We’re excited to announce that FIPS 140-3 compliant Mule Runtime is now generally available (GA) for MuleSoft Government Cloud, a significant milestone in our commitment to meeting the highest federal security standards for our public sector customers, ensuring your integration workloads satisfy FedRAMP mandates without additional tooling.
Upgrade your Government Cloud environment to the current federal cryptographic standard
This release ensures that every cryptographic process within the Mule Runtime meets the rigorous requirements set forth by the US federal government to protect sensitive, unclassified data.
What is FIPS 140-3?
FIPS 140-3 (Federal Information Processing Standard Publication 140-3) is the latest US federal government standard that defines strict security requirements for cryptographic modules used in IT systems. It is the successor to FIPS 140-2 and is required for any system that processes, stores, or transmits sensitive government information. For government agencies and organizations handling federal data, using FIPS-validated cryptography is a regulatory mandate, not optional.
What this means for customers: Benefits and availability
You can now run your MuleSoft Government Cloud workloads on Hybrid Standalone (HSA) and CloudHub 1.0 (CH1) deployment models with full FIPS 140-3 compliance built directly into the runtime, with no third-party cryptographic solutions required.
Benefits:
- Meet FedRAMP compliance requirements Ensure your MuleSoft Government Cloud integration workloads satisfy federal cryptographic security mandates without additional tooling or workarounds
- Align with federal security frameworks: Whether you’re operating under FedRAMP, FISMA, or other compliance frameworks, this release ensures your cryptographic processes meet the required standards
- Operate with confidence in regulated environments: Remove compliance uncertainty and run your integration workloads knowing that cryptographic operations are fully validated against federal standards
- No alternative solutions needed: FIPS 140-3 compliance is built into the runtime, eliminating the need to seek third-party cryptographic solutions
This release is available to all MuleSoft Government Cloud customers using:
- Hybrid Standalone (HSA) deployments: Mule applications hosted and managed in customer’s own data centers or private/public clouds
- CloudHub (CH1) deployments: Mule applications hosted on MuleSoft Government Cloud
Getting started
Ready to take advantage of FIPS 140-3 compliant runtime in your MuleSoft Government Cloud environment? Upgrade to Mule Runtime 4.9 LTS patch version 4.9.18 or later that supports FIPS 140-3 compliance and get started with our FIPS 140-3 support documentation.
Our commitment to security-first integration
This release reflects MuleSoft’s deep commitment to serving government agencies and security-conscious organizations. As federal security standards continue to evolve, we remain dedicated to ensuring that MuleSoft Government Cloud provides a trusted, compliant platform for the most sensitive integration workloads. MuleSoft Government Cloud meets the highest federal cryptographic security standards, enabling agencies and regulated organizations to integrate with confidence.
Effective September 21, 2026, the National Institute of Standards and Technology (NIST) will officially transfer every FIPS 140-2 validation into ‘Historical’ standing. To prevent FedRAMP compliance findings, we strongly encourage upgrading your integration applications and underlying Mule runtimes to FIPS 140-3 validated versions before any upcoming security assessment scheduled past this deadline.
Learn more about MuleSoft Government Cloud and our security capabilities, or contact your MuleSoft account team. For questions about your specific upgrade path or to request a compliance readiness analysis for your applications, reach out to your account representative.