Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Does Splunk support FIPS 140-2

matt
Splunk Employee
Splunk Employee
‎01-12-2011 07:27 PM

Is splunk FIPS 140-2 compliant?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎10-16-2013 12:35 PM

Splunk Enterprise 6 includes an OpenSSL FIPS module; see About FIPS in the Securing Splunk manual.

Note that upgrading a non-FIPS install to FIPS is not supported by Splunk – you must decide to use FIPS when your first install the product.

View solution in original post

Reply
Solved! Jump to solution

tf_jbassford
Engager
‎11-02-2015 06:35 PM

As of version 6.3.0 of Splunk and Splunkforwarder, has Splunk Inc, gotten accreditation from NIST?

On the latest version of Splunk 6.3.0 I do see that Splunk Inc. integrated the openssl FIPS object Model for the openssl that is included with splunk, and I see that there are still statements that you cannot migrate an existing non-fips splunk to a fips-complaint splunk can someone elaborate on the details of why that migration path is NOT supported (IE: are the indexes encrypted with non fips algrorythms?, or is it just a matter of ssl cert creations that meet FIPS standards?)

0 Karma
Reply
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎10-16-2013 12:35 PM

Splunk Enterprise 6 includes an OpenSSL FIPS module; see About FIPS in the Securing Splunk manual.

Note that upgrading a non-FIPS install to FIPS is not supported by Splunk – you must decide to use FIPS when your first install the product.

Reply
Solved! Jump to solution

araitz
Splunk Employee
Splunk Employee
‎01-12-2011 08:23 PM

Splunk (the software) has not been submitted for FIPS 140-2 accreditation. At this time, there are no plans that I am aware of to engage in the accreditation process.

Splunk uses OpenSSL shared libraries for all encryption, and according to openssl.org, OpenSSL will never be FIPS-140-2 validated/accredited:

http://www.openssl.org/docs/fips/fipsnotes.html

Furthermore, Splunk does not use the OpenSSL FIPS Object Model, which has been uniquely validated as FIPS-140-2 compliant. At this time, we do not anticipate moving to the OpenSSL FIPS Object Model because of compatibility and portability reasons.

Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎06-09-2014 06:08 PM

This answer was indeed correct when provided in 2011 for Splunk 4.x.

Reply
Solved! Jump to solution

dmlee
Communicator
‎05-12-2011 01:19 AM

Hi Araitz,
could you explain more detail about "we do not anticipate moving to the OpenSSL FIPS Object Model because of compatibility and portability reasons" ? thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...