Federal Information Processing Standard Mode

Federal Information Processing Standard (FIPS) is a US federal standard for computer systems and data security that mandates only compliant cryptographic algorithms and their implementations be used in a product’s cryptographic operations. A product is considered FIPS compliant if it uses verified crypto modules that have been certified by a laboratory approved by the National Institute of Standards and Technology (NIST). CloudVision has completed the FIPS certification process to allow users with both single-node and multi-node clusters to operate in FIPS mode.

Note: Intra-node communication is not yet certified and will follow in Phase 2.

To comply with FIPS standards, Arista’s FIPS Cryptographic Module must be enabled when deploying a new CloudVision cluster. FIPS mode cannot be enabled on an existing CloudVision cluster. For FIPS Phase 1, when a cluster is running in FIPS mode, any external connections that terminate at the NGINX web server in the CloudVision cluster, such as TLS, will use the FIPS certified cryptographic module for cryptographic operations. Any secrets that are used by the NGINX server will be generated using the FIPS certificate cryptographic module.

Note: Once a CloudVision cluster is installed in FIPS mode, it cannot be reverted to the default mode of operation.