I have been out of compliance since version 18 are there plans to re-enable fips compliance in the coming firmware updates?
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
I have been out of compliance since version 18 are there plans to re-enable fips compliance in the coming firmware updates?
In short: Yes. Sophos is preparing the necessary steps to get a FIPS compliance certification. Stay tuned, as this process is also depending on external factors.
__________________________________________________________________________________________________________________
Is there any update? it appears that V20 MR 1 has been released, and a number of different places it was mentioned that V20 MR 1 was being targeted for FIPS certification, but there is no mention of FIPS compliance in the notes, and no update on this roadmap. Sophos Firewall v20 MR1 released n May 15, 2024, which was actually several days before this original post.
SFOS is using a FIPS certified module (since v20 MR1) https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4724.pdf (SFOS v20 is a tested platform of this module). Sophos will be pursuing its own FIPS certification based on this module once the CMVP allows that to happen. We expect this to be allowed in near future.
SFOS is using a FIPS certified module (since v20 MR1) https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4724.pdf (SFOS v20 is a tested platform of this module). Sophos will be pursuing its own FIPS certification based on this module once the CMVP allows that to happen. We expect this to be allowed in near future.