VMware NSX Achieves FIPS 140-2 Validation

Co-authored with Rajiv Prithvi, Product Manager Networking and Security Business Unit at VMware

During VMworld US 2019, we announced several new transformative capabilities in VMware NSX-T 2.5 release which is now shipping! The release strengthens the NSX platform’s intrinsic security, multi-cloud, container, and operational capabilities.

We also announced the successful FIPS 140-2 validation of NSX-T 2.5. FIPS compliance is mandatory for US federal agencies and has also been widely adopted in non-governmental sectors (e.g. financial services, utilities, healthcare). FIPS-140-2 establishes the integrity of cryptographic modules in use through validation testing done by NIST and CSE. With this validation, we further deliver on our confidentiality, integrity and availability objectives and provide our customers with a robust networking and security virtualization platform.

Compliance-Based Configuration with NSX-T 2.5

NSX-T 2.5 is configured to operate in FIPS mode by default. Any exceptions or deviations from established compliance norms are identified in a compliance report which can be used to review and configure your NSX-T Data Center environment to meet your IT policies and industry standards. Compliance configuration errors can be retrieved from the compliance report using NSX Manager UI or APIs.

A sample FIPS compliance report is shown below.

Exceptions and violations identified in the report help you configure NSX-T by feature or as a whole to operate in FIPS compliant mode. For example, in the compliance report shown above, the load-balancer module is called out as non-compliant as per FIPS requirements. You can then use the description and documented remediation steps to enable the global FIPS setting for the load-balancer to operate in FIPS compliant mode.

­See Compliance Status Report Codes for a detailed description of the various FIPS non-compliance codes and the corresponding suggested remediation steps.

Summary

Implementing FIPS validated encryption algorithms helps organizations in regulated industries and achieve compliance by ensuring that the cryptographic modules used meet well-defined security standards. With the completion of FIPS 140-2 validation for NSX Data Center, we’re excited that our customers can now take full advantage of the security and ease-of-use of the NSX platform while ensuring their applications are available, optimized, and protected.

You can learn more about FIPS 140-2 validation of NSX-T 2.5 using the following resources:

VMware NSX-T Compliance Resources

• Compliance-Based Configuration with NSX-T Data Center 2.5
• Cryptographic modules that VMware has validated against the FIPS 140-2 standard

NIST Resources

• NIST Cryptographic Module Validation Program
• NIST Security Requirements for Cryptographic Modules

Other NSX-T Resources

• NSX-T 2.5 Download page, Release notes, Documentation
• Get started with a Beginner or Advanced NSX Hands-On-Lab (HOL)
• VMware product page, customer stories, and technical resources
• VMware NSX YouTube Channel, including 40+ Light Board videos!
• Contact your VMware sales representative for an overview and demonstration of NSX-T