, FIPS 140-3 better aligns with international standards, such as ISO/IEC 19790, which allows products to be more easily certified for use in different countries. This allows F5 customer systems to be more easily secured and compliant across a variety of industries outside of the U.S. public sector.
“We are delighted to reach this milestone and reaffirm our commitment to secure development,” Scherer continued. “We look forward to meeting the challenges of the upcoming FIPS 140-3 validation and maintain our leadership in the technology security space.”
To learn more, see the following resources:
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...