Are Ubiquiti products commonplace for companies that contract with the US government outside of the DoD/DoW?
replySince DoD/DoW generally requires STIG compliance, and none authored are for any specific Ubiquiti product, we can cross that off the list. Sure they can get exceptions or use a more generalized STIG but stakeholders generally have pre-defined limitations on what they will and will not allow on networks they sponsor.
The Defense Industrial Base is 10s of thousands of companies. May are small businesses. Many need to obtain CMMC Level 2, which has requirements for FIPS certified encryption. Our systems do not directly connect to Government systems and those STIGs may not apply directly. So, could I use Ubiquiti in some places? Maybe, not to store controlled information in this case. I could probably store previously fips encrypted files there. Would I want to use Ubiquiti cloud services? No.
replyMaybe worth noting that TrueNAS added FIPS in 2024:
replyFIPS mode is the greatest
replyNot really deal breaker for most customers
reply