Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense/IPSec FIPS mode?

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 426 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheWaterbug
      last edited by TheWaterbug

      In pursuit of a higher SPRS score on the NIST 800-171 self assessment (see Scoring Template, starting on Page 12), I'm trying to comply with these two requirements:

      3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.

3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.

      Since I have hardware IPSec tunnels among my 3 locations, I am trying to figure out if my encryption is FIPS-validated or not, and if not, whether I can get it there while still using pfsense and (preferably), IPsec and (preferably), hardware acceleration.

      OpenSSL appears to have a FIPS mode, but I'm not sure how to 1) install it or configure it for FIPS mode, and 2) how to use it in my VPNs.

      Does anyone here have experience setting up site-to-site tunnels in pfsense or OPNSense using a FIPS-validated crypto module that's either free or affordable?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.