The world's lightest, most secure service mesh, now with FIPS-validated cryptographic libraries
Buoyant Enterprise for Linkerd is dramatically reducing our time to FIPS certification, allowing us to ensure security and compliance of our customers' sensitive data." — Chris Armstrong, CIO, Medwatchers
The world's lightest, most secure service mesh, now with FIPS-validated cryptographyNeed FIPS-validated encryption in transit for your Kubernetes application? Buoyant's FIPS build of Buoyant Enterprise for Linkerd uses FIPS-validated cryptographic libraries for all encryption and transparently encrypts all data in transit between meshed pods with these libraries, giving you the ability to meet the strict federal government cybersecurity requirements of the National Institute of Standards and Technology (NIST) FIPS 140-2 and FIPS 140-3 standards.
Best of all, Buoyant Enterprise for Linkerd is our distribution of Linkerd, the world's lightest and fastest service mesh, giving you dramatically improved performance compared to Istio, Cilium Mesh, and other service meshes.
Linkerd vs Istio vs Cilium 2024 benchmarks originally published by LiveWyer
Designed for security from the ground upLinkerd is the only service mesh that uses a ultra-secure "micro-proxy" written in the Rust programming language, achieving critical memory safety guarantees. Other service mesh such as Istio and Cilium use Envoy, a complex proxy written C++, a language known for CVEs, buffer overflow exploits, and endemic security vulnerabilities.
Linkerd uses industry standards such as mutual TLS and the Gateway API to provide a comprehensive suite of network security controls, including cryptographic workload identity, fine-grained micro-segmentation, deny-by-default, and true zero trust networking. With Buoyant Enterprise for Linkerd, not only is your service mesh ultrafast, small, and simple—it's built for security from the ground up.
Google’s Chromium project found that 70% of serious security bugs are due to memory safety problems. Linkerd avoids these problems by using Rust.
Who is FIPS-validated Linkerd for?Buoyant's FIPS build of Linkerd is designed for organizations that must comply with NIST FIPS 140-2 and 140-3 standards. While Linkerd is the lightest, most secure service mesh on the market, open source Linkerd itself does not meet FIPS standards.
We've helped companies around the world build Kubernetes applications using FIPS validated cryptographic libraries. CMVP certificate numbers are available upon request. If FIPS compliance is a requirement for you, we'd love to chat!
The FIPS standards cover a broad range of topics, including encryption algorithms, access control mechanisms, physical security, and network protocols. These standards are used by government agencies, contractors, and other organizations that handle sensitive information to ensure that their systems meet the highest levels of security and compliance. Compliance with FIPS standards is often a requirement for government contracts and is a critical component of cybersecurity best practices.
FIPS (Federal Information Processing Standard) is a set of guidelines and requirements, including for cryptographic modules, that is used by federal agencies and other regulated industries. FIPS compliance ensures that cryptographic algorithms are implemented correctly and securely, providing strong protection for sensitive data.
FIPS 140-2 vs 800-204A vs 800-207
FIPS 140-2, 800-204A, and 800-207 are different standards published by the National Institute of Standards and Technology (NIST) that address different aspects of information security.
FIPS 140-2 is a standard that specifies the security requirements for cryptographic modules used in protecting sensitive information. It outlines the requirements for the design, implementation, and testing of cryptographic modules, including encryption algorithms, key management, and random number generation.
NIST 800-204A is a guideline that provides recommendations for the security and privacy requirements of controlled unclassified information (CUI) in nonfederal systems and organizations. It outlines the security controls and best practices that should be implemented to protect CUI, including access control, audit and accountability, and incident response.
NIST 800-207 is a standard that outlines the security considerations and best practices for the use of Zero Trust Architecture (ZTA) in securing modern information systems. It provides guidance on the design, implementation, and management of ZTA, which is a security model that assumes no trust in any user or device and requires strict authentication and authorization for all system interactions.
In short, FIPS 140-2 specifies the security requirements for cryptographic modules, NIST 800-204A provides guidance on securing controlled unclassified information, and NIST 800-207 outlines the best practices for implementing Zero Trust Architecture in information security.