Originally designed as a standard for encryption and information security of U.S. government systems, Federal Information Processing Standards (FIPS) has become the gold security seal of encryption and data-handling for many other industries. Traditionally, FIPS compliance has been challenging to maintain across multiple components.
“The new F5 + Red Hat offering available in the AWS Marketplace is an integrated package that significantly simplifies FIPS compliance for applications, APIs, and AI running in the cloud.”
Our new packaged solution tackles that challenge and makes it easier to deploy and maintain a FIPS-compliant F5 NGINX Plus instance in AWS. This provides a new and better way to ensure secure delivery of applications, APIs, and artificial intelligence components running in the cloud, while fulfilling strict security and compliance requirements for regulated and sensitive use cases.
What is FIPS and why it matters
FIPS are standards and guidelines issued by the U.S. National Institute of Standards and Technology (NIST) for federal computer systems. The core purpose of FIPS, particularly FIPS 140-2 and the newer FIPS 140-3, is to ensure that cryptographic modules—the components that handle encryption and decryption—meet stringent security requirements. This is vital for protecting sensitive but unclassified information, from citizen data to internal government communications.
In addition, U.S. federal government agencies, and contractors working with them, must use FIPS-validated cryptographic modules for applications and infrastructure running government systems. Non-compliance can lead to significant risks, including loss of contracts, and the U.S. government has stepped up enforcement of FIPS compliance in recent years.
FIPS standards also promote interoperability between different systems by ensuring they adhere to common security protocols. FIPS interoperability allows for easier creation of packaged solutions, such as the one described in this blog. Our new Red Hat Enterprise Linux and NGINX solution leverages encryption efforts by Red Hat’s team on OpenSSL modules and applies them to F5 NGINX Plus images.
Essentially, FIPS compliance means that a product's cryptographic functions meet the U.S. government's high bar for security, ensuring data is properly protected. Applications running on FIPS-compliant platforms present a hardened target that both discourages attackers and protects users and systems.
Streamlining FIPS compliance
Our new marketplace offering is a complete package that includes NGINX Plus on Red Hat Enterprise Linux. It significantly simplifies FIPS compliance for applications, APIs, and AI running in the cloud through the following features:
- Leveraging FIPS-validated cryptography. Red Hat Enterprise Linux has already achieved FIPS 140-2/3 certification for its cryptographic modules, and our new package bundles this with F5 NGINX Plus. A key component is its OpenSSL library, which provides fundamental cryptographic functions like encryption, decryption, and hashing.
- Direct use of FIPS-validated OpenSSL. Within this integrated package, NGINX Plus is specifically configured to utilize the FIPS-validated OpenSSL cryptographic libraries provided by the Red Hat Enterprise Linux operating system. This means that when NGINX Plus performs cryptographic operations (like handling HTTPS traffic), it relies directly on these Red Hat Enterprise Linux -provided modules that have already undergone rigorous FIPS validation. This ensures that the cryptographic functions handled by NGINX Plus operate in accordance with FIPS requirements.
- Out-of-the-box compliance. Customers receive a pre-configured package where FIPS is already enabled within the Red Hat Enterprise Linux foundation. This reduces the complex and time-consuming process of sourcing, building, configuring, and validating FIPS-compliant cryptographic modules on their own.
- Simplified deployment and management on AWS. By providing this integrated package as an "appliance-like" experience available through the AWS Marketplace, we streamline the deployment and ongoing management of NGINX Plus in FIPS-constrained environments. It’s a "drop-in" solution for FIPS environments that can be up and running in minutes, not days or weeks.
- Continuous compliance and support. One joint package covers OS, crypto modules, and NGINX Plus. Red Hat and F5 ship coordinated patches that keep the entire stack inside its validated boundary, simplifying renewals and reducing operational risk.
Unlocking advanced capabilities with NGINX Plus
NGINX Plus is the enterprise-grade version of the widely adopted NGINX traffic management solution, designed to deliver advanced capabilities for modern applications. It combines proven performance and scalability with enterprise-focused features. By leveraging NGINX Plus, organizations can ensure high availability, robust security, and deep observability across their application environments. Here’s a closer look at some of the powerful features now available through the new packaged solution on AWS Marketplace.
NGINX Plus provides robust security through advanced features like JWT authentication, OpenID Connect integration for single sign-on, and support for F5 NGINX App Protect (WAF and DoS protection). The F5 NGINX One AI Assistant enhances the expertise of developers and DevOps teams with configuration and context-aware security suggestions.
Users gain comprehensive observability with real-time visibility of applications, APIs, and AI, with over 240 extended status metrics via a JSON API. They also get easy integration and export features with third-party dashboard and monitoring tools or with the NGINX One SaaS management console.
F5. NGINX Plus provides performance, high availability, and resilience through a wide array of load balancing algorithms, a lightweight runtime environment, an efficient data plane, and active health checks to ensure reliability. High availability features include active-active clustering and state sharing.
The solution also streamlines operational efficiency by simplifying management and reducing administrative overhead with the NGINX Plus API for dynamic configuration of upstream servers and key-value stores without service interruptions. This integrates automatically with the NGINX One SaaS management console to give a single observability, security, and management plane for all NGINX instances.
Benefits of the new F5 and Red Hat FIPs solution by industry
| Sector | Compliance Driver |
Why FIPS-Validated Crypto Matters |
How the New Image Helps |
|---|---|---|---|
| Government & Defense | FedRAMP requires FIPS-140-validated modules for all moderate and high baselines. | Using an already-validated TLS front end slashes authority to operate (ATO) timelines, avoids crypto waivers, and keeps agencies compliant when modules go “historical.” | Launch the Amazon machine image (AMI) in GovCloud or a classified region; coordinated Red Hat and F5 patches keep the entire stack in its validated boundary for the life of the system. |
| Healthcare & Life-Sciences | HHS breach-notification guidance names NIST-tested (FIPS) encryption as “safe harbor” for protected health information (PHI). | Encrypting ePHI with FIPS-validated modules reduces breach-notification exposure and audit scope. | One image covers web, API, and AI inference tiers; compliance evidence traces to a single validation certificate. |
| Public Safety & Justice | FBI security policy requires FIPS-validated crypto for Criminal Justice Information Services (CJIS). | Body-cam, 911, and e-citation vendors inherit CJIS readiness instead of rebuilding OpenSSL for each release. | The packaged stack keeps firmware-level crypto, config baselines, and traffic encryption in one support path. |
| North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) | NERC CIP implementation guidance lists FIPS 140-2 as an accepted control for software integrity and encryption. | Utilities document CIP-010 controls without bolting HSMs onto every substation gateway. | The packaged stack keeps firmware-level crypto, config baselines, and traffic encryption in one support path. |
| Cloud & SaaS Providers | AWS exposes FIPS-only TLS endpoints so tenants can meet FedRAMP and similar mandates. | Enterprise and public-sector customers increasingly demand a “FIPS mode” service option. | Spin up the AMI in any region, inherit Red Hat Enterprise Linux validation, and satisfy customer questionnaires with a single certificate. |
Ready to modernize and simplify FIPS compliance?
Whether you’re in government, finance, healthcare, or another industry, the F5 packaged solution with Red Hat Enterprise Linux helps you future-proof critical infrastructure with the only FIPS-validated application-delivery stack that delivers high performance, deep observability, easy deployment, and scaling in a simple-to-install image.
Deploy the NGINX Plus FIPS-Ready AMI from AWS Marketplace and go live before your next compliance deadline.
About the Author
Related Blog Posts
Secure Your API Gateway with NGINX App Protect WAF
As monoliths move to microservices, applications are developed faster than ever. Speed is necessary to stay competitive and APIs sit at the front of these rapid modernization efforts. But the popularity of APIs for application modernization has significant implications for app security.
How Do I Choose? API Gateway vs. Ingress Controller vs. Service Mesh
When you need an API gateway in Kubernetes, how do you choose among API gateway vs. Ingress controller vs. service mesh? We guide you through the decision, with sample scenarios for north-south and east-west API traffic, plus use cases where an API gateway is the right tool.
Deploying NGINX as an API Gateway, Part 2: Protecting Backend Services
In the second post in our API gateway series, Liam shows you how to batten down the hatches on your API services. You can use rate limiting, access restrictions, request size limits, and request body validation to frustrate illegitimate or overly burdensome requests.
New Joomla Exploit CVE-2015-8562
Read about the new zero day exploit in Joomla and see the NGINX configuration for how to apply a fix in NGINX or NGINX Plus.
Why Do I See “Welcome to nginx!” on My Favorite Website?
The ‘Welcome to NGINX!’ page is presented when NGINX web server software is installed on a computer but has not finished configuring