The FBI’s Criminal Justice Information Services (CJIS) Security Policy v6 has sent a clear message to law enforcement and public safety agencies: the window for legacy cryptography is closing. Specifically, Control SC-13 mandates that all Criminal Justice Information (CJI) in-transit outside of physically secure locations must be protected by FIPS 140-3 validated cryptographic modules.
With the deadline for the transition away from FIPS 140-2 set for September 21, 2026, agencies are looking for modern, high-performance VPN solutions that don’t just “support” encryption, but are fundamentally built on a certified foundation.
Enter wolfSSL’s wolfGuard solution.
What is wolfGuard?
wolfGuard is the wolfSSL FIPS-compliant refactor of the WireGuard® protocol. While traditional WireGuard is praised for its simplicity and speed, its default suite (Curve25519, ChaCha20-Poly1305, and BLAKE2s) is not FIPS-certified. wolfGuard solves this by replacing these primitives with FIPS-approved equivalents from the wolfCrypt cryptographic engine—the world’s first SP800-140Br1 module in the world to achieve a FIPS 140-3 certificate (#4718).
Why wolfGuard for Public Safety?
- No Performance Sacrifice One of the primary reasons agencies choose WireGuard is its low overhead. wolfGuard maintains this performance edge. By leveraging hardware acceleration (like Intel AES-NI or ARMv8 Crypto Extensions), wolfGuard often matches or even exceeds the speed of the original WireGuard implementation while remaining strictly within FIPS boundaries.
- Seamless Deployment wolfGuard is designed as a drop-in replacement. It follows the same configuration logic and command-line syntax as traditional WireGuard. For IT administrators in the public sector, this means a near-zero learning curve and compatibility with existing network architectures.
- Future-Proofing for 2026 and beyond FIPS 140-2 certificates will not be acceptable after September 2026. By adopting wolfGuard today, agencies bypass the looming “re-certification” crisis. You aren’t just meeting the interim requirements; you are deploying the final standard now. Going beyond 2026, CNSA 2.0 will require Post Quantum Cryptographic (PQC) algorithms. wolfSSL is currently testing our PQC FIPS 140-3 module and will support PQC algorithms in wolfGuard.
- You’re probably already using us. wolfSSL is a leader in cryptography for embedded systems. Our technology is already deployed in a vast array of devices, including many first responder radios and critical infrastructure components. This ubiquity means that adopting wolfGuard is not a leap of faith, but a standardization on a technology your agency is likely already relying on for high-stakes, secure communications.
As law enforcement agencies increasingly rely on mobile data terminals, body-worn cameras, and cloud-based CJI, the security of that data “in-transit” is paramount. wolfGuard provides the perfect intersection of modern VPN efficiency and the rigorous security requirements of the FBI CJIS policy.
Don’t wait for the 2026 deadline. Secure your agency’s data with the world’s first FIPS 140-3 validated WireGuard solution. Contact facts@wolfssl.com to learn more.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now