FIPS compliance roadmap

In short: Yes. Sophos is preparing the necessary steps to get a FIPS compliance certification. Stay tuned, as this process is also depending on external factors.

Is there any update?  it appears that V20 MR 1 has been released, and a number of different places it was mentioned that V20 MR 1 was being targeted for FIPS certification, but there is no mention of FIPS compliance in the notes, and no update on this roadmap.   Sophos Firewall v20 MR1 released n May 15, 2024, which was actually several days before this original post. 

SFOS is using a FIPS certified module (since v20 MR1) https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4724.pdf (SFOS v20 is a tested platform of this module). Sophos will be pursuing its own FIPS certification based on this module once the CMVP allows that to happen. We expect this to be allowed in near future. 

SFOS is using a FIPS certified module (since v20 MR1) https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4724.pdf (SFOS v20 is a tested platform of this module). Sophos will be pursuing its own FIPS certification based on this module once the CMVP allows that to happen. We expect this to be allowed in near future.