Cyberattacks are on the rise and it’s more critical than ever to have technology in place that can protect systems and data. U.S. government departments are required to do so and must follow Federal Information Processing Standards (FIPS), which establishes standards for devices that handle unclassified, sensitive government data. FIPS-validated products are tested by an independent lab and ensure adherence to standards for document processing, authentication, and encryption.
There are four levels of validation that cover a broad range of security requirements for cryptographic modules used in various applications and deployments.
Certified/Validated Solutions
Citrix offers a powerful line of FIPS-certified ADC products, with the latest MPX 8900 FIPS and MPX 15000-50G FIPS technology, to help government entities meet these requirements with ease.
Unlike competing products, Citrix’s FIPS-certified appliances don’t use a third-party hardware security module (HSM) and can offer performance on par with their non-FIPS ADC counterparts, the MPX 8900 and MPX 15000-50G platforms. They also come with the Intel Coleto SSL chip, which can efficiently process SSL workloads and have FIPS requirements built into the system.
Among the currently available certified options:
- MPX 8900 FIPS series, with multiple models ranging from 5 to 20 Gbps throughput
- MPX 15000-50G FIPS series, with multiple models ranging from 30 to 120 Gbps throughput for hardware and the VPX FIPS series for virtualized application delivery solutions.
Citrix Solution | Certification Status | Supported Firmware |
Citrix ADC VPX – FIPS 140-2 Level 1 | Complete – Certificate #3732 | 12.1-FIPS |
Citrix ADC MPX 8900 FIPS – FIPS 140-2 Level 2 | Complete – Certificate #4043 | 12.1-FIPS |
Citrix ADC MPX 15000-50G FIPS – FIPS 140-2 Level 2 | Complete – Certificate #4043 | 12.1-FIPS |
A third-party laboratory has tested these appliances for FIPS 140-2 security requirements, and they have been validated by the National Institute of Standards and Technology (NIST).
Compliance through External Hardware Security Modules (HSM)
FIPS compliance can also be achieved when integrating a Citrix ADC with the following FIPS-certified external HSMs:
Thales Luna HSM
For deployments where the Citrix ADCs need to interface with an external HSM for FIPS compliant cryptographic operations, integration with Thales Luna HSMs is available across several ADC products. A Thales Luna HSM (up to FIPS 140-2 Level 3) is designed to protect critical cryptographic keys and to accelerate sensitive cryptographic operations across a wide range of security applications.
Azure Key Vault
For cloud deployments, the Citrix ADC appliance integrates with Azure Key Vault. The appliance stores its private keys in the Key Vault for ease of management and security of the private key in the public cloud domain. Keys do not have to be stored and managed in different locations for ADC appliances deployed across multiple datacenters and cloud providers. Support for Azure Key Vault integration is available from Citrix ADC 13.0 software release onward.
Get Started Today
To try or buy a FIPS-certified Citrix ADC product, contact Citrix sales. For more information on Citrix ADC FIPS-certified products or Citrix ADC solutions, please refer to the Citrix ADC product documentation and check out our FAQs.