FIPS Compliance for Flowlink
This section describes the operational requirements for compliance with Federal Information Processing Standard (FIPS) 140-2 and 140-3 for Illumio Flowlink.
The Federal Information Processing Standard Publication (FIPS PUB) 140-x is a U.S. government computer security standard used to approve cryptographic modules. An authorized cryptographic equipment assessment laboratory has tested and verified that Flowlink faithfully incorporates the use of cryptographic functions provided by the FIPS 140-x validated modules as it applies to data in transit.
FIPS Prerequisites
The server on which Flowlink is installed must be running a FIPS-validated version of RHEL in FIPS mode and satisfy the Security Policy as stated in the relevant Red Hat Enterprise Linux OpenSSL Cryptographic Module document.
Enable Flowlink FIPS Compliance
After installing RHEL8.x or RHEL9, follow the required steps in the "Crypto Officer Guidance" section of the Red Hat Enterprise Linux OpenSSL documentation.
Reboot the system.
After the system starts, check that FIPS mode is enabled:
$ fips-mode-setup --check FIPS mode is enabled
Install the Flowlink RPM using this command:
sudo rpm -ivh --nodigest illumio-flowlink-<add-version-info>.rpm
To configure Flowlink, see Configure Flowlink.
When you've completed this procedure, Flowlink is FIPS compliant.
Check FIPS Mode Readiness
You can use a third-party tool to detect whether your system/container and your Golang binary are ready to run in FIPS mode. For details, see fips-detect.