The Federal Information Processing Standard (FIPS) 140-2 is a federal standard defined by the National Institute of Standards and Technology. It specifies the security requirements that must be satisfied by a cryptographic module. The FIPS Kong Gateway package is FIPS 140-2 compliant. Compliance means that Kong Gateway only uses FIPS 140-2 approved algorithms while running in FIPS mode, but the product has not been submitted to a NIST testing lab for validation.
Kong Gateway Enterprise provides a FIPS 140-2 compliant package for Ubuntu 20.04v3.1+, Ubuntu 22.04, Red Hat Enterprise 9v3.4+, and Red Hat Enterprise 8v3.1+. This package provides compliance for the core Kong Gateway product and all out of the box plugins. For more information, see the Kong Gateway install page.
The package uses the OpenSSL FIPS 3.0 module OpenSSL to provide FIPS 140-2 validated cryptographic operations.
Note: In Kong Gateway 3.9.x or earlier, FIPS is not supported when running Kong Gateway Enterprise in free mode.