Updated Date: August 15, 2017
F5 maintains an active product certification and evaluation program aligned with government regulations for maintaining a secure IT environment.
F5 BIG-IP appliances support a FIPS 140-2 Level 2 implementation for cryptopgraphic key generation and protection. This security rating means that once sensitive data is imported into a BIG-IP system hardware security module (HSM), the system uses cryptographic techniques to ensure the data is not extractable in a plain-text format. BIG-IP hardware appliances with integrated HSMs also have tamper-evident seals with a hardened-epoxy cover that, if removed, will render the card useless. For additional protection, the BIG-IP 10350v-F supports a FIPS 140-2 Level 3 implementation of the Internal HSM (PCI card). This security rating means that the 10350v-F HSM card adds tamper-resistance, which is an additional means of detection to the tamper-evident methods of Level 2, as well as a response to physical access attempts, or to cryptographic module use or tampering. In addition, for customers who only require a FIPS 140-2 Level 1 solution, F5 offers the BIG-IP Virtual Edition (VE) which incorporates a NIST-certified software-based cryptographic module. F5 offers software, integrated, and external FIPS solutions. Please see the chart below.
F5 BIG-IP 6900F and 8900F, while FIPS 140-2 compliant, cannot support a necessary firmware upgrade to their HSM, and therefore, have been moved to a historical FIPS list.
Key benefits of using F5 FIPS-compliant solutions:
Common Criteria is an international standard (ISO 15408) for the evaluation of security properties of an IT product. This set of requirements evaluates hardware, software, firewalls, and servers. The evaluation goal is to provide a level of assurance that a device or software securely handles data, and has no elements that could compromise its integrity. Each Evaluation Assurance Level (EAL) requires progressively more detailed information about the design and testing of the device or software under evaluation. (Please note that the EAL classification system is being replaced by collaborative Protection Profiles, which have been designed for specific technologies and specify the requirements claimed in the Security Target, as well as assurance activities for those requirements.)
Common Criteria provides assurance to the U.S. Department of Defense and federal intelligence agencies that products they purchase follow presidential requirements for operating secure information systems. Other federal agencies and some financial enterprises find it significantly easier to buy Common Criteria-approved products for their sensitive deployments. F5 has achieved the EAL 2+ certification, and the EAL 4+ certification is in process. See chart and links below for details.
The U.S. Office of Management and Budget (OMB) declared that all federal agencies are required to use IPv6 in their networks in OMB Memorandum M-05-22. United States Government IPv6 Conformance Certification (USGv6) is a set of technical standards for the acquisition of IPv6 capable hosts, routers, and network security devices The National Institute of Standards and Technology (NIST) created the USGv6 conformance standards to support adoption of IPv6 in the U.S. government.
F5 BIG-IP is IPv6 Ready and USGv6 certified. View the announcement: F5 Receives IPv6-Ready Gold Logo and USGv6 Certifications
The Joint Interoperability Test Command (JITC) of the U.S. Department of Defense Information Systems Agency (DISA) provides risk-based Test Evaluation & Certification services, tools, and environments to ensure and enable the rapid deployment of interoperable and operationally effective information technology and national security systems. Clients or servers are tested to assure they are public key enabled (PKE) and able to provide security services, such as authentication, confidentiality, non-repudiation and access control. The JITC PKE test areas include NIST and JITC certifications, Online Certificate Status Protocol (OCSP), Certificate Revocation Lists (CRLs), and DoD Common Access Cards.
F5 BIG-IP is certified by the Department of Defense as PUBLIC KEY-ENABLED (PKE). View the announcement: F5 Receives Joint Interoperability Test Command (JITC) Certification
NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, is a core standard defining how to approach information security and risk management within the federal government. Developed by NIST, DoD, the Intelligence Community, and the Committee on National Security Systems, this standard provides guidance on continuous monitoring and FISMA requirements. It also supports a risk-based approach to protecting critical missions and business functions.
F5 has distilled this 240-plus page document into an F5 iApp for NIST 800-53. The iApp provides several pages of relevant questions and tasks to assist the administrator in applying the relevant security controls on their BIG-IP device, saving organizations hours of management time and resources.
If your agency is looking to improve the DIACAP process, or looking to comply with FISMA, then the F5 NIST 800-53 iApp will help ensure the proper configuration settings on the BIG-IP are reviewed and set.
Learn more about using the F5 iApp Template
The US Department of Defense (DoD) UC APL is a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) certification. UC APL certifications verify the system complies with and is configured consistent with the DISA Field Security Office (FSO) Security Technical Implementation Guides (STIG).
For more information about the UC APL process visit the UCCO Website.
To get more information on the many other certifications F5 holds, contact F5 sales.