Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

Check Point VPN encprytion and FIPS 140-2

Hi,

Is the Endpoint Security, SSLVPN (TLS 1.2)  or IPSEC tunnel traffic (AES-256, SHA256, Group 2) considered FIPS 140-2 validated encryption?   If its not called FIPS 140-2 validated encryption what is it called?  Non-validated encryption/basic encryption/encryption?  Our security auditors want to know.

side point:  It would be nice to be able to print out crypto-maps like CISCO for VPN configs or something else that's graphical and sums up VPN encryption/access or both.

 

This is the official request:

Encryption configuration for remote access. If FIPS 140-2 validated encryption is being used please demonstrate the cryptographic module was configured in accordance with the CMVP security policy.

3 Replies
Highlighted
Collaborator

Are the auditors asking if Checkpoint is using a validated cryptographic module that needs to be listed here?: https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules

If so....Then as long as you are running R77.30 https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2995

Highlighted
Admin
Admin

There’s also the client side of this: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2788
I assume we are working on getting a more recent version of the modules certified but they aren’t substantially different from what’s in these releases.

Highlighted
Collaborator

FISMA auditors are here & they say

That CMVP cert says “When operated in FIPD mode” in the Caveat section.  So there is a switch.  Can you check it to find out its status?

Normally, there would be a way to initiate FIPS mode for FIPS capable products. If there is a way to initiate FIPS mode, is that being used?

-Show that the VPN is running in FIPS mode or using FIPS-validated cryptography for data in transit.  I believe currently we only have a screenshot showing that TLS 1.2 and higher is being used.

-Show how a user’s VPN connection would be disconnected by an administrator.