Ensure that Federal Information Process Standard (FIPS) is enabled for your Azure Kubernetes Service (AKS) cluster node pools. The Federal Information Processing Standard (FIPS) 140-2 is a US government standard that sets the minimum security requirements for cryptographic modules in information technology products and systems. Azure Kubernetes Service (AKS) enables you to create Linux and Windows node pools with FIPS 140-2 enabled. Deployments that run on FIPS-enabled node pools can use these cryptographic modules to enhance security and assist in meeting security controls as part of FedRAMP compliance.
Federal Information Process Standard (FIPS) should be enabled for AKS cluster node pools to ensure compliance with government regulations and security standards. FIPS provides a strong cryptographic foundation, protecting sensitive data and enhancing the overall security posture of the ASK cluster.
Audit
To determine if your AKS clusters are configured with FIPS-enabled node pools, perform the following operations:
The list of supported OS versions is available here.Checking for FIPS-enabled AKS cluster node pools using Microsoft Azure Portal (Azure Console) is not currently supported.
Remediation / Resolution
To ensure that Federal Information Process Standard (FIPS) is enabled for your Azure Kubernetes Service (AKS) cluster node pools, perform the following operations:
Enabling FIPS for AKS cluster node pools using Microsoft Azure Portal (Azure Console) is not currently supported.References
- Azure Official Documentation
- Federal Information Processing Standard (FIPS) 140
- Enable Federal Information Process Standard (FIPS) for Azure Kubernetes Service (AKS)
- Azure PowerShell Documentation
- az account list
- az account set
- az aks list
- az aks show
- az aks nodepool update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Federal Information Process Standard (FIPS) for AKS Cluster Node Pools
Risk Level: Medium