Security
Security is top-of-mind, especially right here where Juniper experts share their insights on the latest security trends and breakthroughs
Juniper Employee , Juniper Employee Juniper Employee
Security
More SRX Platforms complete FIPS 140-2 Certification
Mar 1, 2018

Former US President, Ronald Reagan frequently used the Russian proverb “Trust, but verify”.  This adage is also frequently used in the blockchain community.  The idea is that some things are important enough that they must be verified.

The Cryptographic Module Validation Program (CMVP) is a joint effort between the US National Institute of Science and Technology (NIST) and the Canadian Communications Security Establishment (CSE).   CMVP validates cryptographic modules to the Federal Information Processing Standards (FIPS) 140-2 and other standards.  FIPS 140-2 is a mandatory standard for the protection of US Government sensitive data.

 nist.jpg

I am happy to report that the SRX1500, SRX4100, SRX4200, and vSRX security gateways recently completed NIST FIPS 140-2 certification with Junos OS 15.1X49.  These products join the already certified SRX300-345, SRX550-M and SRX5400, SRX5600, and SRX5800.

 

The NIST Certifications are as follows

vSRX- Certificate #3137

SRX1500, SRX4100 and SRX4200- Certificate #3136

SRX300, SRX320, SRX340, SRX345 and SRX550-M- Certificate #3100

SRX5400, SRX5600, and SRX5800- Certificate #2948

 

As part of our ongoing commitment to government certifications, these devices are already in process for a recertification using Junos 17.4 and are listed on the CMVP Implementation Under Test (IUT) List.

FIPS_140-2_validated_logo.gif

Aug 21, 2018
Mike Jones

Would this FIPS 140-2 certification be valid in configurations other than as tested?  Meaning if I configured the OS on a Bare Metal Server would the certification remain valid?

Tested Configuration(s)
  • JUNOS 15.1X49-D100 on VMWare ESXi 5.5 on a Server HP ProLiant DL380 Gen9 (single-user mode)
Aug 21, 2018
Juniper Employee

Mike,

I might not be following your question completely.  vSRX is a virtual appliance and would need the server it is installed on to have some hypervisor environment whether it was ESXi, KVM, HyperV, etc.

In the case that you mention, is the server truly baremetal, or is it running some form of Linux or Windows?

The vSRX is being certified again with Junos 17.4 and this certification will specifically include VMware ESXi and Linux KVM environments.   It just isn't practical to test every hypervisor scenario and hardware scenario, but there should be no differences.

 

If you want send me a note at bshelton@juniper.net and we can take this discussion off line.

Top Kudoed Authors