HashiCorp Vault Completes FIPS 140-2 Evaluation

World News: . []

SAN FRANCISCO, CA -- (Marketwired) -- 11/14/17 -- HashiCorp, a leader in cloud infrastructure automation, today announced that Vault Enterprise 0.9, HashiCorp's secrets and privileged access management security product, has been evaluated as conformant with the Federal Information Processing Standard (FIPS) 140-2 standards. The certification ensuring Vault Enterprise's conformance has been issued by Leidos, a major security audit and innovation lab. For more details on the certification, see the Vault Compliance Letter at https://www.hashicorp.com/vault-compliance.

Leidos' evaluation focuses on the new Seal Wrapping feature in Vault 0.9. Seal Wrapping allows a Vault Enterprise system to encode cryptographic fundamentals and credentials with encryption derived from external FIPS 140-2 certified cryptographic modules. By targeting specific storage values within Vault that contain CSPs (Critical Security Parameters), Vault's Seal Wrapping feature achieves FIPS 140-2 conformance with minimal performance impact.

Leidos' audit has affirmed that Seal Wrapping allows Vault Enterprise to be compliant with FIPS 140-2 standards for Key Transport (FIPS 140-2 IG 7.16) and Key Storage (FIPS 140-2 IG D.9) at a Security Level equal to the cryptography of the external module. For example, if Vault Enterprise is configured to use Seal Wrapping with a hardware cryptographic module operating at a Security Policy of FIPS 140-2 Level 3, Vault Enterprise will operate at a Level 3 FIPS 140-2 Security Level.

Vault is broadly used among the Global 2000 to address the challenge of infrastructure and application security in distributed environments. The Vault open source product addresses core security use cases for secrets management, encryption as a service, and privileged access management. Vault Enterprise enables teams and organizations to extend Vault with collaboration and operations features, provide governance capabilities, and scale Vault across multiple data centers.

The FIPS compliance letter is available today, and is applicable for Vault Enterprise 0.9 and on. Users can download the open source version of Vault at https://www.vaultproject.io. Vault Enterprise is available in two versions: Vault Enterprise Pro focuses on collaboration and operational features, like a UI for managing secrets, health monitoring, and initialization and secure bootstrapping workflows, while Enterprise Premium focuses on multi-datacenter functionality and governance, with features such as Hardware Security Module (HSM) integration, replication, and Sentinel integration. For more information about HashiCorp Vault Enterprise, visit https://www.hashicorp.com/products/vault/.

About HashiCorp

HashiCorp is a cloud infrastructure automation company that enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded thousands of times per day and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, Redpoint, and True Ventures. For more information, visit https://www.hashicorp.com or follow HashiCorp on Twitter @HashiCorp.

More news and information about HashiCorp

Published By:

Marketwire: 17:01 GMT Tuesday 14th November 2017

Published: .

Search for other references to "hashicorp" on SPi News


Previous StoryNext Story

SPi News is published by Sector Publishing Intelligence Ltd.
© Sector Publishing Intelligence Ltd 2017. [Admin Only]
 
Sector Publishing Intelligence Ltd.
Ground Floor Offices, Little Keep Gate, Barrack Road, Dorchester, Dorset DT1 1AH
Registered in England and Wales number 0751938.
 
Privacy Policy | Terms and Conditions | Contact Us
 

Advertising on SPi News: Information For Advertisers