What is FIPS?

FIPS (Federal Information Processing Standards) refers to a set of rules on how cryptographic modules are implemented and applied to any part of a system utilizing cryptographic functions.

Most large organizations have compliance obligations around FIPS. These include customers in the U.S. Government, but many businesses consider FIPS a best practice that helps them meet other regulatory requirements and industry best practices. 

FIPS compliant vs. FIPS certified/validated: What’s the difference?

There are two levels of FIPS adherence; FIPS compliant and FIPS certified/validated.

  • FIPS compliant is a self-certification. Meaning the vendor indicates they are adhering to the standards. 
  • FIPS certified/validated means the product has been tested at a national lab and audited to confirm it adheres to FIPS standards. 

Solo.io has taken the time to validate and certify our FIPS 140-2 compliance (certificate 4257), confirming our commitment to supporting the FIPS 140-2 standard for our customers.

The following Solo.io products are FIPS-certified in the form provided by Solo:

  • Istio long-term support images (except ARM images)
  • Gloo Edge
  • Gloo Mesh 
  • Gloo Gateway

Our ethos is security first.

We take security seriously. 

There are also security requirements that extend beyond just technology. For products and implementations, FIPS validation can be achieved by submitting a cryptographic module for review and testing to a CMVP lab

 

Why choose Solo.io for FIPS-ready service meshes and API gateways?

Solo.io’s Gloo Mesh and Gloo Gateway deliver secure service meshes and API gateways by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy are unable to meet FIPS requirements. Encryption alone isn’t enough, and if you use purely open source you inherit the burden of developing and maintaining missing security features.

Solo.io provides enterprise distributions of Istio through our Gloo Mesh product.

The enterprise distribution comes with:

  • enterprise SLAs
  •  long-term support (LTS for N-4 which is typically 15 months of Istio releases)
  • expert guidance and architecture reviews

Solo.io provides a hardened FIPS 140-2 validated version of Istio service mesh. This supports compliant builds of both Istio’s control plane and data plane (Envoy Proxy).

Get a FIPS-ready build of Istio

The quickest way to get started with FIPS Istio is to use one of our supported builds. Both the control plane AND the data plane are validated and certified as FIPS compliant.

Comprehensively secure all connections

Establish a zero trust environment where every inbound connection is validated before being allowed. Integrate with your existing external authentication and authorization servers. Use mTLS encryption to protect data-in-motion on all connections.

istioctl install
—set hub gcr.io/istio-enterprise
—set tag 1.7.5-fips2-distroless

Limit access to resources

Use granular role-based access controls and delegation to limit which clients and administrators have permissions to applications, resources, and management tools.

Dive deep into FIPS security for Istio

Learn about our FIPS 140-2 validated and certified version of Istio service mesh with enterprise SLAs, long-term support, and expert guidance

Application networking is a team sport

While not strictly a security feature, one important consideration is the availability of enterprise support and defined service-level agreements (SLAs) for response. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues and when a CVE (common vulnerabilities and exposures) incident is discovered, it is reassuring to know that someone can quickly patch your code and even backport the fix to older versions if you haven’t kept up with the rapid pace of new releases.

application-networking
Pi in the Sky: Onboarding Edge Workloads Into the Service Mesh with Istio Ambient
Read More
Blog
Choosing the Right Routing in Cilium
Read More
Blog
AWS Workshop: Learn to Secure and Manage Your Application Network with Gloo
Read More
Blog
Running Istio Ambient Mesh With Any CNI
Read More
Blog
3 Trends to Watch at KubeCon + CloudNativeCon Europe
Read More
Blog
Istio: The Past, Present and Future of the Project and Community
Read More
Blog