Versa Networks announced it achieved FIPS 140-2 certification for its Versa Operating System (VOS), the foundation of its SD-WAN and secure access service edge (SASE) products that can support encryption of data within communication protocols like IPsec, transport layer security (TLS), and secure shell (SSH).

Versa’s Chief Security Architect Sunil Ravi called the certification that addresses cryptographic functionality “paramount” for security sensitive customers such as the U.S. government and large corporations.

Ravi said the certification will give Versa an advantage as government agencies move to implement President Biden’s executive order from May of 2021, which sought to improve the state of national cybersecurity in the U.S. and to increase protection of government networks following incidents like SolarWinds and the Colonial Pipeline hack.

“The executive order outlines the need to modernize cybersecurity defenses in the country as well as opening channels for sharing information relating to cybersecurity threats and breach information,” Ravi said.

Versa sees a lot of demand for Versa Secure SD-WAN and SASE technologies within the government customer base, Ravi noted, and the vendor is in “various stages of POC, pilot, and production with government customers.”

Additionally, FIPS certification enables Versa to compete in corporate customer accounts with “stringent cryptographic security standards."

Created by the National Institute of Standards and Technology’s (NIST’s) Computer Security Division, FIPS establishes a data security and computer system standard that organizations must adhere to per the Federal Information Security Management Act (FISMA) of 2002.

The process for the FIPS 140-2 certification starts with the selection of a certification lab accredited by NIST to perform the “rigorous testing” needed for the certification, according to Ravi. The certification is a two-step process, where the cryptographic algorithms are certified as part of the first step, and the cryptographic operations of the module are tested during the second step.

Ravi explained that government customers have a mandatory requirement for FIPS compliance for all products that support cryptography. “Cryptographic functionality that is not FIPS compliant will not be deployed by government customers,” he said.

“By achieving FIPS certification, Versa has been able to meet FIPS requirements and engage in advanced security discussions with various federal and state government agencies."