FIPS

jeborton · ‎10-05-2021

With the changes being required by the US government through FAR, DFAR, NIST 800-171, CMMC, and any other bit of alphabet soup that I may have missed. Vault needs to be made compliant with Federal Information Processing Standards (FIPS). This isn't anything new and I am surprised that there are not more "ideas" asking for this. Computer and Network Security are not going away simply because you ignore them.

ihayesjr · ‎10-05-2021

@jeborton

Thank you for posting the idea.
FIPS has different areas that it covers for standards and some may not apply to Vault. The current publications can be found here: Search | CSRC (nist.gov)

Which are you proposing Vault should comply with?

jeborton · ‎10-08-2021

@ihayesjr

Thanks for the reply

I would like to see compliance with FIPS 197 and 140-2/3

larry.riceGTQBK · ‎02-20-2024

But needs to become FIPS plan at level two and level three. Shortly, no DOD or government agency or companies that deal with the government will be able Vault if it does not become FIPS compliant

larry.riceGTQBK · ‎02-20-2024

The first word in the previous comment should have been Vault. Thank you spellcheck and AutoCorrect.

joshua.smith38A6R · ‎03-31-2025

Also interested in this. It's possible that some of our drawings will be considered Controlled Unclassified Information, and if they are, the Vault needs to operate on a server running in FIPS mode. I haven't come across a FedRAMP compliant cloud solution that can host Vault. If anyone knows of one, please let me know.

ihayesjr · ‎03-31-2025

Community

FIPS

FIPS

Forums Links

Submit Idea