Security

Does Splunk support FIPS 140-2

matt
Splunk Employee
Splunk Employee

Is splunk FIPS 140-2 compliant?

Tags (2)
1 Solution

ChrisG
Splunk Employee
Splunk Employee

Splunk Enterprise 6 includes an OpenSSL FIPS module; see About FIPS in the Securing Splunk manual.

Note that upgrading a non-FIPS install to FIPS is not supported by Splunk – you must decide to use FIPS when your first install the product.

View solution in original post

tf_jbassford
Engager

As of version 6.3.0 of Splunk and Splunkforwarder, has Splunk Inc, gotten accreditation from NIST?

On the latest version of Splunk 6.3.0 I do see that Splunk Inc. integrated the openssl FIPS object Model for the openssl that is included with splunk, and I see that there are still statements that you cannot migrate an existing non-fips splunk to a fips-complaint splunk can someone elaborate on the details of why that migration path is NOT supported (IE: are the indexes encrypted with non fips algrorythms?, or is it just a matter of ssl cert creations that meet FIPS standards?)

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Splunk Enterprise 6 includes an OpenSSL FIPS module; see About FIPS in the Securing Splunk manual.

Note that upgrading a non-FIPS install to FIPS is not supported by Splunk – you must decide to use FIPS when your first install the product.

araitz
Splunk Employee
Splunk Employee

Splunk (the software) has not been submitted for FIPS 140-2 accreditation. At this time, there are no plans that I am aware of to engage in the accreditation process.

Splunk uses OpenSSL shared libraries for all encryption, and according to openssl.org, OpenSSL will never be FIPS-140-2 validated/accredited:

http://www.openssl.org/docs/fips/fipsnotes.html

Furthermore, Splunk does not use the OpenSSL FIPS Object Model, which has been uniquely validated as FIPS-140-2 compliant. At this time, we do not anticipate moving to the OpenSSL FIPS Object Model because of compatibility and portability reasons.

jrodman
Splunk Employee
Splunk Employee

This answer was indeed correct when provided in 2011 for Splunk 4.x.

dmlee
Communicator

Hi Araitz,
could you explain more detail about "we do not anticipate moving to the OpenSSL FIPS Object Model because of compatibility and portability reasons" ? thanks

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...