• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfsense/IPSec FIPS mode?

Scheduled Pinned Locked Moved IPsec
1 Posts 1 Posters 394 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    TheWaterbug
    last edited by TheWaterbug May 4, 2023, 10:32 PM May 4, 2023, 10:32 PM

    In pursuit of a higher SPRS score on the NIST 800-171 self assessment (see Scoring Template, starting on Page 12), I'm trying to comply with these two requirements:

    3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.

3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.

    Since I have hardware IPSec tunnels among my 3 locations, I am trying to figure out if my encryption is FIPS-validated or not, and if not, whether I can get it there while still using pfsense and (preferably), IPsec and (preferably), hardware acceleration.

    OpenSSL appears to have a FIPS mode, but I'm not sure how to 1) install it or configure it for FIPS mode, and 2) how to use it in my VPNs.

    Does anyone here have experience setting up site-to-site tunnels in pfsense or OPNSense using a FIPS-validated crypto module that's either free or affordable?

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received