This is a guest post written by Drew Varner. It originally appeared on the NineFX blog, and has been republished here with his permission. We hope you enjoy!.
NineFX, a HUBZone/SDVOSB-certified, value-added reseller for CircleCI, supports both commercial and federal government customers. The software that we ship to our federal customers must meet specific regulatory requirements from the National Institute of Standards & Technology (NIST). NIST’s Federal Information Processing Standard (FIPS) 140-2 is the standard that governs cryptographic modules in federal software.
Because we service both commercial and federal customers, in this post I will describe how we use CircleCI workflows to provide timely feedback on our software’s support of FIPS 140-2 cryptography, enabling us to monitor a project’s FIPS compatibility.