Skip to main content
Skip table of contents

Federal Information Processing Standards (FIPS)

What is FIPS?

Federal Information Processing Standard (FIPS) is a standard developed by the following two government bodies:

  • The National Institute of Standards and Technology (NIST) in the United States
  • The Communications Security Establishment (CSE) in Canada

FIPS standards are either recommended or mandated for use in federal-government-operated IT systems in the United States and Canada.

The FIPS 140-2 publication specifies which encryption algorithms and which hashing algorithms can be used and how encryption keys are to be generated and managed. Some hardware, software, and processes that contain the algorithms can be considered FIPS 140-2 certified, and other hardware, software, and processes that call the correct algorithms can be FIPS 140-2 compliant.

LogRhythm FIPS 140-2 Certification Statement

The LogRhythm FIPS Object Module for OpenSSL for the LogRhythm NextGen SIEM has achieved FIPS 140-2 Level 1 Certification by the NIST Cryptographic Module Validation Program (CMVP).  The validation was completed July 17, 2019 and January 24, 2020 under Certificate #3493

The LogRhythm SIEM v7.8 completed FIPS 140-2 testing by the Cryptographic and Security Testing Laboratory, Leidos, Inc., and the complete set of testing documentation was submitted to NIST. For more information on the status of LogRhythm SIEM 7.8 and its components, see the CMVP Modules in Process List

LogRhythm Deployment Configurations Submitted for Level 1 FIPS 140-2 Certification

The LogRhythm SIEM v7.8 submission covers two specific deployment configurations: XM and DPAWC + DX. 

XM Deployment Configuration

The XM deployment for FIPS 140-2 is a single-machine configuration that runs all LogRhythm services. There are no off-box communications to configure for FIPS mode. 

For more details on the XM deployment configuration requirements, see Configure LogRhythm XM for FIPS Mode.

DPAWC + DX Deployment Configuration

The DPAWC + DX deployment for FIPS 140-2 is a two-machine configuration: a Red Hat Linux 7 machine that runs the Data Indexer (DX) services, and a Windows 2016 machine that runs all other LogRhythm services.

For more details on the DPAWC + DX deployment configuration requirements, see Configure LogRhythm DPAWC + DX for FIPS Mode.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.