Not all cryptographic modules present in a PCF deployment are FIPS compliant.
The cryptographic modules deployed for IPsec communication (OpenSSL, C language) are built and deployed to operate in FIPS mode. However, the cryptographic modules used in UAA (Java), the CF router, and Diego (Golang), as well as the OpenSSL package used for host-based SSH (C language), are not currently FIPS compliant.
The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.
Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role.