Need FIPS-validated encryption in transit for your Kubernetes application? Whether you need to meet compliance standards for FedRAMP, CMMC, HIPAA, or other frameworks, Buoyant Enterprise for Linkerd (BEL) uses FIPS-validated cryptographic libraries for all encryption and transparently encrypts all data in transit between meshed pods with these libraries. This allows your organization to meet the strict federal government cybersecurity requirements of the National Institute of Standards and Technology (NIST) FIPS 140-2 and FIPS 140-3 standards.

Linkerd is the only service mesh that uses an ultra-secure "micro-proxy" written in the Rust programming language, achieving critical memory safety guarantees. Other service meshes such as Istio and Cilium use Envoy, a complex proxy written in C++, a language known for CVEs, buffer overflow exploits, and endemic security vulnerabilities.

Linkerd uses industry standards such as mutual TLS and the Gateway API to provide a comprehensive suite of network security controls, including cryptographic workload identity, fine-grained micro-segmentation, deny-by-default, and true zero trust networking. With BEL, not only is your service mesh ultrafast, small, and simple—it's built for security from the ground up.

Additionally, Linkerd offers a FIPS dashboard inside BEL to help demonstrate FIPS compliance to auditors, giving them real-time proof of encryption as well as readily available CMVP numbers.

Buoyant's FIPS build of Linkerd is designed for organizations that must comply with NIST FIPS 140-2 and 140-3 standards. Many compliance frameworks require this level of encryption, including FedRAMP, HIPAA, and CMMC. While Linkerd is the lightest, most secure service mesh on the market, open source Linkerd itself does not meet FIPS standards.