FIPS Compliance and Confluent Cloud for Government¶
The Federal Information Processing Standard (FIPS) 140-2 defines the security requirements for cryptography used in the US Federal Government systems. For clients, FIPS compliance means the client is using a FIPS-validated cryptographic provider for all cryptographic operations.
Confluent Cloud for Government supported FIPS-compliant clients¶
Confluent Cloud for Government supports the same clients that commercial Confluent Cloud supports, but Confluent Cloud for Government has tested the following clients for FIPS compliance:
FIPS-compliant environments¶
Validate clients in a FIPS-compliant environment. Use a Security Technical Implementation Guides (STIGs) to configure a FIPS-compliant environment. STIGs are the configuration standards created by the Defense Information Systems Agency (DISA) to secure information systems and software. Below are recommendations for streamlined approaches to creating an environment for different operating systems.
- Windows
- Amazon offers Windows Server EC2 images you can use to create a FIPS compliant environment. STIG Hardened AMIs are available in all public AWS and GovCloud Regions. For more information, see STIG Hardened Amazon EC2 Windows Server AMIs.
- Linux
- Red Hat Enterprise Linux version 8 (RHEL 8) includes a DISA STIG security profile you can select when installing RHEL 8. For more information, see Guide to the Secure Configuration of Red Hat Enterprise Linux 8 and rhel8-stig-latest.
FIPS and Confluent Platform¶
While Confluent Platform is not FIPS-certified, you can run it in FIPS-enabled mode for FIPS-compliant cipher enforcement at the Kafka broker level. For more information, see Confluent Platform FIPS 140-2.
Use Confluent for Kubernetes and Ansible Playbooks for Confluent Platform to configure Confluent Platform in FIPS-enabled mode. For more information, see Security Compliance in Confluent for Kubernetes and Configure Encryption for Confluent Platform with Ansible Playbooks.