With the release of Elasticsearch version 6.4.0, the software can now operate within a FIPS 140-2 environment, which requires a Platinum subscription. FIPS 140-2 is a U.S. Government standard set by NIST that outlines security requirements for cryptographic modules, aiming to protect sensitive but unclassified data. While Elasticsearch itself is not a cryptographic module, it can comply with FIPS 140-2 by running in a Java Virtual Machine (JVM) that utilizes approved cryptographic algorithms through Java's Cryptography Architecture and Extension providers. This compliance ensures that data encryption, password hashing, and secure communications within Elasticsearch adhere to stringent security standards. To enable FIPS 140-2 mode, users must configure the "fips_mode" setting in Elasticsearch, and they have the option to switch from bcrypt, which is not FIPS-approved, to the compliant PBKDF2 algorithm for password hashing. Elastic aims to integrate FIPS 140-2 support across more of its products, reflecting its commitment to security.