Barracuda is excited to announce that we have completed our very first Federal Information Processing Standards (FIPS) validation!
The Barracuda Software Cryptographic Module version 220.127.116.11 has been approved for the FIPS 140-2 Level 1 rating, and the certification is now listed on the National Institute of Standards and Technology (NIST) Web site: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm
FIPS 140-2 encompasses a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. Security requirements cover 11 areas related to the design and implementation of a cryptographic module. For each area, a cryptographic module receives a security level rating (1-4, from lowest to highest) depending on what requirements are met. The cryptographic module is the set of components that implements encryption, decryption, and other cryptographic functions.
The Barracuda Web Application Firewall is the first product that has rolled onto this certified version of the Barracuda Software Cryptographic Module. Of particular interest to incorporating this standard is Barracuda Web Application Firewall deployment as an on-premises virtual appliance or as a public cloud instance, where software-based certifications are most relevant.
So what does this certification mean to you?
FIPS 140-2 is the standard for encryption for the US federal government, and products lacking this certification cannot be deployed on sensitive US government networks unless extra steps are taken to demonstrate the equipment is safe. FIPS 140-2 is also widely recognized as the de-facto cryptography standard outside of the US, and it helps many public and private sector organizations meet other standards, such as HIPAA, COPPA, and ESIGN. With a FIPS 140-2 certified product, you are better able to meet your requirements for security and regulatory compliance.
This offering will be particularly relevant for Microsoft Azure Government and AWS GovCloud, where Barracuda provides solutions to help augment and address security requirements for those cloud customers. For more information about Barracuda solutions on Azure Government, visit cuda.co/pr181 and on AWS GovCloud, visit cuda.co/pr221.
This is a significant accomplishment for the company, and this validation allows the Barracuda to aggressively address the critical requirement of application security in government verticals with US Federal, state, local, and even some private sector customers. Barracuda will pursue FIPS validations for other products, stay tuned!
For more information, please visit the Barracuda federal landing page cuda.co/fedgov.