Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does Splunk support FIPS 140-2

matt
Splunk Employee
Splunk Employee
‎01-12-2011 07:27 PM

Is splunk FIPS 140-2 compliant?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎10-16-2013 12:35 PM

Splunk Enterprise 6 includes an OpenSSL FIPS module; see About FIPS in the Securing Splunk manual.

Note that upgrading a non-FIPS install to FIPS is not supported by Splunk – you must decide to use FIPS when your first install the product.

View solution in original post

Reply
Solved! Jump to solution

tf_jbassford
Engager
‎11-02-2015 06:35 PM

As of version 6.3.0 of Splunk and Splunkforwarder, has Splunk Inc, gotten accreditation from NIST?

On the latest version of Splunk 6.3.0 I do see that Splunk Inc. integrated the openssl FIPS object Model for the openssl that is included with splunk, and I see that there are still statements that you cannot migrate an existing non-fips splunk to a fips-complaint splunk can someone elaborate on the details of why that migration path is NOT supported (IE: are the indexes encrypted with non fips algrorythms?, or is it just a matter of ssl cert creations that meet FIPS standards?)

0 Karma
Reply
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎10-16-2013 12:35 PM

Splunk Enterprise 6 includes an OpenSSL FIPS module; see About FIPS in the Securing Splunk manual.

Note that upgrading a non-FIPS install to FIPS is not supported by Splunk – you must decide to use FIPS when your first install the product.

View solution in original post

Reply
Solved! Jump to solution

araitz
Splunk Employee
Splunk Employee
‎01-12-2011 08:23 PM

Splunk (the software) has not been submitted for FIPS 140-2 accreditation. At this time, there are no plans that I am aware of to engage in the accreditation process.

Splunk uses OpenSSL shared libraries for all encryption, and according to openssl.org, OpenSSL will never be FIPS-140-2 validated/accredited:

http://www.openssl.org/docs/fips/fipsnotes.html

Furthermore, Splunk does not use the OpenSSL FIPS Object Model, which has been uniquely validated as FIPS-140-2 compliant. At this time, we do not anticipate moving to the OpenSSL FIPS Object Model because of compatibility and portability reasons.

Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎06-09-2014 06:08 PM

This answer was indeed correct when provided in 2011 for Splunk 4.x.

Reply
Solved! Jump to solution

dmlee
Communicator
‎05-12-2011 01:19 AM

Hi Araitz,
could you explain more detail about "we do not anticipate moving to the OpenSSL FIPS Object Model because of compatibility and portability reasons" ? thanks

0 Karma
Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!