Tetrate Enterprise Gateway for Envoy—the cloud-native service gateway—has reached 1.0!

Learn more › close
Tetrate Enterprise ready service mesh

FIPS-Verified Istio and Envoy

Accelerate your FedRAMP approval process and meet compliance standards including HIPAA, PCI DSS and GDPR

Microservices Architecture

FIPS-Compliant Solutions

At Tetrate, we’re proud to offer FIPS-compliant solutions that meet the highest standards for security and encryption. Whether you are looking to improve your security posture with a Zero Trust Architecture (ZTA), comply with U.S. government Executive Orders, or implement FIPS 140-2 validated modules for encrypting data in transit, Tetrate offers a FIPS-verified distribution of Istio and Envoy.

Tetrate Istio Subscription

Tetrate Istio Subscription delivers the confidence and compliance you need to run Istio and Envoy in highly regulated, production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS verified and meets the requirements of organizations seeking FedRAMP authorization.

Visibility and Insight

FIPS-Verified Builds

FIPS-verified Istio and Envoy builds using FIPS-validated open source crypto (Google BoringCrypto) suitable for FedRAMP.

App dev experience for microservices on AWS

CVE Patches

SLAs for vulnerability patches (CVEs) in Tetrate Istio Distro.

Adaptability in Business

100% Upstream

Fully upstream builds of FIPS-compliant Istio for ARM64 and AMD64.

Online Ticketing System


Long-term production Istio support and services for the 4 most recent versions of Istio—twice that of the Istio community project.


Cloud services used by the federal government typically need FedRAMP approval for authority to operate. To get that approval, they must comply with the Federal Information Processing Standards (FIPS). For cryptography, this means that if you’re a U.S. government agency or a vendor or contractor supplying the government, you must use FIPS 140-2 compliant modules wherever encryption is required. If you want to use Istio or Envoy in those systems, you can’t use the stock community builds of Istio and Envoy, since they don’t use FIPS-compliant

cryptography modules and are thus not suitable for a FedRAMP environment.

For more information, read our primer for Zero Trust and FIPS for Cloud Native Applications.

What Is FIPS Validated vs Verified vs Certified

FIPS Validation


As part of Cryptographic Module Validation Program (CMVP), NIST authorizes independent labs to audit cryptographic modules submitted for review. Modules that pass this review are said to be FIPS validated. The validation status of all modules submitted to CMVP is published via a publicly searchable database.

FIPS Verification


Software that uses FIPS-validated cryptographic modules may need additional verification from an accredited testing lab that those cryptographic modules are used correctly in order to be authorized by a program like FedRAMP. Such software is said to be FIPS verified.

FIPS Certification


Certification is an industry term used to apply more generally to programs like CMVP that seek to provide provable compliance with a standard. In the context of FIPS 140, certified essentially means validated.

Take the next step

Learn how we can help you scale service mesh success across your enterprise.