Red Hat renewed the Federal Information Processing Standard 140-2 (FIPS 140-2) security validation for Red Hat Enterprise Linux 8.2. The second FIPS certification for the Red Hat Enterprise Linux 8 platform shows Red Hat’s leadership and commitment to providing a more secure backbone for creating an open hybrid cloud.
Red Hat Enterprise Linux 8.3 and Linux 8.4 are waiting for testing
Driven by the National Institute of Standards and Technology (NIST), FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules, including hardware and software components. This validation is required when agencies determine that specific information systems should use cryptography to protect data.
Paul Smith, Senior Vice President and General Manager, Public Sector, North America at Red Hat, said,
“The renewed FIPS 140-2 validation for Red Hat Enterprise Linux 8.2 and Red Hat Enterprise Linux 7.7 indicated Red Hat’s strong commitment to delivering an independently validated, more secure platform for sensitive computing deployments across the hybrid cloud and in both the public and private sectors.”
With this renewal, many of Red Hat’s open hybrid cloud offerings also retain the FIPS 140-2 certification because of layered products building on Red Hat Enterprise Linux 8.2’s cryptography modules. Red Hat Ceph Storage, Red Hat Gluster Storage, Red Hat OpenShift, Red Hat OpenStack Platform, Red Hat Satellite, and Red Hat Virtualization are some of these products.
OpenSSL Cryptographic Module, NSS Cryptographic Module, Kernel Crypto API Cryptographic Module, GnuTLS Cryptographic Module, Libgcrypt Cryptographic Module in Red Hat Enterprise Linux 8.2 are modules received FIPS 140-2 validation.
Furthermore, Red Hat Enterprise Linux 7.7 received renewed FIPS 140-2 certificates for the following cryptographic modules of OpenSSL, NSS Kernel Crypto API, OpenSSH Client, OpenSSH Server, and Libreswan.
Red Hat Enterprise Linux 7 will be the last RHEL 7 release to receive FIPS 140-2 validation. Red Hat plans to get Kernel Crypto API Cryptographic Module certificate updates to include the latest Red Hat Enterprise Linux 7.8 and Red Hat Enterprise Linux 7.9 kernel versions. After validating Red Hat Enterprise Linux 8.2, Red Hat Enterprise Linux 8.3 and Red Hat Enterprise Linux 8.4 are currently being validated or are already on the NIST “Modules In Process” list.