FIPS 140-2 SED support in TrueNAS Core

[swezey]

So I have been tasked with setting up a FIPS 140-2 compliant storage array at my company. I have sourced the drives (Western Digital HC520 model number HUH721212AL4205) but these do not work in our current QNAP devices. So, I was thinking of using a spare Supermicro 24 bay server and implementing FreeNAS (now called TrueNAS as I have learned). My question that I can not seem to get the answer to is if FIPS SED's are supported by TrueNAS Core or not. If you search all the iX web pages and guides. there seems to be conflicting information. Some lead you to believe YES while other seems to indicate this is only available in Enterprise. Can someone clarify this once and for all? It definitely need to be FIPS 140-2 compliant. If this this not going to work I need to look a different direction QUICK! Thanks Community!

- Bill

P.S. Brand new here sorry if this is in the wrong place.

 

[Samuel Tai]

/core/coretutorials/storage/sed/

Out of the box, I don't believe Core supports FIPS 140-2. I also don't believe Enterprise supports it either, as Enterprise is just Core with HA.

 

[swezey]

Oh boy that's not good... So TrueNAS can not achieve FIPS 140-2 compliance across their entire product line? Or when you say "out of the box" is there an add on module or something? Is there a version of FreeNAS that could do it? I just need basic SMB storage with FIPS 140-2 encryption. Seems not a huge ask - the encryption is baked into the drive itself. :-(

 

[Samuel Tai]

Dunno, never tried it.

 

[Kris Moore]

/core/coretutorials/storage/sed/

TrueNAS CORE and Enterprise (As well as SCALE) can work with SED / FIPS 140-2 drives.

Full platform support for FIPS 140-3 mode is being worked on for SCALE Enterprise versions, expected to launch at end of year.

 

[Samuel Tai]

I mean, it will probably work, as the FIPS-compliant SEDs will likely present themselves to TrueNAS as TCG Enterprise drives. However, TrueNAS has not received any FIPS certification, so far as I know.

 

[swezey]

OK got it - thanks guys! Appreciate the prompt replies. I am 99.99% sure (that's 4 nines ;-) that since the drives are on the FIPS certified list that as long as I can enable them, we will be compliant. I'll post back if I find out otherwise from the security audit team but they did approve the drives we are planning to deploy. Thanks again!

- Bill

@Kris Moore I did find that page but since it made no mention of FIPS I wasn't sure. Thanks for clearing it up. I am new to all this security and encryption stuff so I might just not have understood it properly.