Does the requirement for IPsec in every node imply that every node must contain a FIPS-140 compliant crypto module?
The scope of the USGv6 profile and claims of conformance to it are strictly limited to the definition of IPv6 capabilities in networking products. If used as a basis for acquisitions, the USGv6 profile should not modify or affect any other requirements or regulations that would otherwise apply to the acquisition. The protections provided by IPsec and the protection that IKE provides to its own traffic require the use of cryptographic algorithms, which include encryption algorithms (to provide confidentiality), MACs or Message Authentication Codes (to provide integrity protection), and PRFs or Pseudo-Random Functions (to generate secret keys and other values used within the IPsec protocols). Users of this profile should consult the scope and applicability statements of the most recent revision of FIPS 140 Security Requirements for Cryptographic Modules to determine if additional procurement requirements apply to the specific intended use of cryptographic algorithms required by IPv6 IPse
