2 months ago
We are pursuing CMMC 2.0 Level 2 and require operation of cryptographic modules in FIPS 140-2 or 140-3 validated mode.
Can Railway provide or support a Node.js runtime using the OpenSSL FIPS Provider 3.0.8 (CMVP Certificate #4282) or another CMVP-validated cryptographic module?
If not, please confirm whether Railway supports FIPS-validated cryptography at the platform or OS layer that customer workloads may inherit.
4 Replies
2 months ago
May I ask is this for a FedRAMP enabled set of compliance controls?
Status changed to Awaiting User Response Railway • about 2 months ago
2 months ago
Hello, this is for CMMC 2.0 Level 2 Compliance under NIST SP 800-171 Rev. 2 Controls; SC 3.13.11: Employ FIPS-validated cryptography when used to protect the confidentiality of CUI
https://csf.tools/reference/nist-sp-800-171/r2/3-13/3-13-11/
Status changed to Awaiting Railway Response Railway • about 2 months ago
2 months ago
This requirement is not specific to FedRAMP authorization.
We are implementing CMMC 2.0 Level 2 / NIST SP 800-171 Rev. 2, which independently requires the use of FIPS 140-2 or 140-3 validated cryptographic modules for protecting CUI (e.g., NIST SP 800-171 control 3.13.11).
While FedRAMP also leverages FIPS-validated cryptography via NIST SP 800-53, our inquiry is focused specifically on whether Railway provides or supports a CMVP-validated cryptographic boundary that customer workloads may inherit for CMMC purposes, not on FedRAMP authorization.
2 months ago
Then the answer is no, not at the hobby tier, this is a configuration that we reserve for own cloud for Enterprise customers.
Status changed to Awaiting User Response Railway • about 2 months ago
a month ago
This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!
Status changed to Solved Railway • about 1 month ago