Reset Search
 

 

Article

7654 - Is the virtual Traffic Manager FIPS 140-2 compliant?

« Go Back

Information

 
Last Modified Date11/27/2017 4:54 PM
Synopsis
This article provides information if the virtual traffic manager is FIPS 140-2 compliant.
Problem or Goal
Cause
Solution
This article applies to vTM 9.2 and above.

The vTM software variant supports SSL hardware based on the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki), such as the Thales e-Security nShield Connect and Oracle's SCA 6000 card. It also supports various Cavium PCI cards (CN 1000 and CN 2000 series) with a dedicated driver.

The Virtual Appliance supports the Thales e-Security nShield Connect and the nCipher netHSM network attached HSMs.

This arrangement offloads SSL computation (the RSA private key decryption) from the traffic manager system’s CPU onto the SSL cryptographic hardware. Some PKCS#11 devices also provide hardware key management, so that the private key is stored securely on the hardware device and cannot be accessed directly without the correct authentication.
 

Note: As RSA cryptographic operations being performed on the SSL cryptographic hardware are outside of the Stingray FIPS 140-2 Cryptographic Boundary, you should independently ensure that the SSL cryptographic hardware is sufficiently conformant to FIPS 140-2 for your requirements.

Related Links
Attachment 1 
Created ByCode Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255