Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.5 has renewed the Federal Information Processing Standard (FIPS 140-2) security certifications from the National Institute of Standards and Technology (NIST). FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules — including both hardware and software components — used within a security system to protect sensitive but unclassified information.
This re-certfication helps to extend Red Hat’s leadership in providing mission-critical-ready open source technologies to government agencies, helping these organizations meet necessary information security guidelines without compromising on their need for innovation, flexible software solutions. Red Hat now holds more than 20 active FIPS validations that meet the criteria for use by U.S. government agencies, maintaining Red Hat’s commitment to providing open, more secure innovation to the public sector.
As with the FIPS 140-2 re-certification of Red Hat Enterprise Linux 7 in March 2018, these cryptography certifications cover Red hat portfolio technologies that incorporate Red Hat Enterprise Linux 7.5. The additional Red Hat products re-certified with Red Hat Enterprise Linux 7.5 for FIPS 140-2 include:
- Red Hat Ceph Storage
- Red Hat CloudForms
- Red Hat Enterprise Linux Atomic Host
- Red Hat Gluster Storage
- Red Hat OpenStack Platform
- Red Hat Virtualization
Red Hat Enterprise Linux 7.5 maintains FIPS 140-2 certification for the following modules:
- OpenSSL Cryptographic Module
- OpenSSH Server Cryptographic Module
- OpenSSH Client Cryptographic Module
- NSS Cryptographic Module
- Kernel Crypto API Cryptographic Module
- Libreswan Cryptographic Module
Additionally, these modules retain FIPS 140-2 certification on these hardware configurations:
- Dell EMC PowerEdge R630 with Processor Algorithm Accelerators (PAA)
- Dell EMC PowerEdge R630 without PAA (single-user mode)
FIPS 140-2 validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated. In order to achieve FIPS 140-2 certification, cryptographic modules are subject to testing by independent Cryptographic and Security Testing Laboratories, accredited by NIST. The validation for Red Hat Enterprise Linux 7.5 was performed by the atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent organization with long-standing experience in IT security standards.