FIPS Verified Agent Integrations

This product is not supported for your selected Datadog site. ().
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

As part of the FedRAMP High effort, several integrations have been verified for FIPS 140-2 compliance. Integrations that are not mentioned below may function in compliance with FIPS 140-2 but have not been tested internally.

This guide is for customers that require FIPS compliant services and use Datadog integrations.

Enabling FIPS mode for a supported integration

To ensure compliance, make sure to use an HTTPS endpoint whenever possible and follow the integration-specific instructions below.

Integrations marked out of the box (“OOTB”) require no further configuration.

IntegrationConfiguration
Amazon MSKOOTB
ApacheOOTB
ArgoCDOOTB
Azure Active DirectoryOOTB
CoreDNSOOTB
ElasticsearchOOTB
EnvoyOOTB
HaproxyOOTB
IstioOOTB
KafkaTo enable TLS make sure to follow the JMXFetch FIPS-140 mode guide.
MongoDBThe tls option must be set to true through the integration configuration.
MySQLThe ssl option must be set through the integration configuration.
NginxOOTB
Php-fpmEven though the php_fpm integration uses the random module, that use is restricted to randomizing the retry delay.
PostfixOOTB
RabbitMQOOTB
RedisThe ssl option must be enabled through the integration configuration.
SSHOOTB
TLSOOTB
TomcatTo enable TLS make sure to follow the JMXFetch FIPS-140 mode guide.
VaultOOTB
vSphereBoth ssl_verify and rest_api_options > tls_verify need to be set to true if using the vSphere REST API to get tags (collect_tags: true).
Windows ServiceOOTB
ZookeeperThe use_tls option must be enabled through the integration configuration.
Configuring the IIS integration to query remote systems is discouraged. It relies on a Windows API for cryptography, which Datadog cannot control.

Further reading

추가 유용한 문서, 링크 및 기사:

Datadog FIPS ComplianceDOCUMENTATION more more