Get Service Mesh Certified with Buoyant.

Enroll now!
close

FIPS validated encryption in transit for any Kubernetes application

The world's lightest, most secure service mesh, now with FIPS-validated cryptographic libraries

Request CMVP info
Download whitepaper
FIPS-validated cryptography
Why Linkerd for FIPS? 
Who is FIPS-validated Linkerd for?
Authentication and authorization for all Kubernetes application traffic in 30 days

Book a live FIPS demo

Fast-track FIPS compliance with Buoyant Enterprise for Linkerd

FIPS-validated cryptography

FIPS-validated encryption requires that data at rest or in transit meet the strict federal government cybersecurity requirements of the National Institute of Standards and Technology (NIST) FIPS 140-2 or FIPS 140-3 standards. Buoyant Enterprise for Linkerd (BEL) uses FIPS-validated cryptographic libraries to transparently encrypt all data in transit between meshed pods.

FIPS-validated encryption is a key component to several compliance standards like:

  • FedRAMP
  • CMMC
  • HIPAA
  • And other frameworks
On-prem Buoyant Enterprise for Linkerd dashboard.

Why Linkerd for FIPS? 

For organizations targeting FIPS compliance, Linkerd offloads the burden of individual application security to a centralized, validated infrastructure layer. Additionally, you'll get these key benefits:

Memory-safe architecture: Linkerd is the only service mesh that uses an ultra-secure "micro-proxy" written in the Rust programming language, avoiding critical memory safety issues that occur with other meshes (Istio, Cilium, etc.) that use Envoy proxies written in C++.

No code changes: Linkerd's FIPS validated builds cover both Linkerd’s control plane and its data plane, allowing your application to have FIPS validated encryption without changing its code.

Industry standards security frameworks: Linkerd uses industry standards such as mutual TLS and Gateway API to provide a comprehensive suite of network security controls, including cryptographic workload identity, fine-grained micro-segmentation, deny-by-default, and true zero trust networking. With BEL, your service mesh is not only ultrafast, small, and simple—it's built for security from the ground up.

Easy compliance auditing: BEL simplifies the auditing process with a FIPS dashboard to help demonstrate FIPS compliance by giving auditors real-time proof of encryption as well as readily available CMVP numbers.

Integrated development and accountability: Unlike other service meshes, which have different projects for different parts of the tech stack, Buoyant builds both the control plane and the data plane with one team and one common goal. This allows Buoyant to provide a clear process for escalation, remediation, upgrades, and feature requests.

Chromium project

Who is FIPS-validated Linkerd for?

Buoyant's FIPS build of Linkerd is designed for organizations that must comply with NIST FIPS 140-2 and 140-3 standards. Many compliance frameworks require this level of encryption, including FedRAMP, HIPAA, and CMMC. While Linkerd is the lightest, most secure service mesh on the market, open source Linkerd uses cryptographic modules that, while well regarded and considered highly secure, are not validated for compliance with FIPS.

We've helped companies like Zscaler build Kubernetes applications using FIPS-validated cryptographic libraries. If FIPS compliance is a requirement for you, we'd love to chat!

We found Istio to be unnecessarily complicated. We would have spent months just learning the system, which isn’t an option when you’re in a high-growth stage like IntelliGRC. With Buoyant Enterprise for Linkerd, we could get it running immediately. Read the case study

Matthew DuVal

Head Engineer at IntelliGRC

Authentication and authorization for all Kubernetes application traffic in 30 days

Kubernetes-based SaaS applications need to be FedRAMP certified before they can sell to the federal government. Our ultralight Linkerd service mesh provides FIPS-validated encryption, authentication and authorization for all Kubernetes application traffic. Fast-track your FedRAMP journey and accelerate your time to market.

Get started with Buoyant
Enterprise for Linkerd

Download and install the world's most advanced service
mesh on any Kubernetes cluster in minutes

Get started

What is FIPS?

The FIPS standards cover a broad range of topics, including encryption algorithms, access control mechanisms, physical security, and network protocols. These standards are used by government agencies, contractors, and other organizations that handle sensitive information to ensure that their systems meet the highest levels of security and compliance. Compliance with FIPS standards is often a requirement for government contracts and is a critical component of cybersecurity best practices.

FIPS (Federal Information Processing Standard) is a set of guidelines and requirements, including for cryptographic modules, that is used by federal agencies and other regulated industries. FIPS compliance ensures that cryptographic algorithms are implemented correctly and securely, providing strong protection for sensitive data.

FIPS 140-2 vs 800-204A vs 800-207

FIPS 140-2, 800-204A, and 800-207 are different standards published by the National Institute of Standards and Technology (NIST) that address different aspects of information security.

FIPS 140-2, 800-204A, and 800-207 are different standards published by the National Institute of Standards and Technology (NIST) that address different aspects of information security.

FIPS 140-2 and 140-3 specify the security requirements for cryptographic modules used in protecting sensitive information. It outlines the requirements for the design, implementation, and testing of cryptographic modules, including encryption algorithms, key management, and random number generation.

NIST 800-204A is a guideline that provides recommendations for the security and privacy requirements of controlled unclassified information (CUI) in nonfederal systems and organizations. It outlines the security controls and best practices that should be implemented to protect CUI, including access control, audit and accountability, and incident response.

‍NIST 800-207 is a standard that outlines the security considerations and best practices for the use of Zero Trust Architecture (ZTA) in securing modern information systems. It provides guidance on the design, implementation, and management of ZTA, which is a security model that assumes no trust in any user or device and requires strict authentication and authorization for all system interactions.

In short, FIPS 140-2 and 140-3 specify the security requirements for cryptographic modules, NIST 800-204A provides guidance on securing controlled unclassified information, and NIST 800-207 outlines the best practices for implementing Zero Trust Architecture in information security.

Sign up for the service mesh newsletter

No junk. No spam. Just the latest and greatest service mesh news, from the company that invented the service mesh.

Products

Buoyant Enterprise for Linkerd Linkerd Support

Service Mesh

Service Mesh AcademyWhat's Service MeshLinkerd vs IstioLinkerd vs CiliumCase StudiesResourcesmTLS Guide

About

About UsNewsroomContact UsCareers

Privacy Policy

|

Cookie Policy

Copyright © 2025 Buoyant Inc.

Book a meeting

By clicking “Accept,” you agree to our privacy policy and the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

PreferencesRejectAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Preferences

By clicking “Accept,” you agree to our privacy policy and the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

PreferencesRejectAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Preferences