Quick Guide

Primer on Zero Trust and FIPS for Cloud Native Applications

by Tetrate

Download your free copy

Encryption is critical to security for cloud native applications. In order to be authorized for use by the US government—and increasingly private industry, as well—the software modules that perform that encryption must adhere to the Federal Information Processing Standards (FIPS) established by the National Institute of Standards and Technology (NIST) and be validated by the Cryptographic Module Validation Program (CMVP).

FIPS-Verified Istio and Envoy

Since the stock builds of Istio and Envoy aren’t FIPS verified for use in federal authorization programs like FedRAMP, organizations looking to run Istio in those environments need a FIPS compliant solution. That’s where Tetrate Istio Distro (TID) comes in. Tetrate Istio Distro is Tetrate’s hardened, performant, and fully upstream Istio distribution. It is also the first distribution of Istio to be FIPS verified for use in FedRAMP environments.

Download Tetrate’s Primer on Zero Trust and FIPS for Cloud Native Applications to quickly get up to speed on what you need to know to run FIPS-verified Istio and Envoy.

Executive Summary

  • Enterprise information security architecture has become increasingly important as information systems have evolved into critical business assets.
  • Zero trust network architecture is emerging as a preferred approach for enterprises to secure both their traditional and modern, cloud-native applications. A key component of zero trust architecture is encryption in transit.
  • The Istio service mesh acts as a security kernel for distributed applications and serves as the foundation of a zero trust architecture, including providing comprehensive encryption in transit between system components.
  • Tetrate offers a FIPS-verified distribution of Istio specifically designed for organizations requiring FedRAMP authorization and other organizations in regulated environments where the stock builds of Istio and Envoy aren’t suitable.
  • The Federal Information Processing Standards (FIPS) are the information security standards for the U.S. federal government. Information systems built and run by federal agencies, contractors, and vendors are required to adhere to FIPS.
  • FIPS is also widely regarded as a set of robust and trustworthy security standards that is often adopted by private sector organizations.
  • The National Institute of Standards and Technology (NIST), the standards body responsible for defining FIPS, runs a program (CMVP) to validate that cryptographic modules adhere to FIPS standards and are suitable for use in U.S. federal agency information systems. Those modules are said to be FIPS validated. Software certified by a CMVP-accredited laboratory as using FIPS-validated modules correctly is said to be FIPS verified.
  • Tetrate offers a 100% upstream distribution of Istio and Envoy called Tetrate Istio Distro that is the first to be FIPS verified.

Let’s get in touch

For more information or a demo request, just drop us a message.