Effortless FIPS Compliance
Achieve FIPS 140 compliance with our comprehensive, on-premise solution
At a Glance
What It Is
Instant FIPS 140 Compliance: Deploy a solution with FIPS-validated cryptographic modules, ready to use right out of the box.
Modern Zero Trust Access: Replace legacy VPNs and reverse proxies with secure, application-specific connectivity.
Seamless Drop-In Integration: Enhance security without changing your existing NetFoundry On-Premise deployment architecture or sacrificing security or performance.
Who It’s For
Ideal for organizations needing secure connections to GovCloud and regulated industries subject to CJIS or FedRAMP.
Why It’s Unique
Achieve seamless compliance and eliminate the need for hardware appliances.
The Easy Button for Compliant Connectivity
Achieve your most demanding security and compliance goals with unparalleled ease. NetFoundry On-Premise with FIPS Inside delivers the “easy button” for complex regulatory requirements—a robust, ready-to-deploy solution designed for immediate effectiveness. Our comprehensive package provides software that is pre-configured to use a traceable, FIPS-validated cryptographic module, streamlining your path to a compliant security posture for FedRAMP, CJIS, and beyond.
Business Drivers for Providers and ISVs
For SaaS providers and ISVs targeting government or other regulated industries, our solution removes critical barriers to entry and simplifies operations.
| Pain Point | Payoff |
| Complex Compliance Hurdles | Accelerate market entry and achieve FedRAMP or CJIS certification faster by leveraging our compliant connectivity solution. |
| Hardware Boxes on Every Site | Deliver software and SaaS solutions without shipping and managing proprietary physical hardware appliances. |
“On-Premise” refers to our self-hosted software, which you can run in your own cloud or data center, eliminating the need for you to manage or ship dedicated physical boxes.
Powerful Use Cases for Compliant Connectivity
Replace Legacy VPN & Reverse Proxy
Enable FIPS 140-compliant, zero-trust connections to GovCloud workloads and other sensitive sites without the vulnerabilities of a traditional VPN.
Secure CJIS Application Access
Deliver secure Zero Trust Network Access (ZTNA) to Criminal Justice Information Services (CJIS) applications with our software and FIPS-validated modules.
Build a Cloud-Native Security Mesh
Create a compliant, zero-trust container-to-container mesh in Kubernetes to secure modern, cloud-native application environments.
Unify IT/OT and Partner Connectivity
Securely connect any use case, from mission-critical IT and OT communications to private workloads, APIs, and third-party partner access.
Effortless Integration, Uncompromised Security
Our FIPS Inside solution is a drop-in replacement for existing NetFoundry On-Premise deployments. This means you can enhance your security to meet rigorous federal standards without sacrificing the features or seamless experience you already know and trust. The transition is smooth and straightforward, ensuring no disruption to your operations. Additionally, our FIPS Inside versions remain in lockstep with our upstream releases, guaranteeing you always have access to the latest features and critical security updates.
The included self-updating Ziti Desktop Edge for Windows 11 ensures that your team’s devices are always protected with the latest security enhancements. This state-of-the-art tunneling agent provides a secure connection for all your applications, and we extend this powerful protection to your Docker and Kubernetes environments, safeguarding your entire containerized workflow.
Your Trusted Partner for FedRAMP and CJIS Readiness
Navigating the complexities of security requirements for Federal, State, and Local (SLED) agencies is a significant challenge. The Federal Risk and Authorization Management Program (FedRAMP) and CJIS Security Policy both mandate the use of FIPS-validated cryptography. By leveraging our FIPS Inside product, you can confidently demonstrate a key component of compliance, accelerating your authorization process and providing verifiable proof of your security posture.
Our solution is ideally suited for organizations that require the highest levels of security and compliance. The “FIPS Inside” designation signifies that our product incorporates or utilizes cryptographic modules that have been validated against the rigorous standards set by the U.S. government, making NetFoundry On-Premise with FIPS Inside an essential asset for any entity operating within or alongside the federal government.
Frequently Asked Questions
Q: Does this satisfy FIPS 140-3 or 140-2?
A: Yes, our platform is designed to meet your specific compliance mandate, whether that requires FIPS 140-2 or the latest FIPS 140-3 standard. Our “FIPS Inside” architecture ensures we utilize the precise, FIPS-validated cryptographic modules required for your environment. We work with you to ensure your solution is fully compliant from day one.
Q: Is the cryptographic module included?
A: Yes, the solution is self-contained and complete. Our software is pre-configured to use the correct FIPS-validated module for your specific environment. In many cases (like our container images), we package the module directly with our software. In other cases (like on Windows 11), our software is configured to utilize the system’s own built-in, FIPS-compliant cryptographic library. Either way, the solution works out of the box without you needing to integrate cryptographic components.
Q: How does licensing work?
A: Flexible on-premise licensing options are available to suit your deployment needs. Your support contract is based on the size and complexity of your network, including factors such as the number of overlay networks and their respective endpoints.
Q: Can I get the NIST certification details?
A: Yes, we provide our customers and partners with all the necessary details to tie our solution back to the applicable NIST certifications. Each NetFoundry software component is designed to comply with the security policy of a specific CMVP certificate.
Q: How quickly can I set up FIPS-compliant connectivity?
A: FIPS Inside is designed for rapid deployment, allowing you to quickly establish compliant connectivity and easily manage it at scale.
Q: How does it improve security over a traditional VPN?
A: It enhances security by replacing the wide-access model of VPNs with granular zero-trust connections and enforcing the use of FIPS-validated cryptography for all traffic.
