Need a fast and simple way to get FIPS validation in Kubernetes, but don't want to deal with the operational complexity of Istio?
Buoyant Enterprise for Linkerd is dramatically reducing our time to FIPS certification, allowing us to ensure security and compliance of our customers' sensitive data."
Chris Armstrong
CIO, Medwatchers
Linkerd is a CNCF-graduated, ultra-simple, security-first service mesh that provides all the benefits of Istio without the operational complexity. For deployments that require FIPS conformance, Buoyant Enterprise for Linkerd is a fully-supported distribution of Linkerd that uses FIPS-validated cryptographic libraries for all encryption, in compliance with the strict federal government cybersecurity requirements of the National Institute of Standards and Technology (NIST) FIPS 140-2 and FIPS 140-3 standards.
Buoyant Enterprise for Linkerd gives government institutions and those doing business with them the ability to fast-track FIPS conformance and FedRAMP ATO, by adding FIPS-validated encryption in transit between all application components, without requiring application changes.
Linkerd provides many other benefits over Istio. Unlike Istio, Linkerd has been built for security from the ground up. Instead of repurposing the general-purpose C++ Envoy proxy, Linkerd uses an ultra-secure micro-proxy written in Rust. This allows Linkerd to avoid the security perils of C++, a language known for its security vulnerabilities, buffer overflow exploits, and CVEs.
Buoyant Enterprise for Linkerd is designed specifically for organizations that must comply with FIPS 140-2 and 140-3 standards. We'd love to chat about how FIPS-validated Linkerd can help you achieve FIPS conformance or FedRAMP ATO in Kubernetes.