Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions FIPS compliance roadmap

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 3 replies
Answers 2 answers
Subscribers 42 subscribers
Views 1251 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FIPS compliance roadmap

Matt Mentele 5 months ago

I have been out of compliance since version 18 are there plans to re-enable fips compliance in the coming firmware updates?

This thread was automatically locked due to age.

Top Replies

LuCar Toni 5 months ago +3 suggested

In short: Yes. Sophos is preparing the necessary steps to get a FIPS compliance certification. Stay tuned, as this process is also depending on external factors.

Parents

0 LuCar Toni 5 months ago

In short: Yes. Sophos is preparing the necessary steps to get a FIPS compliance certification. Stay tuned, as this process is also depending on external factors.

__________________________________________________________________________________________________________________
Cancel
Vote Up +3 Vote Down

Cancel

Reply

0 LuCar Toni 5 months ago

In short: Yes. Sophos is preparing the necessary steps to get a FIPS compliance certification. Stay tuned, as this process is also depending on external factors.

__________________________________________________________________________________________________________________
Cancel
Vote Up +3 Vote Down

Cancel

Children

0 James Franks 3 months ago in reply to LuCar Toni

Is there any update? it appears that V20 MR 1 has been released, and a number of different places it was mentioned that V20 MR 1 was being targeted for FIPS certification, but there is no mention of FIPS compliance in the notes, and no update on this roadmap. Sophos Firewall v20 MR1 released n May 15, 2024, which was actually several days before this original post.
Cancel
Vote Up 0 Vote Down

Cancel
0 SPandya 3 months ago in reply to James Franks

SFOS is using a FIPS certified module (since v20 MR1) https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4724.pdf (SFOS v20 is a tested platform of this module). Sophos will be pursuing its own FIPS certification based on this module once the CMVP allows that to happen. We expect this to be allowed in near future.
Cancel
Vote Up 0 Vote Down

Cancel