Zertifizierungen

Updated Date: Updated Date: June 21, 2024

Government Regulations

F5 maintains an active product certification and evaluation program—aligned with government regulations—for maintaining a secure IT environment.

Federal Information Processing Standard (FIPS) 140-2 / 140-3

For BIG-IP, F5 offers several FIPS solutions to meet the most rigorous compliance requirements and architectures. For details of BIG-IP release / system validated combinations, please see the chart below.

• The F5 FIPS BIG-IP VE incorporates a NIST-validated at FIPS 140-2 Level 1 software-based cryptographic module for x86 platforms. BIG-IP VE is also targeted for FIPS 140-3 Level 1 validation.
• The BIG-IP tenant on rSeries and VELOS systems is targeted for NIST validation at FIPS 140-3 Level 2.
• BIG-IP running on specific appliances and blade / chassis systems provides device-included validation at FIPS 140-2 Level 2, including application of tamper-evident stickers. Device-included validation is also targeted for FIPS 140-3 Level 2 validation.
• F5OS-A and F5OS-C are also, with their underlying rSeries and VELOS hardware, targeted for FIPS 140-3 Level 2 validation, also with the application of tamper-evident stickers.
• F5 also offers a select set of BIG-IP systems, which include an HSM that supports a FIPS-validated implementation for RSA cryptographic key generation, use, and protection. 
• Finally, F5 BIG-IP supports external (network) HSMs; see the table below for details.

Key benefits of using F5 FIPS-compliant solutions:

• High-performance SSL—Industry-leading performance, with industry recommended standards.
• Unified platform—BIG-IP is able to consolidate an HSM that provides secure key storage with application delivery solution that has SSL key management and certificate management on a single device. Other solutions require a separate system or a FIPS-certified card for each web server, but the BIG-IP system’s key management framework allows a highly scalable secure infrastructure that can handle higher traffic levels. Organizations can also easily add new services to the infrastructure.
• Secure resources—F5 solutions safeguard the integrity of businesses by keeping corporate resources safe and protecting corporate brands.

FIPS Integration Support in the Public Cloud

• AWS CloudHSM – With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. BIG-IP v14.1.0 and AWS versions 1.0.18 and 1.1.0.
• Equinix SmartKey – HSM-grade security in an easy-to-use cloud service with built-in encryption and tokenization, and FIPS 140-2 Level 3 certification. BIG-IP v14.1.0 and SmartKey client version 2.9.804.

F5 FIPS Cryptographic Modules

Integrated Cryptographic Modules

External Cryptographic Modules

Historical FIPS

FIPS certificates have a lifespan and when they are sunset are moved to a historical FIPS list. To find the certificate, go to the CMVP Validated Module search page and perform an Advanced search with “Validation Status” = “Historical”.

Historical FIPS: F5 FIPS Cryptographic Modules

Historical FIPS: Integrated Cryptographic Modules

DFARS 252.204-7012 / NIST SP 800-171 for Confidential Unclassified Information (CUI) is a US Department of Defense Contractor mandate as of December 2017 and is met through FIPS validated solutions covering asymmetric and symmetric crypto operations. Specific F5 FIPS platforms meet this requirement directly, or through the addition of the F5 FIPS module. See above for qualifying platforms and details.

Common Criteria for Information Technology Security Evaluation (Common Criteria, CC)

Common Criteria is an international standard (ISO 15408) for the evaluation of security properties of an IT product. This set of requirements evaluates hardware, software, firewalls, and servers. The evaluation goal is to provide a level of assurance that a device or software securely handles data and has no elements that could compromise its integrity. 

Common Criteria provides assurance to the U.S. Department of Defense and federal intelligence agencies that products they purchase follow presidential requirements for operating secure information systems. Other federal agencies and some financial enterprises find it significantly easier to buy Common Criteria-approved products for their sensitive deployments. F5 has achieved certifications against the Network Device Collaborative Protection Profile and Stateful Traffic Filtering Firewall and SSL / TLC Inspection Proxy Protection Profile Modules, as well as EAL 2+ and EAL 4+ certifications. See chart and links below for details

Common Criteria Certification

Archived Common Criteria

Commercial Solutions for Classified (CSfC)

CSfC is a National Security Agency / Central Security Service (NSA/CSS) program to enable commercial products to be used in layered solutions protecting classified National Security Systems (NSS) data. There are two parts to this program: vendors apply to have their products listed on one or more of the components lists; and then integrators can choose from products on those lists to create solutions. All listed components must have both Common Criteria Certification and FIPS validation for the product to be listed on the component list. See the table below for F5 listings.

Department of Defense Information Network Approved Product List

The US Department of Defense DoDIN APL is a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) certification. DoDIN APL certifications verify the system complies with and is configured consistent with the DISA Field Security Office (FSO) Security Technical Implementation Guides (STIG). See the table below for F5 listings.

For more information about the DoDIN APL process visit the DoDIN APL Testing and Certification Website.

United States Government IPv6 Conformance Certification (USGv6)

The U.S. Office of Management and Budget (OMB) declared that all federal agencies are required to use IPv6 in their networks in OMB Memorandum M-05-22. United States Government IPv6 Conformance Certification (USGv6) is a set of technical standards for the acquisition of IPv6 capable hosts, routers, and network security devices. The National Institute of Standards and Technology (NIST) created the USGv6 conformance standards to support adoption of IPv6 in the U.S. government. See the table below for F5 listings.

F5 BIG-IP is IPv6 Ready and USGv6 certified. View the announcement: F5 Receives IPv6-Ready Gold Logo and USGv6 Certifications

Joint Interoperability Test Command (JITC) Public Key Enabled (PKE)

The Joint Interoperability Test Command (JITC) of the U.S. Department of Defense Information Systems Agency (DISA) provides risk-based Test Evaluation & Certification services, tools, and environments to ensure and enable the rapid deployment of interoperable and operationally effective information technology and national security systems. Clients or servers are tested to assure they are public key enabled (PKE) and able to provide security services, such as authentication, confidentiality, non-repudiation, and access control. The JITC PKE test areas include NIST and JITC certifications, Online Certificate Status Protocol (OCSP), Certificate Revocation Lists (CRLs), and DoD Common Access Cards (CAC).

F5 BIG-IP is certified by the Department of Defense as PUBLIC KEY-ENABLED (PKE). View the announcement: F5 Receives Joint Interoperability Test Command (JITC) Certification

NIST 800-53

Die NIST-Sonderveröffentlichung 800-53, Sicherheits- und Datenschutzkontrollen für US-Bundesinformationssysteme und Organisationen, ist ein zentraler Standard, der definiert, wie die Informationssicherheit und das Risikomanagement innerhalb der US-Bundesregierung anzugehen sind. Dieser Standard wurde von NIST, DoD, der Intelligence Community und dem Committee on National Security Systems entwickelt und liefert Anweisungen zu kontinuierlicher Überwachung und FISMA-Anforderungen. Er unterstützt auch einen risikobasierten Ansatz zum Schutz von kritischen Projekten und Geschäftsfunktionen.

F5 hat dieses mehr als 240 Seiten lange Dokument in einer F5 iApp für NIST 800-53 Rev 4 zusammengefasst. DieiAppbietet mehrere Seiten mit relevanten Fragen und Aufgaben, die den Administrator bei der Anwendung der relevanten Sicherheitskontrollen auf seinem BIG-IP-Gerät unterstützen. Unternehmen profitieren somit von immensen Zeit- und Ressourceneinsparungen.

Wenn Ihre Behörde das DIACAP-Verfahren verbessernmöchteoder nach Möglichkeiten sucht, um den FISMA-Anforderungen zu entsprechen, trägt die iApp für NIST 800-53 Rev 4 von F5 dazu bei, sicherzustellen, dass die korrekten Konfigurationseinstellungen auf dem BIG-IP-Gerät geprüft und eingestellt werden.

Weitere Informationen zur Verwendung der F5 iApp-Vorlage

F5 FIPS Cryptographic Modules

F5 OS