Stay Tuned!
We’re currently working on an in-depth update about FIPS 140-3 compliance for F5 BIG-IP. Expect new insights and key information soon! Keep an eye on this space for the latest details from our team.
What is FIPS 140-2?
If you’ve done F5® work for the Federal government you’ve probably been exposed to the FIPS 140-2 standard – but F5 FIPS has been gaining traction in the private sector as well. Many financial, healthcare, and banking enterprises have adopted the FIPS standard. That’s because FIPS is a part of PCI compliance for companies that handle credit card data and a major part of the HIPAA guidelines for securing personally identifiable information (PII) and medical data. FIPS 140-2 was designed to create the security requirements and standards around hardware and software cryptographic modules. F5 BIG-IP® (being the leader in application delivery and web security) – has a wide range of support for FIPS compliance. But before we get into the list of F5 platforms and software that support FIPS, let’s make sure we understand…
What exactly is a cryptographic module and what are we encrypting?
Cryptographic modules are comprised of the hardware, software, and firmware performing cryptographic services. Cryptographic services are defined by the FIPS 140-2 standards as: encryption, authentication, digital signature, and key management provided by the cryptographic module. When working with an F5 BIG-IP a large part of the crypto services you’ll be working with are comprised of SSL certificates and keys a.k.a. “terminating SSL” for web traffic – i.e. HTTPS. But SSL isn’t limited to web traffic, you can encrypt just about any data stream – for example SMTP and LDAP can both use SSL/TLS.
Some background on FIPS 140-2:
FIPS stands for “Federal Information Processing Standard” and was developed by the U.S. National Institute of Standards and Technologies (NIST) in 2001 – yes, almost 2 decades ago! 😉 It replaced FIPS 140-1 that came out in 1994. In March 2019 FIPS 140-3 was finally approved, but if the history of this standard is any indication to the future – this could take a while. As of right now the implementation schedule indicates testing of FIPS 140-03 starts September 22nd 2020, with testing of FIPS 140-2 ending one year later on September 22nd 2021.
Today the Cryptographic Module Validation Program (CMVP) is operated jointly by NIST and the Communications Security Establishment (CSE) of the Canadian Government. Both the US & Canada are acting as certification authorities for CMVP – validating cryptographic modules against the FIPS 140-2 Standard. US & Canada aside, FIPS 140-2 has rose to be the defacto standard for best practices for crypto modules around the world, not only in governments but in the private commercial sectors as well.
Hardware Security Modules & FIPS Compliance
When a lot of folks think FIPS, they think of Hardware Security Modules, and Network Hardware Security modules (HSM) & (NHSM). HSMs & Net HSMs encrypt the keys used in conjunction with certificates, meeting the FIPS 140-2 level 3 & 4 requirement of cryptographic key management:
“Secret and private keys established using manual methods shall be entered or output encrypted or with split knowledge procedures”.
What a lot of people don’t realize is there are four different levels of FIPS compliance – level 1 through level 4, with most vendors offering support for levels 1-3. FIPS 140-2 levels 1 and 2 do not require the use of a HSM, but the higher levels 3 and FIPS level 4 do.
F5 supports up to FIPS level 3 with HSM modules built right into some of the select hardware platforms. They do not manufacture Network HSM (off box hardware security modules accessed over the network) but the BIG-IP Software supports them.
Why do we encrypt keys in Hardware Security Modules (HSMs)?
Anyone with access to the keys on a BIG-IP can potentially decrypt and steal sensitive data – this gets harder with perfect forward secrecy and the mandate of TLS 1.3. But If you encrypt the keys with an HSM there is virtually no way to do that unless you have access to the original unencrypted key.
Often administrators have access to devices that need to terminate the SSL / TLS traffic to gain visibility into the encrypted stream to provide security and intelligent load balancing – think WAF for security and cookie persistence for sticky load balancing. Administrators with elevated access to keys pose a security risk for companies as they literally have access to the keys of the kingdom. FIPS, coupled with some automation can ensure the keys are never accessible by the human admins once encrypted.
What are the different levels of FIPS?
Level 1 of the FIPS 140-2 standard examines the algorithms used in the cryptographic components of the software. Levels 2, 3 and 4 build on the algo requirements by adding additional levels of physical security. For example level 3 requires keys to be encrypted on the device. In short, each level builds upon the last.
Note the abbreviation “CSP” used throughout the levels refers to Critical Security Parameters – CSPs are comprised of any security related information – i.e. crypto keys, auth data, and pins located in what is referred to as the Cryptographic Boundary “CB”. The CB is the physical boundary of a crypto module and is comprised of all the hardware, software, and/or firmware components of a crypto module.
Below you’ll find a more exhaustive list of all the FIPS 140-2 levels.
(Or click here to be taken to the next section on F5 and FIPS.)
FIPS – Level 1
“Security Level 1 provides the lowest level of security. Basic security requirements are specified for a cryptographic module (e.g., at least one Approved algorithm or Approved security function shall be used). No specific physical security mechanisms are required in a Security Level 1 cryptographic module beyond the basic requirement for production-grade components. An example of a Security Level 1 cryptographic module is a personal computer (PC) encryption board.”
Level 1 – Summary:
- Basic & lowest level of security
- Lowest cost
- At least one Approved algorithm or Approved security function shall be used
- No specific physical security mechanisms are required
- Must use production-grade components
- Allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an unevaluated operating system.
- Appropriate for low-level security applications when physical security, network security, and administrative procedures are limited or nonexistent.
FIPS – Level 2
“Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.”
Level 2 – Summary:
- Requires tamper-evidence physical security mechanisms
- Tamper-evident coatings or seals or for pick-resistant locks on removable covers or doors of the module.
- Coating or seal must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs)
- Tamper-evident seals or pick-resistant locks are placed on covers or doors to protect against unauthorized physical access.
- Role-based authentication is required to authorize operators for specific roles and the services they’re allowed to perform in that role.
- Software and firmware components are allowed to be executed on a general purpose computing system using an operating system that
- meets the functional requirements specified in the Common Criteria (CC) Protection Profiles (PPs) listed in Annex B
- is evaluated at the CC evaluation assurance level EAL2 (or higher).
- An equivalent evaluated trusted operating system may be used. A trusted operating system provides a level of trust so that cryptographic modules executing on general purpose computing platforms are comparable to cryptographic modules implemented using dedicated hardware systems.
FIPS – Level 3
“In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module.
Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper-detection/response circuitry that zeroes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.”
Level 3 – Summary:
- Aimed to prevent intruders from gaining access to the CSPs within the crypto modules
- Physical security mechanisms are required to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module.
- Examples would be the use of strong enclosures and tamper detection/response circuitry that zeroizes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.
- Identity-based authentication mechanisms required that enhance the security provided by the role-based authentication mechanisms specified for Security Level 2. The identity of an operator is required to be verified and authorized to assume a specific role and perform a corresponding set of services.
- Entry or output of plaintext CSPs (including the entry or output of plaintext CSPs using split knowledge procedures) be performed using ports that are physically separated from other ports, or interfaces that are logically separated using a trusted path from other interfaces.
- Plaintext CSPs may be entered into or output from the cryptographic module in encrypted form (in which case they may travel through enclosing or intervening systems) be performed using ports that are physically separated from other ports, or interfaces that are logically separated using a trusted path from other interfaces. Plaintext CSPs may be entered into or output from the cryptographic module in encrypted form (in which case they may travel through enclosing or intervening systems).
- Software and firmware components of a cryptographic module are alowed to be executed on a general purpose computing system using an operating system that
- meets the functional requirements specified in the PPs listed in Annex B with the additional functional requirement of a Trusted Path (FTP_TRP.1)
- is evaluated at the CC evaluation assurance level EAL3 (or higher) with the additional assurance requirement of an Informal Target of Evaluation (TOE)
- An equivalent evaluated trusted operating system may be used. The implementation of a trusted path protects plaintext CSPs and the software and firmware components of the cryptographic module from other untrusted software or firmware that may be executing on the system.
FIPS – Level 4
“Security Level 4 provides the highest level of security. At this security level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate deletion of all plaintext CSPs.
Security Level 4 cryptographic modules are useful for operation in physically unprotected environments. Security Level 4 also protects a cryptographic module against a security compromise due to environmental conditions or fluctuations outside of the module’s normal operating ranges for voltage and temperature. Intentional excursions beyond the normal operating ranges may be used by an attacker to thwart a cryptographic module’s defenses. A cryptographic module is required to either include special environmental protection features designed to detect fluctuations and delete CSPs, or to undergo rigorous environmental failure testing to provide a reasonable assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that can compromise the security of the module.”
Level 4 – Summary:
- Highest level of security
- Physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access.
- Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate zeroization of all plaintext CSPs.
- Useful for operation in physically unprotected environments.
- Protects a cryptographic module against a security compromise due to environmental conditions or fluctuations outside of the module’s normal operating ranges for voltage and temperature.
- Intentional excursions beyond the normal operating ranges may be used by an attacker to thwart a cryptographic module’s defenses. A cryptographic module is required to either include special environmental protection features designed to detect fluctuations and zeroize CSPs, or to undergo rigorous environmental failure testing to provide reasonable assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that can compromise the security of the module.
- Allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an operating system that:
- meets the functional requirements specified for Security Level 3, and
- is evaluated at the CC evaluation assurance level EAL4 (or higher). An equivalent evaluated trusted operating system may be used.
FIPS Security Requirements
Below you will find the FIPS cryptographic module security requirements for the FIPS 140-2 standard. They highlight what is required from a design and implementation standpoint for the crypto modules at each level.
Security Level 1 | Security Level 2 | Security Level 3 | Security Level 4 | |
---|---|---|---|---|
Cryptographic Module Specification | Specification of cryptographic module, cryptographic boundary, Approved algorithms, and Approved modes of operation. Description of cryptographic module, including all hardware, software, and firmware components. Statement of module security policy. | |||
Cryptographic Module Ports and Interfaces | Required and optional interfaces. Specification of all interfaces and of all input and output data paths. | Data ports for unprotected critical security parameters logically or physically separated from other data ports. | ||
Roles, Services, and Authentication | Logical separation of required and optional roles and services. | Role-based or identity-based operator authentication. | Identity-based operator authentication. | |
Finite State Model | Specification of finite state model. Required states and optional states. State transition diagram and specification of state transitions. | |||
Physical Security | Production grade equipment. | Locks or tamper evidence. | Tamper detection and response for covers and doors. | Tamper detection and response envelope. EFP or EFT. |
Operational Environment | Single operator. Executable code. Approved integrity technique. | Referenced PPs evaluated at EAL2 with specified discretionary access control mechanisms and auditing. | Referenced PPs plus trusted path evaluated at EAL3 plus security policy modeling. | Referenced PPs plus trusted path evaluated at EAL4. |
Cryptographic Key Management | Key management mechanisms: random number and key generation, key establishment, key distribution, key entry/output, key storage, and key zeroization. | |||
Secret and private keys established using manual methods may be entered or output in plaintext form. | Secret and private keys established using manual methods shall be entered or output encrypted or with split knowledge procedures. | |||
EMI/EMC | 47 CFR FCC Part 15. Subpart B, Class A (Business use). Applicable FCC requirements (for radio). | 47 CFR FCC Part 15. Subpart B, Class B (Home use). | ||
Self-Tests | Power-up tests: cryptographic algorithm tests, software/firmware integrity tests, critical functions tests. Conditional tests. | |||
Design Assurance | Configuration management (CM). Secure installation and generation. Design and policy correspondence. Guidance documents. | CM system. Secure distribution. Functional specification. | High-level language implementation. | Formal model. Detailed explanations (informal proofs). Preconditions and postconditions. |
Mitigation of Other Attacks | Specification of mitigation of attacks for which no testable requirements are currently available. |
FIPS Validated or Certified vs. FIPS Compliant
There’s a big difference in FIPS Validated / Certified vs Compliant. FIPS Validated also known FIPS certified (interchangeable with validated) means one of the approved NIST laboratories reviewed and certified the crypto module through a series of tests – typically it’s a more stringent rigor than “compliant”. That’s because compliant leaves it to the company to follow the FIPS 140-2 standard and implement their solution around best practices. You can search the database of validated cryptographic modules here. When it comes to F5 just about any product can be considered FIPS validated with an addon license, including up to level 2. See the full list below.
F5 & FIPS – Full Box FIPS vs Dual FIPS
Now that you’re all up to speed with FIPs in general, lets dive into specific F5 FIPS topics.
Full Box FIPS – is also known as “platform” FIPS, or you may have heard the discouraged term “Sticker FIPS” – they both refer to the recent certification on the 13.1 release code by the NIST. The software by itself provides FIPS 140-2 level 1, and when you add the tamper evident seals it provides FIPS 140-2 level 2. It’s important to note 13.1.1 was “validated” – using other software versions or even upgrading the code to a more current hotfix would technically make it “compliant” vs “validated”. That being said, F5 is security minded and applying a hotfix typically make the device more secure, not less. We typically see auditors give a little leeway here – so make sure you check with your auditor prior to applying an HF to your FIPS device or VE. Here are some quick points to consider about F5 & their Full Box FIPS offerings i.e. level 2:
- 13.1.1 Meets FIPS 140-2 Validated aka Certified Status
- You need to be on the NIST Validated F5 BIG-IP 13.1.1 TMOS® that was validated
- Any major upgrades would technically move you to “compliant” status unless you get your auditors sign-off. This shouldn’t alarm you as F5 does continually works to re-cert major releases, 13.1.1.5 is the stable release train and will be supported for years to come, and again auditor buy in is feasible for hot-fixes (hotfixes are not typically considered major releases).
- The FIPS license is an additional cost – and will come with the seals you need. They are NOT applied during manufacturing, i.e. even if you purchased them with the boxes originally you will have to put the tamper evident seals on yourself when you license the device. You’ll get about 30 seals for the appliances, and about 60 for the viprion chassis. And no you can’t just buy your own stickers 😉
- Once the FIPS license is enabled your device will perform system integrity checks, crypto algorithm checks, and TMM checks. The crypto check only happens on start, the system integrity check is performed on start, daily using a cron job, and can be done manually. Read more about the F5 FIPS self tests.
F5 Dual FIPS – every Platform FIPS that comes with the HSM Card by Cavium is “F5 Dual FIPS” i.e. level 2 and level 3.
F5 VCMP and FIPS Support
You can now have level 2 and 3 FIPS support with VCMP for the Viprion chassis, i5280v-F, i7820v-F, and the 10350v-f. This all depends on the Cavium HSM card’s support of SR-IOV.
SR-IOV is a specification that allows a PCIe device to look like multiple separate physical PCIe devices – pretty cool stuff.
F5 Virtual Edition – VE – Support
F5 now has a license called FIPS 140-2 Compliant mode – available for Virtual Editions up to 10gb as well as the high speed VEs. This license makes the BIG-IP VE FIPS 140-2 Level 1 compliant in a virtual machine. It’s available as an add-on license and will put several daemons into FIPS 140-2 compliant mode & add FIPS approved ciphers lists. The daemons will then prefer the stronger FIPS ciphers over the less secure ciphers, and even order them first in the cipher list when selecting an SSL client or server profile. The license is available on TMOS versions:
- 12.1.2 HF1 – 12.1.4
- 13.1.x
- 14.x
- 15.x
- 16.x
- 17.x
Prior to version 14.1.0.7 you will need to reboot your VE after applying the license, post v14.1.0.7 no reboot is required after applying the FIPS 140-2 compliant mode license.
Aside from the supported TMOS versions only certain hypervisors are deemed compliant – F5 FIPS Hypervisor List:
- TMOS v12.1.2 HF1 – VMware ESXi 5.5, AWS on Xen HVM domU, and Microsoft Azure on Hyper-V virtual machine
- TMOS v13.1.1 on VMware ESXi 6.5, AWS on Xen 4.2.amazon, Hyper-V 10.0, and Microsoft Azure on Hyper-V virtual machine
- v14.1.0.3 on VMware ESXi 6.5, Hyper-V 2019, AWS, and Azure
Looking at the below F5 device FIPS list below, you will notice there is a section that labels the Virtual Edition’s with TMOS 11.2 and up as being FIPS 140-2 level 2 & 3 Validated a.k.a. Certified – that is through the use of a 3rd party network HSM by Thales. They are:
- nShield Connect 500+
- nShield Connect 1500+
- nShield Connect 6000+
F5 FIPS and SSL Ciphers
SSL Ciphers are also part of being FIPS compliant or validated. When the FIPS license is applied to a BIG-IP system – either an appliance for full box FIPS or the Virtual Edition (VE) – two new cipher suite keywords are added, FIPS & @FIPS. (Note that the dual box FIPS platforms with the built in HSM do not require a separate license, they come with all the FIPS functionality native.) The FIPS keyword only includes the FIPS compliant ciphers, and the @FIPS keyword organizes them from the strongest to weakest. Also note that you can’t use the @FIPS keyword by itself, it is just to reorganize them from strong to weak, like this –> FIPS:@FIPS.
You could also use the @FIPS with the default cipher suite, and organize the preferred ciphers with the strongest FIPS ciphers first like this –> DEFAULT;@FIPS. I should mention that the FIPS cipher list is available without the FIPS license for VE’s, full box, and dual FIPS devices. But you would not be compliant without the FIPS license, as there are other changes made to the system to become FIPS compliant or validated. The list of FIPS approved ciphers:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA
F5 BIG-IP devices that are FIPS Certified / Validated and Compliant
Below you will find a list of all the F5 BIG-IP devices that are FIPS Certified and Compliant with levels 1 through 3:
F5 FIPS Cryptographic Modules
F5 Model | BIG-IP Software Release | NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|---|
r4000 series, r5000 series including r5920-DF, r10000 series, VELOS BX110/CX410 |
17.1.01 |
F5 BIG-IP Tenant Cryptographic Module |
FIPS 140-3 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
17.1.01 |
Cryptographic Module for BIG-IP | FIPS 140-3 Level 1 (Under test) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, VIPRION B2250/B4450 |
17.1.01 |
F5 Device Cryptographic Module |
FIPS 140-3 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
16.1.3.1 |
Cryptographic Module for BIG-IP |
FIPS 140-3 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, VIPRION B2250/B4450 |
16.1.3.1 |
F5 Device Cryptographic Module |
FIPS 140-3 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
15.1.2.1 |
Cryptographic Module for BIG-IP |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 |
15.1.2.1 |
F5 Device Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP oni5000, i5820-DF, i7000, i7820-DF, i15800 VIPRION B2250/B4450 |
15.1.2.1 |
F5 vCMP Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
BIG-IP tenant on VELOS BX110 |
14.1.4.2 |
Cryptographic Module for BIG-IP |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
14.1.2 |
Cryptographic Module for BIG-IP |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F, i7800 |
14.1.2 |
F5 Device Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
14.1.0.3 |
Cryptographic Module for BIG-IP |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
5250v-F, 7200v-F, 10200v-F, 10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 |
14.1.0.3 |
F5 Device Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on i5000, i5820-DF, i7000, i7820-DF, i15800 VIPRION B2250/B4450 |
14.1.0.3 |
F5 vCMP Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
|
F5 OS
F5 Model | Software Release | NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|---|
VELOS BX110/CX410 |
F5OS-C 1.6.0 |
F5OS-C Cryptographic Module |
FIPS 140-3 | |
r4000 series, r5000 series including r5920-DF, r10000 series, |
F5OS-A 1.5.1 |
F5OS-A Cryptographic Module | FIPS 140-3 Level 2 (Under test) |
Integrated Cryptographic Modules
The integrated HSM is FIPS-validated, but the BIG-IP systems are not themselves FIPS 140-2/3 Level 3 validated.
F5 Model Integrated Modules | NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|
r5920-DF, r10920-DF | NITROXIII CNN35XX-NFBE HSM Family | FIPS 140-3 Level 3 (Under test) |
NITROXIII is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F, i5820-DF, i7820-DF, i15820-DF | NITROXIII CNN35XX-NFBE HSM Family | FIPS 140-2 Level 3: 4263 |
NITROXIII is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
External Cryptographic Modules
F5 Systems External Modules | NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|
BIG-IP, VIPRION, and Virtual Edition v11.2 and above |
Thales nShield Connect 500+, nShield Connect 1500+, nShield Connect 6000+ |
FIPS 140-2 FIPS 140-2 | Not supported: DFARS 252.204-7012 / NIST SP 800-171 |
BIG-IP, VIPRION, and Virtual Edition v11.5 and above | SafeNet Luna SA 6000 |
FIPS 140-2 FIPS 140-2 | Not supported: DFARS 252.204-7012 / NIST SP 800-171 |
Legacy FIPS:
F5 BIG-IP 6900F and 8900F are indeed FIPS 140-2 compliant, but they don’t support the necessary firmware upgrade to their HSM – subsequently F5 has deemed them F5 Legacy FIPS, a.k.a. Historical F5 FIPS.
Historical FIPS: F5 FIPS Cryptographic Modules
F5 Model | BIG-IP Software Release | NIST Validated Cryptographic Modules | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|---|
Virtual Edition on the following hypervisors:
Vendor Affirmation for
| 14.1.2 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 3596</a > (Replaced by 4505</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F, i7800 | 14.1.2 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3841</a > (Replaced by 4465</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
| 14.1.0.3 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 3596</a > (Replaced by 4505</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
5250v-F, 7200v-F, 10200v-F, 10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 | 14.1.0.3 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3629</a > (Replaced by 4471</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on i5000, i5820-DF, i7000, i7820-DF, i15800 VIPRION B2250/B4450 | 14.1.0.3 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3623</a > (Replaced by 4477</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
| 13.1.1 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 2911</a > |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
4000, 5250v-F, 7200v-F, 10200v-F, 10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 | 13.1.1 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3450 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on VIPRION B2250/B4450 | 13.1.1 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3439 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
4000, 7000, 10350v-F i4000, i5000, i7000 VIPRION B2250/B4450 | 13.1.0 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3142 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on VIPRION B2250/B4450 | 13.1.0 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3179 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
| 12.1.2 HF1 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 2911 | DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Historical FIPS: Integrated Cryptographic Modules
The integrated HSM is FIPS-validated, but the BIG-IP systems are not themselves FIPS 140-2/3 Level 3 validated.
F5 Model Integrated Modules | NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|
10350v-F, i5820-DF, i7820-DF, i15820-DF | NITROXIII CNN35XX-NFBE-G HSM Family | FIPS 140-2 Level 3: 4263 |
NITROXIII is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
5250v-F, 7200v-F, 10200v-F | NITROX XL CN16XX-NFBE HSM Family | FIPS 140-2 Level 3: 1369 |
NITROX XL is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
BIG-IP 6900F, 8900F | Integrated Module: Cavium Nitrox XL CN1520-VBD-04-0201 | FIPS 140-2 Level 2: 1360 Level 3: 1361 |
Historical FIPS: F5 FIPS Cryptographic Modules
F5 Model | BIG-IP Software Release | NIST Validated Cryptographic Modules | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|---|
Virtual Edition on the following hypervisors:
Vendor Affirmation for
| 14.1.2 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 3596</a > (Replaced by 4505</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F, i7800 | 14.1.2 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3841</a > (Replaced by 4465</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
| 14.1.0.3 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 3596</a > (Replaced by 4505</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
5250v-F, 7200v-F, 10200v-F, 10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 | 14.1.0.3 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3629</a > (Replaced by 4471</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on i5000, i5820-DF, i7000, i7820-DF, i15800 VIPRION B2250/B4450 | 14.1.0.3 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3623</a > (Replaced by 4477</a >) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
| 13.1.1 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 2911</a > |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
4000, 5250v-F, 7200v-F, 10200v-F, 10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 | 13.1.1 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3450 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on VIPRION B2250/B4450 | 13.1.1 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3439 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
4000, 7000, 10350v-F i4000, i5000, i7000 VIPRION B2250/B4450 | 13.1.0 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3142 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on VIPRION B2250/B4450 | 13.1.0 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3179 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
| 12.1.2 HF1 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 2911 | DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Historical FIPS: Integrated Cryptographic Modules
The integrated HSM is FIPS-validated, but the BIG-IP systems are not themselves FIPS 140-2/3 Level 3 validated.
F5 Model Integrated Modules | NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|
10350v-F, i5820-DF, i7820-DF, i15820-DF | NITROXIII CNN35XX-NFBE-G HSM Family | FIPS 140-2 Level 3: 4263 |
NITROXIII is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
5250v-F, 7200v-F, 10200v-F | NITROX XL CN16XX-NFBE HSM Family | FIPS 140-2 Level 3: 1369 |
NITROX XL is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
BIG-IP 6900F, 8900F | Integrated Module: Cavium Nitrox XL CN1520-VBD-04-0201 | FIPS 140-2 Level 2: 1360 Level 3: 1361 |
What is DFARS 252.204-7012 & NIST SP 800-171?
Looking at the table above you may have noticed the reference to DFARS 252.204-7012 & NIST SP 800-171. This is to show when F5 is compliant with the DFARS clause 252.204-7012 & the NIST SP 800-171 guidelines. That’s great you say, but what exactly are they? In a nutshell, it’s all about protecting Federal Contract Information (FCI), and Confidential Unclassified Information (CUI) or Covered Defence Information the federal government. Specific F5 FIPS platforms meet this requirement directly, or through the addition of the F5 FIPS module. But before we get into it, let’s start with what FAR is.
The Federal Acquisition Regulation (FAR) is the primary set of rules regarding government procurement in the United States. Defence FARS “DFARS” is the Department of Defense’s (DoD) supplementation of the FAR and provides specific purchasing regulations that DoD government officials and the contractors doing work with the DoD must abide to through the procurement process for goods and services.
DFARS Clause 252.204.-7012 Requires contractors & subcontractors to:
- Provide adequate security to safeguard covered defense information that resides on or is transiting through a contractor’s internal information system or network.
- Report cyber incidents that affect a covered contractor information system or the covered defense information residing therein, or that affect the contractor’s ability to perform requirements designated as operationally critical support.
- Submit malicious software discovered and isolated in connection with a reported cyber incident to the DoD Cyber Crime Center.
- If requested, submit media and additional information to support damage assessment.
- Flow down the clause in subcontracts for operationally critical support, or for which subcontract performance will involve covered defense information.
NIST SP 800-171 is a guideline published by NIST in 2015, and enforced for compliance starting December 31, 2017 – it’s a US Department of Defense contractor mandate. It was developed to ensure sensitive information in the federal government remains confidential when stored in non-federal information systems (IS) and organizations. This guideline is enforced by the DoD – so yes, it’s very important.
NIST SP 800-171 has 14 different categories around security regulations. All of them are specifically to protect controlled unclassified information CUI or CDI (note: DoD often uses CUI and CDI interchangeably). The 14 categories are:
- Access Control
- Awareness Training
- Audit and Accountability
- Configuration Management
- Identification and Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System and Communications Protection
- System and Information Integrity
F5 FIPS Self Tests
Full Box FIPS not only gives you the tamper evident sticker seals, it comes with an actual license you would add on to your BIG-IP from the software interface. Once installed it’s used to test the integrity and operation of the crypto module by performing tests at different times of the devices operation. If any of the tests fail during the boot process the BIG-IP system will halt. This is handled with the new daemon introduced in BIG-IP 13.1.0 fips_monitor – the daemon monitors /config/f5_public/fipserr file for any errors. If any errors are found the daemon issues a shutdown command to restart the BIG-IP system. When the system is restarted /config/f5public/fipserr file is scanned – when the error messages are found the system halts. Here is a table from F5 that lays out the three basic categories of tests and the actions taken when the tests fail.
Type of self test | When the self test runs | Checks performed | Action on fail |
---|---|---|---|
System Integrity check (sys-eicheck) | — On start — Daily using a cron job — Manually | Checks the system software on the BIG-IP system to ensure it has not been modified. | If the test fails during the boot process, the details are logged to the /config/f5_public/fipserr file and the BIG-IP system immediately halts. If the test fails at any other time, an error is logged to the /var/log/secure file and the system halts on the next restart. |
Crypto-Algorithm check | — On start | Checks the SSL cryptographic libraries to ensure they are correctly performing encryption and decryption. | Details are logged to the /config/f5_public/fipserr file and the BIG-IP system immediately halts. |
TMM check | — On start — When TMM errors occur during normal operation | Checks the Traffic Management Microkernel (TMM) for problems. | Details are logged to the /config/f5_public/fipserr file and the BIG-IP system immediately halts. |
F5 FIPS Support in the Clouds
If you need support for FIPS in the public clouds you can obtain FIPS 140-2 level 1 certification with the Virtual Edition platform. If you need level 2 & 3 – there is no true fully “validated” a.k.a. certified solution, as the clouds have not yet bridged that gap. But you can indeed use a 3rd party network HSM that is FIPS level 2 & 3 validated / certified to get you pretty close. I’ve even seen customers use their BIG-IPs in the cloud and point to a 3rd party network HSM on-premise like nCipher or SafeNet/Gemalto as well as PKS#11 interface for HSMs like ATOS.
- AWS CloudHSM – AWS CloudHSM is a hardware-based security module in the cloud. I know I know, hardware and cloud – your mind is blown 😉 AWS Cloud HSM allows you to manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. This is a nice “on-demand” solution for network HSMs, but comes at a cost. I like that you can export your keys and import them in another network HSM down the road if you move away from the cloud once you get that sticker shock bill 😉 BIG-IP v14.1.0 is required, which technically makes this a “compliant” solution (at the moment) and AWS versions 1.0.18 and 1.1.0. It’s also has programmatic support via API via industry standard PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.
- Equinix SmartKey – Equinix is in the game with their SmartKey cloud service that has built-in encryption and tokenization, and FIPS 140-2 Level 3 certification. You will also need F5 BIG-IP v14.1.0 and the SmartKey client version 2.9.804.
- Azure Dedicated HSM – Validated for FIPS 140-2 Level 3.
With security breaches on the rise, SSL & TLS key protection and encryption has never been more important. F5’s full box FIPS and F5’s platform FIPS coupled with network HSMs make key encryption easy. Comment below and let us know how you are using FIPS with F5 or let us know if you have any questions, because we have answers 😉
Leave a Reply