Meraki. I don’t know if Meraki VPN is FIPS
What kind of firewall do you have?
I would just hit the CMVP and check who has FIPS validations. I know Palo Alto does and I think Sophos just got validated.
It’s our way to help make sure data stays inside our network. Laptops are meant to be used only to RDP to their computer inside. We do allow them to use the laptop for checking email and doing work as long as it’s not CUI. We found that training users to think of the laptop as an RDP jump point and everything they do, it’s on their office computer, makes it less likely to have CUI leave the facility without being accounted for. It’s just one way we use to try to minimize user error.
I personally am not responsible for the VPN so i can’t speak much about how it’s setup, but we use Ivanti. There’s been talk of moving to something else because of the recent security issues they’ve had, but at this point it’s doing what we need from a compliance perspective, ignoring concerns of their security practices.
I’ll be honest with all of the spelling mistakes it is hard to understand exactly where the person is connecting from and what decide they are connecting to
Replace the old hardware. Why do they need to keep using it?
Give them laptops that they can take home and connect to VPN to access any company resources and network.
Once you enable FIPS on the server OS and set any related settings, the server OS will only allow FIPS validated modules to run. Anything you install will use those modules, or it will break.
https://docs.nginx.com/nginx/fips-compliance-nginx-plus/
https://ubuntu.com/security/fips#modules (we use Ubuntu, other OS will have their own docs)
Windows FIPS 140 validation | Microsoft Learn
How RHEL 8 is designed for FIPS 140-2 requirements
Cryptographic Module Validation Program | CSRC
Most things you will install will use one of the cryptographic modules already in the OS, so it shouldn’t take any other setup. ie, if you install nginx on a FIPS enabled system, then it will use FIPS validated modules. When assessment time comes around, just be prepared with the information about the modules in use.
It’s a mainframe and old and uses Twinax. I would love to and there is a plan to but not yet and who knows how long we will be pulling info from it.
Oh ok nice. Ok I got that done then nice. Thank you.