SEDs and FIPS 140-2 certification

Status
Not open for further replies.
R

RichR

Explorer
Joined
Oct 20, 2011
Messages
77
not sure if this is the right place for a feature request.....

Companies, institutions and government are increasingly requiring FIPS 140-2 certification for data at rest. I understand the reasoning and applaud iX for adding support for SEDs, however at least for me, there's one big problem. Those drive are impossible to get. I've contacted some of our vendors; Ingram, CDW, TechData etc, and no one has the drives, and can't say when they can get them. If they were easy to get, I wouldn't be writing this.... but I do have a need, and I'm guessing others do too. HGST/Hitachi told me they are not producing SEDs any more. (although I'm not 100% trusting of who I talked to). Do an online search and see if/where you can actually buy them and they are in stock.

I'm not extremely familiar with RackTop Systems (NAS), but they seem to be growing. I do know that their systems use ZFS, and that they are FIPS certified. So are all the other big boys, but this seems to be one instance where "Find Out Why TrueNAS Is Replacing NetApp & EMC Every Day" won't happen, but I wish it would.

I think it could be a big game changer if iX/FreeNAS could incorporate FIPS 140-2 compliance into pools, through a different mechanism than SEDs. As you know the better processors support it. We have healthcare customers that we can't put on either TrueNAS or FreeNAS because of this...

Rich Rosenbaum
 
D

dlavigne

Guest
Please create the feature request at bugs.freenas.org and post the issue number here. Thanks!
 
R

RichR

Explorer
Joined
Oct 20, 2011
Messages
77
thanks - not sure if Middleware is where it was supposed to go, but that's the category I used....

Feature #38928
 
P

purduephotog

Explorer
Joined
Jan 14, 2013
Messages
73
Just wanted to add- I'm buying a truenas system for one customer that doesn't need it, but not having it is holding up me getting it bought for my other lab. So if you can, yes please. I have to have all data at rest 'encrypted'. Want to know what paper is called? :)
 
R

RichR

Explorer
Joined
Oct 20, 2011
Messages
77
purduephotog said:
Just wanted to add- I'm buying a truenas system for one customer that doesn't need it, but not having it is holding up me getting it bought for my other lab. So if you can, yes please. I have to have all data at rest 'encrypted'. Want to know what paper is called? :)
Click to expand...
Just to be clear, the issue is the specificity of the encryption of data at rest, which FreeNAS does offer (I'm guessing TrueNAS does too). Having FIPS 140-2 validated/certified encryption vs the currently built-in/optional encryption takes it to a level that actually means something, and meets more stringent requirements.... No company or organization is going to say "ok, just give me some kind of encryption and we don't care if it meets any standard."
 
P

purduephotog

Explorer
Joined
Jan 14, 2013
Messages
73
RichR said:
Just to be clear, the issue is the specificity of the encryption of data at rest, which FreeNAS does offer (I'm guessing TrueNAS does too). Having FIPS 140-2 validated/certified encryption vs the currently built-in/optional encryption takes it to a level that actually means something, and meets more stringent requirements.... No company or organization is going to say "ok, just give me some kind of encryption and we don't care if it meets any standard."
Click to expand...

Yep.

RMF - Risk Management Framework for DoD.
 
Status
Not open for further replies.

Similar threads

S
FIPS 140-2 SED support in TrueNAS Core
Replies
6
Views
2K
swezey
S
wsoteros
Blog TrueNAS is Secure Storage
Replies
0
Views
645
wsoteros
wsoteros
wsoteros
Blog Level Up your Ransomware Protection with TrueNAS
Replies
0
Views
630
wsoteros
wsoteros
JoshDW19
Blog iXsystems TrueNAS SCALE 22.12 Achieves Release Status
Replies
0
Views
2K
JoshDW19
JoshDW19
JoshDW19
Blog Futurex Enables Centralized Key Management for TrueNAS via KMIP
Replies
0
Views
1K
JoshDW19
JoshDW19
Top