pfsense/IPSec FIPS mode?
-
In pursuit of a higher SPRS score on the NIST 800-171 self assessment (see Scoring Template, starting on Page 12), I'm trying to comply with these two requirements:
3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. 3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.
Since I have hardware IPSec tunnels among my 3 locations, I am trying to figure out if my encryption is FIPS-validated or not, and if not, whether I can get it there while still using pfsense and (preferably), IPsec and (preferably), hardware acceleration.
OpenSSL appears to have a FIPS mode, but I'm not sure how to 1) install it or configure it for FIPS mode, and 2) how to use it in my VPNs.
Does anyone here have experience setting up site-to-site tunnels in pfsense or OPNSense using a FIPS-validated crypto module that's either free or affordable?