Skip to main content

HashiCorp Vault Achieves Federal Information Processing Standard (FIPS) Compliance

Written by Customer Service on . Posted in Public Companies.

SAN FRANCISCO, June 14, 2022 (GLOBE NEWSWIRE) — HashiCorp, Inc. (NASDAQ: HCP), a leading provider of multi-cloud infrastructure automation software, today announced Vault Enterprise has achieved Federal Information Processing Standard (FIPS) 140-2 Level 1 after validation from Leidos, the independent security audit and innovation lab. This is the first FIPS certification for Vault Enterprise and will allow HashiCorp to deepen relationships with highly regulated and public sector institutions.

FIPS 140-2 is the U.S. government computer security standard used to approve cryptographic modules and covers a wide range of potential applications. FIPS Enabled Vault is validated by Leidos, a member of the National Voluntary Lab Accreditation Program (NVLAP).

“HashiCorp has a history of providing the US Public Sector and customers in highly regulated industries with solutions to operate and remain in compliance,” said HashiCorp chief security officer Talha Tariq. “The certification of FIPS 140-2 within Vault Enterprise demonstrates our continued investment and commitment to these customers.”

In 2017, HashiCorp Vault went through a Leidos evaluation focused on Vault’s Seal Wrapping feature. Seal Wrapping allows a Vault Enterprise system to encode cryptographic fundamentals and credentials with encryption derived from an external FIPS 140-2 certified cryptographic Hardware Security Module (HSM). This is designed for customers who already have an HSM in their infrastructure, and who want the FIPS 140-2 Level 2+ protection only an HSM can provide.

Today, with HashiCorp Vault 1.10 using the FIPS enabled build we now support a special build of Vault Enterprise, which includes built-in support for FIPS 140-2 Level 1 compliance. Unlike using Seal Wrap for FIPS compliance, this binary has no external dependencies on HSM, a benefit for organizations that only need FIPS 140-2 Level 1 cryptography.

FIPS Enabled Vault is available through HCP Vault and Vault Enterprise. For more information on Vault Enterprise Plus, visit the Vault and Getting Started with HCP Vault pages. Additional documentation is available on the FIPS Enabled Vault page and FIPS Enabled Vault compliance letters can be found on the evaluation page.

About HashiCorp
HashiCorp is a leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows and create a system of record for automating the cloud: infrastructure provisioning, security, networking, and application deployment. HashiCorp’s portfolio of products includes Vagrant™, Packer™, Terraform®, Vault™, Consul®, Nomad™, Boundary, and Waypoint™. HashiCorp offers products as open source, enterprise, and as managed cloud services. The company is headquartered in San Francisco, though most of HashiCorp employees work remotely, strategically distributed around the globe. For more information, visit hashicorp.com or follow HashiCorp on Twitter @HashiCorp.

All product and company names are trademarks or registered trademarks of their respective holders.

Investor Contact
Alex Kurtz
ir@hashicorp.com 

Media & Analyst Contact
Kate Lehman
media@hashicorp.com 

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.