I was discussing Mikrotik today with a client and they were wondering if RouterOS and/or Mikrotik hardware was NIST Compliant, and if so, to what level. I don’t know much about it, and neither did they, but they know that NIST compliance is coming down the pipe of their IT directives. They don’t have any Mikrotik as yet, but they were interested, but if there is no NIST compliance, it’s dead from the beginning as they will have to replace it when the NIST directive comes down.
Anyone have any comments ? Appreciate any relevant info.
My guess is that you’ll have to ask Mikrotik directly, via official support channels (e.g. via support@mikrotik.com ). You’re welcome to post here any usable information you might get from them.
Hi,
I do think, they were confusing NIPS with FIPS… Btw. both NIST releases lots of different standards and FIPS has many different parts. To complicate it: NIST has been working on FIPS.
Some vendors comply to FIPS standards, more specifically:
“NIST compliance” is a very broad term. NIST (National Institute of Standards and Technology, a US Federal Organization) has many different standards in different revisions. Some of them also combine or overlap with US federal standards like FIPS.
I suggest to ask for the exact standard name and revision MikroTik HW would have to comply with. For ex. NISTIR 8320B is the relevant standard for cloud computing HW.
There should be a similar number for Network HW/Routers etc.
