FIPS compliant connectivity & networking
FIPS 140 encryption for on-prem, hybrid, cloud and government cloud connections

What it is
Instant FIPS 140 Compliance: Deploy a solution with FIPS-validated cryptographic modules, ready to use right out of the box. NetFoundry enables vendors to add FIPS compliance into products, and enables businesses to add FIPS compliant encryption to existing solutions.
Modern Zero Trust Access: Replace legacy VPNs, reverse proxies and SD-WANs with zero trust connectivity. Used in IT, IoT and OT.
Seamless Drop-In Integration: All software solution. Use NetFoundry hosted networks, or self-host, including in on premises environments.
Used by regulated orgs and providers
Ideal for organizations needing secure connections to GovCloud and regulated industries subject to CJIS or FedRAMP. Vendors and SaaS providers selling to companies which need FIPS compliance.
How is it unique
The simplest and fastest way for FIPS-compliant connections. Covers all scenarios including replacing VPN, PAM, SRA and SD-WAN. Used for IT and IoT.
The Easy Button for Compliant Connectivity
Achieve your most demanding security and compliance goals with unparalleled ease. NetFoundry On-Premise with FIPS Inside delivers the “easy button” for complex regulatory requirements—a robust, ready-to-deploy solution designed for immediate effectiveness. Our comprehensive package provides software that is pre-configured to use a traceable, FIPS-validated cryptographic module, streamlining your path to a compliant security posture for FedRAMP, CJIS, and beyond.
Business Drivers for Providers, SaaS and ISVs
ISVs who want to add SaaS delivered solutions can easily and securely connect from customer sites to the SaaS site, including gov cloud, with FedRAMP, CJIS and FIPS-compliance. No VPN or MPLS dependencies.
Pain Point | Payoff |
Compliance Hurdles | Accelerate market entry and achieve FedRAMP or CJIS certification faster by leveraging our compliant connectivity solution. |
Hardware and networking | Deliver software and SaaS solutions without managing hardware and networking. |
Powerful Use Cases for Compliant Connectivity
Replace Legacy VPN & Reverse Proxy
Enable FIPS 140-compliant, zero-trust connections to GovCloud workloads and other sensitive sites without the vulnerabilities of a traditional VPN.
Secure CJIS Application Access
Deliver secure Zero Trust Network Access (ZTNA) to Criminal Justice Information Services (CJIS) applications with our software and FIPS-validated modules.
Build a Cloud-Native Security Mesh
Create a compliant, zero-trust container-to-container mesh in Kubernetes to secure modern, cloud-native application environments.
Unify IT/OT and Partner Connectivity
Securely connect any use case, from mission-critical IT and OT communications to private workloads, APIs, and third-party partner access.
Zero trust networking with FIPS compliance
NetFoundry FIPS Inside versions remain in lockstep with upstream releases, ensuring you always have access to the latest features and critical security updates.
The included self-updating Ziti Desktop Edge for Windows – deployable as the client and/or server side of the connection – ensures that your team’s devices are always protected with the latest security enhancements. NetFoundry’s containerized solutions extend FIPS compliant networking to your Linux, Docker and Kubernetes environments.


Your Trusted Partner for FedRAMP and CJIS Readiness
Navigating the complexities of security requirements for Federal, State, and Local (SLED) agencies is a significant challenge. The Federal Risk and Authorization Management Program (FedRAMP) and CJIS Security Policy both mandate the use of FIPS-validated cryptography. By leveraging NetFoundry’s FIPS Inside product, you can confidently demonstrate a key component of compliance, accelerating your authorization process and providing verifiable proof of your security posture.
NetFoundry’s solution is ideally suited for organizations that require the highest levels of security and compliance. The “FIPS Inside” designation signifies that NetFoundry incorporates or utilizes cryptographic modules that have been validated against the rigorous standards set by the U.S. government.
Frequently Asked Questions
Q: Does this satisfy FIPS 140-3 or 140-2?
A: NetFoundry meets both FIPS 140-2 and the latest FIPS 140-3 standard. The “FIPS Inside” architecture ensures NetFoundry utilizes the precise, FIPS-validated cryptographic modules required for your environment.
Q: Is the cryptographic module included?
A: Yes, the solution is self-contained and complete. NetFoundry software is pre-configured to use the correct FIPS-validated module for your specific environment. NetFoundry container images package the module. In other cases (like on Windows 11), NetFoundry software is configured to utilize the system’s own built-in, FIPS-compliant cryptographic library. Either way, the solution works out of the box without you needing to integrate cryptographic components.
Q: How does licensing work?
A: Flexible on-premise licensing options are available to suit your deployment needs. Your support contract is based on the size and complexity of your network, including factors such as the number of overlay networks and their respective endpoints.
Q: Can I get the NIST certification details?
A: Yes, NetFoundry maps all components to the applicable NIST certifications. Each NetFoundry software component is designed to comply with the security policy of a specific CMVP certificate.
Q: How quickly can I set up FIPS-compliant connectivity?
A: FIPS Inside is designed for rapid deployment, allowing you to quickly establish compliant connectivity and easily manage it at scale. NetFoundry’s zero trust overlays are instantiated instantly, as software.
Q: How does it improve security over a traditional VPN?
A: It simplifies and secures by replacing VPNs with granular zero-trust connections and enforcing the use of FIPS-validated cryptography for all traffic. Every session is identified, authenticated and authorized.