Do people still need to build the FIPS version of binaries/images with COMPLIANCE_POLICY: 1-140-2? #50599
qudongfang
started this conversation in
General
Replies: 1 comment
-
Yes, people will still need to. The source of truth for all this is CMVP 4407. The short version is that for Istio to be FIPS compliant, two things are needed: the first is only to use TLS 1.2, and the second is to make sure that the build pipeline is configured according to the steps outlined in the security policy so that the BoringCrypto module is used correctly. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Regarding
Can you help to clarify if people still need to build the FIPS version of binaries/images with COMPLIANCE_POLICY: 1-140-2?
cc @kyessenov
Beta Was this translation helpful? Give feedback.
All reactions