FIPS-Approved Mode of Operation

This guide describes how you can set up and use PrivX in compliance with Federal Information Processing Standards (FIPS).

High-level PrivX differences in FIPS-approved mode:

• PrivX must be set up from RPM packages.
• PrivX components such as the PostgreSQL database, and the PrivX Server OS, must operate in FIPS mode.
• Only FIPS-approved algorithms should be used in FIPS-approved mode.
• Some PrivX features are unsupported in FIPS-approved mode.

When running in FIPS mode, PrivX uses the FIPS 140-3 validated SSH Communications Security Cryptographic Module to perform all cryptographic operations.

FIPS-Approved Feature Support

Certain PrivX features are restricted when running in FIPS-approved mode.

These features are supported in FIPS-approved mode:

• Vaulting secrets.
• Host-account password rotation.
• Target-domain-account password rotation.
• SSH and RDP-connection session recording, playback, and live monitoring.
• Network-target connections.
• SCIM user and host directories.
• Cloud-provider host directories.
• Cloud-logger integration.
• Syslog integration.

These features are unsupported in FIPS-approved mode:

• WEB connections.
• Connections over PrivX Extenders
• VNC connections.
• DB connections.
• NLA security mode in RDP.
• RDP certificate-based authentication (when target doesn't support PKINIT)
• Kerberos authentication to PrivX.
• UEBA.

FIPS-Mode Setup

This section describes the considerations and constraints for setting up PrivX in FIPS mode.

PrivX Database

The PostgreSQL database version must be 16 or later. The database must be running in FIPS mode.

The user that PrivX uses for accessing the PostgreSQL database must have a password that's 14 bytes or longer.

PrivX Servers

You must install PrivX Servers using PrivX RPM packages. PrivX RPM packages are available from Get PrivX Software or from the SSH repository.

PrivX version must be 40.x or later. Upgrading from older PrivX versions is not supported for FIPS.

The PrivX Server OS must be set up in FIPS mode. The OS must remain in FIPS mode throughout the PrivX deployment's lifecycle. PrivX supports the following operating systems for FIPS-approved mode:

• Red Hat Enterprise Linux 9.x
• Rocky Linux 9.x

When running postinstall.sh, ensure that:

• PrivX pkcs11 keyvault support is disabled.
• PrivX PostgreSQL database user's password must be 14 bytes or longer.

If using environment variables for postinstall.sh, the following values must be used:

• PRIVX_KEYVAULT_PKCS11_ENABLE=0 (or leave undefined)
• PRIVX_DATABASE_PASSWORD must be 14 bytes or longer.
• PRIVX_PASSWORD_HASH="pbkdf2/300000" (or leave undefined)

Load Balancer

For PrivX HA deployments in FIPS-approved mode, ensure that the load balancer satisfies the following:

• The used TLS version is 1.2 or 1.3.
• Any used algorithms must be FIPS-approved.

Optional Components

PrivX Extenders, Carriers, and Web Proxies do not support FIPS. While it is possible to run non-FIPS Extenders, Carriers, and Web Proxies alongside PrivX that's in FIPS-approved mode, any (extender and web) connections via such components aren't necessarily FIPS-compliant.

For network-target access, you can set up PrivX Routers on machines where the operating system is running in FIPS mode.

FIPS-Approved PrivX Configuration

This section describes the allowed configurations for operating PrivX in FIPS-approved mode.

By default, when PrivX is installed on an operating system running in FIPS mode, it is automatically configured to use only FIPS-approved settings. However, PrivX does not prevent manually enabling non-FIPS configurations, such as additional cryptographic algorithms.

Allowed SSH Algorithms and Authentication Methods

The following SSH algorithms can be used in FIPS-approved mode. SSH algorithms are configured on PrivX Servers in /opt/privx/etc/ssh-algorithms.toml.

KEX algorithms:

• mlkem1024nistp384-sha384
• mlkem768nistp256-sha256
• ecdh-nistp521-kyber1024-sha512@ssh.com
• ecdh-sha2-nistp521
• ecdh-sha2-nistp384
• ecdh-sha2-nistp256
• diffie-hellman-group16-sha512
• diffie-hellman-group14-sha256

Ciphers:

• aes256-gcm@openssh.com
• aes256-ctr
• aes192-ctr
• aes128-gcm@openssh.com
• aes128-ctr
• aes128-cbc (disabled by default)

MACs:

• hmac-sha2-512
• hmac-sha2-256
• hmac-sha2-512-etm@openssh.com (disabled by default)
• hmac-sha2-256-etm@openssh.com (disabled by default)

Host-key algorithms:

• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• rsa-sha2-256
• rsa-sha2-512
• ssh-ed25519
• ecdsa-sha2-nistp256-cert-v01@openssh.com
• ecdsa-sha2-nistp384-cert-v01@openssh.com
• ecdsa-sha2-nistp521-cert-v01@openssh.com
• rsa-sha2-256-cert-v01@openssh.com
• rsa-sha2-512-cert-v01@openssh.com
• ssh-ed25519-cert-v01@openssh.com

Public-key signature types accepted in SSH Bastion authorized-key authentication:

• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• rsa-sha2-256
• rsa-sha2-512
• ssh-ed25519

Allowed authentication methods for SSH connections:

• OpenSSH-certificate authentication with public-key types:
  • ecdsa-sha2-nistp256-cert-v01@openssh.com
  • ecdsa-sha2-nistp384-cert-v01@openssh.com
  • ecdsa-sha2-nistp521-cert-v01@openssh.com
  • ssh-rsa-cert-v01@openssh.com
• X.509v3-certificate authentications with public-key types:
  • x509v3-ecdsa-sha2-nistp256
  • x509v3-ecdsa-sha2-nistp384
  • x509v3-ecdsa-sha2-nistp521
  • x509v3-rsa2048-sha256
  • x509v3-sign-rsa-sha256@ssh.com
  • x509v3-sign-rsa-sha512@ssh.com
• Role principal's public-key authentication with public-key types:
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-rsa
  • ssh-ed25519
• Stored password
• Prompted password

Public-key signature types used for SSH connections:

• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• rsa-sha2-256
• rsa-sha2-512
• rsa2048-sha256
• x509v3-sign-rsa-sha256@ssh.com
• x509v3-sign-rsa-sha512@ssh.com
• ssh-ed25519

Allowed RDP Algorithms

Allowed RDP algorithms in FIPS-approved mode.

RDP security modes:

• TLS

TLS versions:

• 1.2
• 1.3

Signature types used in Window smart-card authentication:

• RSA with SHA256
• RSA with SHA512

RDP Bastion configurations for client (defined in /opt/privx/etc/rdpmitm/rdpproxy-fips.in):

• Required:
  • tls_fallback_legacy = 0
  • tls_support = 1
  • enable_nla = 0
• Recommended (modifications allowed, but beware of FIPS requirements when changing defaults):
  • tls_min_level = 2
  • tls_max_level = 0
  • ssl_cipher_list
  • tls_1_3_ciphersuites
• Safe to modify (for debugging purposes):
  • show_common_cipher_list

Cryptographic-Key Requirements

The following authorizer and access-group key types and sizes are supported in FIPS-approved mode:

The following role-principal key types and sizes are supported in FIPS approved mode:

FIPS-Approved PrivX Operation

This section describes considerations for operating PrivX in FIPS-approved mode.

Authenticating to PrivX

Following authentication methods are supported when authenticating to PrivX in FIPS-approved mode:

• AD/LDAP-directory authentication
• Password
• Open ID Connect (OIDC)
• Client certificate
• Passkeys
• Token exchange
• Session password
• Authorized keys

Supported password-hashing methods for local-user authentication in user store:

• PBKDF2 with SHA-512, minimum 300000 iterations

PrivX Tools

The PrivX tools (/opt/privx/bin/*-tool executables on PrivX Servers) must be run with FIPS-approved PrivX Configurations only. Running PrivX tools with FIPS-noncompliant configurations will break PrivX FIPS compliance.

Certificate Templates for Tectia Targets

When setting up connections to Tectia SSH Servers in FIPS-approved mode, the corresponding host Service must be configured to use the following Certificate Template:

• x509v3 RFC6187 - to be used with Tectia Server versions 6.5.1 and later.
• x509v3 Tectia Server - to be used with previous Tectia Server versions.

To set the Certificate Template, Edit the target host's settings, then under Services, expand the Additional Settings and select a template.