More SRX Platforms complete FIPS 140-2 Certification

By Elevate posted 03-01-2018 08:22


Former US President, Ronald Reagan frequently used the Russian proverb “Trust, but verify”.  This adage is also frequently used in the blockchain community.  The idea is that some things are important enough that they must be verified.

The Cryptographic Module Validation Program (CMVP) is a joint effort between the US National Institute of Science and Technology (NIST) and the Canadian Communications Security Establishment (CSE).   CMVP validates cryptographic modules to the Federal Information Processing Standards (FIPS) 140-2 and other standards.  FIPS 140-2 is a mandatory standard for the protection of US Government sensitive data.


I am happy to report that the SRX1500, SRX4100, SRX4200, and vSRX security gateways recently completed NIST FIPS 140-2 certification with Junos OS 15.1X49.  These products join the already certified SRX300-345, SRX550-M and SRX5400, SRX5600, and SRX5800.


The NIST Certifications are as follows

vSRX- Certificate #3137

SRX1500, SRX4100 and SRX4200- Certificate #3136

SRX300, SRX320, SRX340, SRX345 and SRX550-M- Certificate #3100

SRX5400, SRX5600, and SRX5800- Certificate #2948


As part of our ongoing commitment to government certifications, these devices are already in process for a recertification using Junos 17.4 and are listed on the CMVP Implementation Under Test (IUT) List.





08-21-2018 14:03


I might not be following your question completely.  vSRX is a virtual appliance and would need the server it is installed on to have some hypervisor environment whether it was ESXi, KVM, HyperV, etc.

In the case that you mention, is the server truly baremetal, or is it running some form of Linux or Windows?

The vSRX is being certified again with Junos 17.4 and this certification will specifically include VMware ESXi and Linux KVM environments.   It just isn't practical to test every hypervisor scenario and hardware scenario, but there should be no differences.


If you want send me a note at and we can take this discussion off line.

08-21-2018 13:47

Would this FIPS 140-2 certification be valid in configurations other than as tested?  Meaning if I configured the OS on a Bare Metal Server would the certification remain valid?

Tested Configuration(s)
  • JUNOS 15.1X49-D100 on VMWare ESXi 5.5 on a Server HP ProLiant DL380 Gen9 (single-user mode)