Making Azure Application Gateway FIPS compliant

Question

My question is this: is it possible to make an Azure Application Gateway FIPS compliant?

My understanding for compliance is that the SSL method needs to use FIPS 140-2 encryption.

I've done some research, and I'm pretty sure the answer is no for the following reasons:

FIPS standards do not allow passwords on stored keys (.pfx files)
The Application Gateway setup for SSL requires a .pfx file with a password

I thought I would ask here in case there were any round-about methods for making an application gateway FIPS compliant, like with PowerShell commands or utilizing the Key Vault, that are not documented in Microsoft's documentation.

Thanks!

score 0 · Answer 1 · answered Mar 12 '18 at 00:11

0

That depends on the level of FIPS compliance you are looking for. FIPS 140-2 level 2 and above requires HSM and that is not currently supported on Application Gateway.

answered Mar 12 '18 at 00:11

amsriva-msft

319
1
5

Making Azure Application Gateway FIPS compliant

1 Answers1