FIPS compliance roadmap

Question

I have been out of compliance since version 18 are there plans to re-enable fips compliance in the coming firmware updates?

LuCar Toni · Answer

In short: Yes. Sophos is preparing the necessary steps to get a FIPS compliance certification. Stay tuned, as this process is also depending on external factors.

SPandya · Answer

SFOS is using a FIPS certified module (since v20 MR1) https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4724.pdf (SFOS v20 is a tested platform of this module). Sophos will be pursuing its own FIPS certification based on this module once the CMVP allows that to happen. We expect this to be allowed in near future.

FIPS compliance roadmap

Top Replies