diff --git a/libbeat/common/flowhash/communityid.go b/libbeat/common/flowhash/communityid.go
index 97f9f321a664..f1b9d4de163f 100644
--- a/libbeat/common/flowhash/communityid.go
+++ b/libbeat/common/flowhash/communityid.go
@@ -19,8 +19,6 @@ package flowhash
 
 import (
 	"crypto"
-	// import crypto/sha1 so that the SHA1 algorithm is available.
-	_ "crypto/sha1"
 	"encoding/binary"
 	"net"
 )
@@ -31,10 +29,6 @@ type communityIDHasher struct {
 	hash    crypto.Hash
 }
 
-// CommunityID is a flow hasher instance using the default values
-// in the community ID specification.
-var CommunityID = NewCommunityID(0, Base64Encoding, crypto.SHA1)
-
 // NewCommunityID allows to instantiate a flow hasher with custom settings.
 func NewCommunityID(seed uint16, encoder Encoding, hash crypto.Hash) Hasher {
 	h := &communityIDHasher{
diff --git a/libbeat/common/flowhash/communityid_fips.go b/libbeat/common/flowhash/communityid_fips.go
new file mode 100644
index 000000000000..7d3ab4839bcd
--- /dev/null
+++ b/libbeat/common/flowhash/communityid_fips.go
@@ -0,0 +1,34 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build requirefips
+
+package flowhash
+
+var CommunityID = NewCommunityID()
+
+type communityIDHasher struct{}
+
+// NewCommunityID allows to instantiate a flow hasher with custom settings.
+func NewCommunityID() Hasher {
+	return &communityIDHasher{}
+}
+
+// Hash returns the hash for the given flow.
+func (h *communityIDHasher) Hash(flow Flow) string {
+	return ""
+}
diff --git a/libbeat/common/flowhash/communityid_fips_test.go b/libbeat/common/flowhash/communityid_fips_test.go
new file mode 100644
index 000000000000..623722bc0fba
--- /dev/null
+++ b/libbeat/common/flowhash/communityid_fips_test.go
@@ -0,0 +1,31 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build requirefips
+
+package flowhash
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestCommunityID(t *testing.T) {
+	s := CommunityID.Hash(Flow{SourcePort: 1})
+	require.Empty(t, s)
+}
diff --git a/libbeat/common/flowhash/communityid_nofips.go b/libbeat/common/flowhash/communityid_nofips.go
new file mode 100644
index 000000000000..83303f60b292
--- /dev/null
+++ b/libbeat/common/flowhash/communityid_nofips.go
@@ -0,0 +1,24 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build !requirefips
+
+package flowhash
+
+import "crypto"
+
+var CommunityID = NewCommunityID(0, Base64Encoding, crypto.SHA1)
diff --git a/libbeat/common/flowhash/communityid_test.go b/libbeat/common/flowhash/communityid_test.go
index be6dbae91c4c..0c6b5a8ffde3 100644
--- a/libbeat/common/flowhash/communityid_test.go
+++ b/libbeat/common/flowhash/communityid_test.go
@@ -15,6 +15,8 @@
 // specific language governing permissions and limitations
 // under the License.
 
+//go:build !requirefips
+
 package flowhash
 
 import (
diff --git a/libbeat/processors/communityid/communityid.go b/libbeat/processors/communityid/communityid.go
index e2db51935a03..5a0a35744418 100644
--- a/libbeat/processors/communityid/communityid.go
+++ b/libbeat/processors/communityid/communityid.go
@@ -15,6 +15,8 @@
 // specific language governing permissions and limitations
 // under the License.
 
+//go:build !requirefips
+
 package communityid
 
 import (
@@ -66,10 +68,7 @@ func New(cfg *cfg.C) (beat.Processor, error) {
 }
 
 func newFromConfig(c config) (*processor, error) {
-	hasher := flowhash.CommunityID
-	if c.Seed != 0 {
-		hasher = flowhash.NewCommunityID(c.Seed, flowhash.Base64Encoding, crypto.SHA1)
-	}
+	hasher := flowhash.NewCommunityID(c.Seed, flowhash.Base64Encoding, crypto.SHA1)
 
 	return &processor{
 		config: c,
diff --git a/libbeat/processors/communityid/communityid_test.go b/libbeat/processors/communityid/communityid_test.go
index 608787b9265d..a962948e09b7 100644
--- a/libbeat/processors/communityid/communityid_test.go
+++ b/libbeat/processors/communityid/communityid_test.go
@@ -15,6 +15,8 @@
 // specific language governing permissions and limitations
 // under the License.
 
+//go:build !requirefips
+
 package communityid
 
 import (
diff --git a/packetbeat/flows/worker.go b/packetbeat/flows/worker.go
index 46f7c0ca4187..3edae26ed97c 100644
--- a/packetbeat/flows/worker.go
+++ b/packetbeat/flows/worker.go
@@ -443,9 +443,11 @@ func createEvent(watcher *procs.ProcessesWatcher, ts time.Time, f *biFlow, isOve
 		}
 
 		if v, found := stats["bytes"]; found {
+			//nolint:errcheck // ignore
 			totalBytes += v.(uint64)
 		}
 		if v, found := stats["packets"]; found {
+			//nolint:errcheck // ignore
 			totalPackets += v.(uint64)
 		}
 	}
@@ -461,15 +463,18 @@ func createEvent(watcher *procs.ProcessesWatcher, ts time.Time, f *biFlow, isOve
 		}
 
 		if v, found := stats["bytes"]; found {
+			//nolint:errcheck // ignore
 			totalBytes += v.(uint64)
 		}
 		if v, found := stats["packets"]; found {
+			//nolint:errcheck // ignore
 			totalPackets += v.(uint64)
 		}
 	}
 	if communityID.Protocol > 0 && len(communityID.SourceIP) > 0 && len(communityID.DestinationIP) > 0 {
-		hash := flowhash.CommunityID.Hash(communityID)
-		network["community_id"] = hash
+		if hash := flowhash.CommunityID.Hash(communityID); hash != "" {
+			network["community_id"] = hash
+		}
 	}
 	network["bytes"] = totalBytes
 	network["packets"] = totalPackets
diff --git a/x-pack/auditbeat/module/system/socket/state.go b/x-pack/auditbeat/module/system/socket/state.go
index f102127e783c..1da4e6e201c5 100644
--- a/x-pack/auditbeat/module/system/socket/state.go
+++ b/x-pack/auditbeat/module/system/socket/state.go
@@ -962,13 +962,6 @@ func (f *flow) toEvent(final bool) (ev mb.Event, err error) {
 			"transport": f.proto.String(),
 			"packets":   f.local.packets + f.remote.packets,
 			"bytes":     f.local.bytes + f.remote.bytes,
-			"community_id": flowhash.CommunityID.Hash(flowhash.Flow{
-				SourceIP:        localAddr.IP,
-				SourcePort:      uint16(localAddr.Port),
-				DestinationIP:   remoteAddr.IP,
-				DestinationPort: uint16(remoteAddr.Port),
-				Protocol:        uint8(f.proto),
-			}),
 		},
 		"event": mapstr.M{
 			"kind":     "event",
@@ -984,6 +977,16 @@ func (f *flow) toEvent(final bool) (ev mb.Event, err error) {
 			"complete": f.complete,
 		},
 	}
+	if communityid := flowhash.CommunityID.Hash(flowhash.Flow{
+		SourceIP:        localAddr.IP,
+		SourcePort:      uint16(localAddr.Port),
+		DestinationIP:   remoteAddr.IP,
+		DestinationPort: uint16(remoteAddr.Port),
+		Protocol:        uint8(f.proto),
+	}); communityid != "" {
+		(root["network"].(mapstr.M))["community_id"] = communityid
+	}
+
 	var errs multierror.Errors
 	rootPut := func(key string, value interface{}) {
 		if _, err := root.Put(key, value); err != nil {
diff --git a/x-pack/filebeat/input/netflow/convert.go b/x-pack/filebeat/input/netflow/convert.go
index 9e39133fd0d4..4b43c07d2916 100644
--- a/x-pack/filebeat/input/netflow/convert.go
+++ b/x-pack/filebeat/input/netflow/convert.go
@@ -327,13 +327,15 @@ func flowToBeatEvent(flow record.Record, internalNetworks []string) beat.Event {
 		ecsNetwork["name"] = ssid
 	}
 
-	ecsNetwork["community_id"] = flowhash.CommunityID.Hash(flowhash.Flow{
+	if communityid := flowhash.CommunityID.Hash(flowhash.Flow{
 		SourceIP:        srcIP,
 		SourcePort:      srcPort,
 		DestinationIP:   dstIP,
 		DestinationPort: dstPort,
 		Protocol:        uint8(protocol),
-	})
+	}); communityid != "" {
+		ecsNetwork["community_id"] = communityid
+	}
 
 	if len(ecsFlow) > 0 {
 		event.Fields["flow"] = ecsFlow