F5 maintains an active product certification and evaluation program—aligned with government regulations—for maintaining a secure IT environment.
For BIG-IP, F5 offers several FIPS solutions to meet the most rigorous compliance requirements and architectures. For details of BIG-IP release / system validated combinations, please see the chart below.
FIPS certificates have a lifespan and when they are sunset are moved to a historical FIPS list. To find the certificate, go to the CMVP Validated Module search page and perform an Advanced search with “Validation Status” = “Historical”.
DFARS 252.204-7012 / NIST SP 800-171 for Confidential Unclassified Information (CUI) is a US Department of Defense Contractor mandate as of December 2017 and is met through FIPS validated solutions covering asymmetric and symmetric crypto operations. Specific F5 FIPS platforms meet this requirement directly, or through the addition of the F5 FIPS module. See above for qualifying platforms and details.
Common Criteria is an international standard (ISO 15408) for the evaluation of security properties of an IT product. This set of requirements evaluates hardware, software, firewalls, and servers. The evaluation goal is to provide a level of assurance that a device or software securely handles data and has no elements that could compromise its integrity.
Common Criteria provides assurance to the U.S. Department of Defense and federal intelligence agencies that products they purchase follow presidential requirements for operating secure information systems. Other federal agencies and some financial enterprises find it significantly easier to buy Common Criteria-approved products for their sensitive deployments. F5 has achieved certifications against the Network Device Collaborative Protection Profile and Stateful Traffic Filtering Firewall and SSL / TLC Inspection Proxy Protection Profile Modules, as well as EAL 2+ and EAL 4+ certifications. See chart and links below for details
CSfC is a National Security Agency / Central Security Service (NSA/CSS) program to enable commercial products to be used in layered solutions protecting classified National Security Systems (NSS) data. There are two parts to this program: vendors apply to have their products listed on one or more of the components lists; and then integrators can choose from products on those lists to create solutions. All listed components must have both Common Criteria Certification and FIPS validation for the product to be listed on the component list. See the table below for F5 listings.
The US Department of Defense DoDIN APL is a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) certification. DoDIN APL certifications verify the system complies with and is configured consistent with the DISA Field Security Office (FSO) Security Technical Implementation Guides (STIG). See the table below for F5 listings.
For more information about the DoDIN APL process visit the DoDIN APL Testing and Certification Website.
The U.S. Office of Management and Budget (OMB) declared that all federal agencies are required to use IPv6 in their networks in OMB Memorandum M-05-22. United States Government IPv6 Conformance Certification (USGv6) is a set of technical standards for the acquisition of IPv6 capable hosts, routers, and network security devices. The National Institute of Standards and Technology (NIST) created the USGv6 conformance standards to support adoption of IPv6 in the U.S. government. See the table below for F5 listings.
F5 BIG-IP is IPv6 Ready and USGv6 certified. View the announcement: F5 Receives IPv6-Ready Gold Logo and USGv6 Certifications
The Joint Interoperability Test Command (JITC) of the U.S. Department of Defense Information Systems Agency (DISA) provides risk-based Test Evaluation & Certification services, tools, and environments to ensure and enable the rapid deployment of interoperable and operationally effective information technology and national security systems. Clients or servers are tested to assure they are public key enabled (PKE) and able to provide security services, such as authentication, confidentiality, non-repudiation, and access control. The JITC PKE test areas include NIST and JITC certifications, Online Certificate Status Protocol (OCSP), Certificate Revocation Lists (CRLs), and DoD Common Access Cards (CAC).
F5 BIG-IP is certified by the Department of Defense as PUBLIC KEY-ENABLED (PKE). View the announcement: F5 Receives Joint Interoperability Test Command (JITC) Certification
NIST 특별 간행물 800-53 "연방 정보 시스템 및 조직을 위한 보안 및 개인 정보 보호 통제"는 연방 정부 내에서 정보 보안 및 위험 관리에 접근하는 방법을 정의하는 핵심 표준입니다. NIST, DoD, 인텔리전스 커뮤니티 및 국가 보안 시스템 위원회가 개발한 이 표준은 지속적인 모니터링 및 FISMA 요구 사항에 대한 지침을 제공합니다. 또한 중요한 임무 및 비즈니스 기능을 보호하기 위한 위험 기반 접근 방식을 지원합니다.
F5는 240페이지가 넘는 이 문서를 NIST 800-53 Rev 4용 F5 iApp으로 정리했습니다.iApp은관리자가 BIG-IP 장치에 관련 보안 제어를 적용하는 데 도움이 되는 여러 페이지의 관련 질문과 작업을 제공하여 조직의 관리 시간과 리소스를 절약합니다.
기관에서 DIACAP프로세스를 개선하거나FISMA를 준수하고자 한다면 F5 NIST 800-53 Rev 4 iApp이 BIG-IP에 대한 적절한 구성 설정을 검토하고 설정하는 데 도움이 될 것입니다.
아래 보고서에서는 다음 접근성 표준/지침의 준수 정도를 다룹니다.
개정된 섹션 508 에디션(VPAT® 버전 2.4 기반) – F5 BIG-IP v17.1
개정된 섹션 508 에디션(VPAT® 버전 2.4 기반) – F5 BIG-IP v15.1
개정된 섹션 508 에디션(VPAT® 버전 2.4 기반) - F5 NGINX Plus
개정된 섹션 508 에디션(VPAT® 버전 2.4 기반)- F5 NGINX Management Suite API Connectivity Manager
Service providers want assurance that their cloud-native solution is interoperable, secure and optimized for performance and efficiency. F5 and its partners will certify set-up, onboarding, integration, deployment, and life cycle management of F5 BIG-IP Next SPK and Carrier-Grade Aspen Mesh in a cloud-native environment with vendor CNFs.
To get more information on the many other certifications F5 holds, contact F5 sales.
F5 Model | BIG-IP Software Release | NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|---|
r4000 series, r5000 series including r5920-DF, r10000 series, including r10920-DF VELOS BX110/CX410 |
17.1.01 |
F5 BIG-IP Tenant Cryptographic Module |
FIPS 140-3 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
17.1.01 |
Cryptographic Module for BIG-IP |
FIPS 140-3 Level 1 (In Process) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800, i15820-DF VIPRION B2250/B4450 |
17.1.01 |
F5 Device Cryptographic Module |
FIPS 140-3 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
16.1.3.1 |
Cryptographic Module for BIG-IP |
FIPS 140-3 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800, i15820-DF VIPRION B2250/B4450 |
16.1.3.1 |
F5 Device Cryptographic Module |
FIPS 140-3 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
15.1.2.1 |
Cryptographic Module for BIG-IP |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 |
15.1.2.1 |
F5 Device Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP oni5000, i5820-DF, i7000, i7820-DF, i15800 VIPRION B2250/B4450 |
15.1.2.1 |
F5 vCMP Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
BIG-IP tenant on VELOS BX110 |
14.1.4.2 |
Cryptographic Module for BIG-IP |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
14.1.2 |
Cryptographic Module for BIG-IP |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F, i7800 |
14.1.2 |
F5 Device Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
14.1.0.3 |
Cryptographic Module for BIG-IP |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
5250v-F, 7200v-F, 10200v-F, 10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 |
14.1.0.3 |
F5 Device Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on i5000, i5820-DF, i7000, i7820-DF, i15800 VIPRION B2250/B4450 |
14.1.0.3 |
F5 vCMP Cryptographic Module |
FIPS 140-2 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
|
F5 Model | Software Release | NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|---|
VELOS BX110/CX410 |
F5OS-C 1.6.0 |
OpenSSL Cryptographic Module |
FIPS 140-3 |
|
r4000 series, r5000 series including r5920-DF, r10000 series, including r10920-DF |
F5OS-A 1.5.1 |
F5OS-A Cryptographic Module |
FIPS 140-3 Level 2 (In process) |
|
r12000 series | F5OS-A 1.7.0 | F5OS-A Cryptographic Module | FIPS 140-3 Level 2 (In process) |
The integrated HSM is FIPS-validated, but the BIG-IP systems are not themselves FIPS 140-2/3 Level 3 validated.
F5 Model Integrated Modules |
NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|
r5920-DF, r10920-DF | NITROXIII CNN35XX-NFBE HSM Family | FIPS 140-3 Level 3: 4700 |
NITROXIII is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F, i5820-DF, i7820-DF, i15820-DF | NITROXIII CNN35XX-NFBE HSM Family | FIPS 140-2 Level 3: 4263 |
NITROXIII is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
F5 Systems External Modules |
NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|
BIG-IP, VIPRION, and Virtual Edition v11.2 and above | Thales nShield Connect 500+, nShield Connect 1500+, nShield Connect 6000+ |
FIPS 140-2 FIPS 140-2 |
Not supported: DFARS 252.204-7012 / NIST SP 800-171 |
BIG-IP, VIPRION, and Virtual Edition v11.5 and above | SafeNet Luna SA 6000 | FIPS 140-2 FIPS 140-2 |
Not supported: DFARS 252.204-7012 / NIST SP 800-171 |
F5 Model | BIG-IP Software Release | NIST Validated Cryptographic Modules | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|---|
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
14.1.2 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 3596 (Replaced by 4505) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
10350v-F, i7800 |
14.1.2 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3841 (Replaced by 4465) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
14.1.0.3 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 3596 (Replaced by 4505) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
5250v-F, 7200v-F, 10200v-F, 10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 |
14.1.0.3 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3629 (Replaced by 4471) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on i5000, i5820-DF, i7000, i7820-DF, i15800 VIPRION B2250/B4450 |
14.1.0.3 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3623 (Replaced by 4477) |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
13.1.1 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 2911 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
4000, 5250v-F, 7200v-F, 10200v-F, 10350v-F i4000, i5000, i5820-DF, i7000, i7820-DF, i10800, i11800-DS, i15800 VIPRION B2250/B4450 |
13.1.1 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3450 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on VIPRION B2250/B4450 |
13.1.1 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3439 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
4000, 7000, 10350v-F i4000, i5000, i7000 VIPRION B2250/B4450 |
13.1.0 | F5 Device Cryptographic Module | FIPS 140-2 Level 2: 3142 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
vCMP on VIPRION B2250/B4450 |
13.1.0 | F5 vCMP Cryptographic Module | FIPS 140-2 Level 2: 3179 |
Supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
Virtual Edition on the following hypervisors:
Vendor Affirmation for
|
12.1.2 HF1 | Cryptographic Module for BIG-IP | FIPS 140-2 Level 1: 2911 |
DFARS 252.204-7012 / NIST SP 800-171 for CUI |
The integrated HSM is FIPS-validated, but the BIG-IP systems are not themselves FIPS 140-2/3 Level 3 validated.
F5 Model Integrated Modules |
NIST Validated Cryptographic Module(s) | Consolidated Validation Certificate(s) | Additional Notes |
---|---|---|---|
10350v-F, i5820-DF, i7820-DF, i15820-DF | NITROXIII CNN35XX-NFBE-G HSM Family | FIPS 140-2 Level 3: 4263 |
NITROXIII is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
5250v-F, 7200v-F, 10200v-F | NITROX XL CN16XX-NFBE HSM Family | FIPS 140-2 Level 3: 1369 |
NITROX XL is FIPS-inside Partially supported: DFARS 252.204-7012 / NIST SP 800-171 for CUI |
BIG-IP 6900F, 8900F | Integrated Module: Cavium Nitrox XL CN1520-VBD-04-0201 |
FIPS 140-2 Level 2: 1360 Level 3: 1361 |
F5 Model | Software Release | Certification Information | Security Target |
---|---|---|---|
r4000 series, r5000 series including r5920-DF, r10000 series, including r10920-DF, r12000 series
VELOS BX110/CX410
i4000 series, i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series including i15820-DF VIPRION B2250/B4450 BIG-IP Virtual Edition on the following hypervisors:
|
17.1.0.1 LTM+AFM |
(In process) |
Collaborative Protection Profile for Network Devices v2.2e PP Module for Stateful Traffic Filter Firewalls Version 1.4e |
r4000 series, r5000 series including r5920-DF, r10000 series, including r10920-DF, r12000 series
VELOS BX110/CX410
i4000 series, i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series including i15820-DF VIPRION B2250/B4450 BIG-IP Virtual Edition on the following hypervisors:
|
17.1.0.1 LTM+APM |
(In Process) |
Collaborative Protection Profile for Network Devices v2.2e |
r4000 series, r5000 series including r5920-DF, r10000 series, including r10920-DF, r12000 series
VELOS BX110/CX410
i4000 series, i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series including i15820-DF VIPRION B2250/B4450 |
17.1.0.1 SSL Orchestrator |
(In Process) |
Collaborative Protection Profile for Network Devices v2.2e PP-Module for SSL/TLS Inspection Proxy v1.1 |
i4000 series, i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series including i15820-DF VIPRION B2250/B4450 vCMP BIG-IP Virtual Edition on the following hypervisors: • VMware ESXi 6.5.0 • Hyper-V version 10.0 on Windows Server 2019 • KVM on Centos 7 |
16.1.3.1 LTM+AFM |
|
Collaborative Protection Profile for Network Devices v2.2e PP Module for Stateful Traffic Filter Firewalls Version 1.4e |
i4000 series, i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series including i15820-DF VIPRION B2250/B4450 vCMP BIG-IP Virtual Edition on the following hypervisors:
|
16.1.3.1 LTM+APM |
Collaborative Protection Profile for Network Devices v2.2e |
|
i4000 series, i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series including i15820-DF VIPRION B2250/B4450 vCMP |
16.1.3.1 SSL Orchestrator |
Collaborative Protection Profile for Network Devices v2.2e PP-Module for SSL/TLS Inspection Proxy v1.1 |
F5 Model | Software Release | Certification Information | Security Target |
---|---|---|---|
10350v-F i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series VIPRION B2250/B4450 vCMP BIG-IP Virtual Edition on the following hypervisors:
KVM on Centos 7 |
15.1.2.1 LTM+AFM | Collaborative Protection Profile for Network Devices v2.e PP Module for Stateful Traffic Filter Firewalls Version 1.4e2 |
|
10350v-F i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series VIPRION B2250/B4450 vCMP BIG-IP Virtual Edition on the following hypervisors:
KVM on Centos 7 |
15.1.2.1 LTM+APM | CSEC2020016 NIAP PCL |
Collaborative Protection Profile for Network Devices v2e |
BIG-IP tenant on VELOS BX110 | 14.1.4.2 LTM+AFM | Collaborative Protection Profile for Network Devices v2.2e PP Module for Stateful Traffic Filter Firewalls Version 1.4e |
|
BIG-IP tenant on VELOS BX110 | 14.1.4.2 LTM+APM | CSEC2020025 NIAP PCL |
Collaborative Protection Profile for Network Devices v2.2e |
BIG-IP Virtual Edition on the following hypervisors:
KVM on Centos 7 |
14.1.2 LTM+AFM | Collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 2.0e | |
BIG-IP Virtual Edition on the following hypervisors: • VMware ESXi 6.5.0 • Hyper-V version 10.0 on Windows Server 2019 KVM on Centos 7 |
14.1.2 LTM+APM | Collaborative Protection Profile for Network Devices Version 2.1 | |
10350v-F i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series VIPRION B2250/B4450 vCMP |
14.1.0.3 LTM+AFM | Collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 2.0e | |
10350v-F i5000 series including i5820-DF, i7000 series including i7820-DF, i10000-series, i11000-series, i15000-series VIPRION B2250/B4450 vCMP |
14.1.0.3 LTM+APM |
|
Collaborative Protection Profile for Network Devices v2.1 |
10350v-F i5000-series, i7000-series, i10000-series, i11000-series, i15000-series VIPRION B2250/B4450 vCMP |
13.1.1 LTM+AFM |
Collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 2.0e |
|
10350v-F i5000-series, i7000-series, i10000-series, i11000-series, i15000-series VIPRION B2250/B4450 vCMP |
13.1.1 LTM+APM |
Collaborative Protection Profile for Network Devices Version 2.0e | |
10350v-F i5000-series, i7000-series VIPRION B2250/B4450 vCMP |
12.1.3.4 LTM+AFM |
Collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 1.0 | |
10350v-F i5000-series, i7000-series VIPRION B2250/B4450 vCMP |
12.1.3.4 LTM+APM | Collaborative Protection Profile for Network Devices Version 1.0 | |
BIG-IP | 11.5.1 ADF-Base (LTM+AFM) | BSI-DSZ-CC-0856-2017 EAL4+ |
Based on the NIAP Protection profile for Network Devices Version 1.1 and Network Device Protection Profile Extended Package Stateful Traffic Filter Firewall Version 1.0 |
BIG-IP | 11.5.1 ADC-AP (LTM+APM) | BSI-DSZ-CC-0975-2018 EAL4+ |
Based on the NIAP Protection profile for Network Devices Version 1.1 |
BIG-IP 6900, 8900, 11050 | 10.2.2 LTM + ACA+ PSM | NIAP Common Criteria Certificate EAL 2+ | F5 Networks BIG-IP Local Traffic Manager Security Target |
F5 Product | Component Listing |
---|---|
BIG-IP 15.1.2.1 | Traffic Filtering Firewall TLS Protected Servers |
BIG-IP 14.1.2 | Traffic Filtering Firewall TLS Protected Servers |
BIG-IP 14.1.0.3 | Traffic Filtering Firewall TLS Protected Servers |
BIG-IP 13.1.1 | Traffic Filtering Firewall |
BIG-IP 12.1 LTM+AFM | Traffic Filtering Firewall |
F5 플랫폼 | 제품 버전 | 인증 정보 |
---|---|---|
BIG-IP i 시리즈 | 14.1.0.3 | 로고 ID: 02-C-001985 |
BIG-IP Virtual Edition | 13.1.3 빌드 4 | 로고 ID: 02-C-001912 |
VIPRION B2250 | 13.1.1 빌드 4 | 로고 ID: 02-C-001900 |
BIG-IP i10000 시리즈 | 13.1.1 빌드 4 | 로고 ID: 02-C-001799 |
BIG-IP | 12.1.0 빌드 0.0.1434 | Gold Logo ID: 02-C-001578 |
BIG-IP | 12.1.0 빌드 0.0.1434 | Gold Logo ID: 02-C-001514 |
BIG-IP | 11.6.0 HF6 빌드 0.442 | 로고 ID: 02-C-001463 |
BIG-IP | 11.5.2 빌드 141.0 | 로고 ID: 02-C-001426 |
BIG-IP | 11.4.1 빌드 635.0 | 로고 ID: 02-C-001282 |
BIG-IP 10000 시리즈 | 11.3.0 빌드 3248.0 | Gold Logo ID: 02-C-001106 |
BIG-IP 10000 시리즈, VIPRION B4300 시리즈 | 11.3.0 및 모든 이후 버전 | USGv6 UNH-IOL 결과 |
BIG-IP 10000 시리즈 | 11.3, 12.1 | IPv6 Gold Phase-2 Gold Logo ID #02-C-001106 |