Is splunk FIPS 140-2 compliant?
asked 12 Jan '11, 19:27
Splunk (the software) has not been submitted for FIPS 140-2 accreditation. At this time, there are no plans that I am aware of to engage in the accreditation process.
Splunk uses OpenSSL shared libraries for all encryption, and according to openssl.org, OpenSSL will never be FIPS-140-2 validated/accredited:
Furthermore, Splunk does not use the OpenSSL FIPS Object Model, which has been uniquely validated as FIPS-140-2 compliant. At this time, we do not anticipate moving to the OpenSSL FIPS Object Model because of compatibility and portability reasons.