Red Hat, Inc., the world’s leading provider of open source solutions, today announced the renewal of the Federal Information Processing Standard 140-2 (FIPS 140-2) security validations for Red Hat Enterprise Linux 7.6. Driven by the National Institute of Standards and Technology (NIST), FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules — including both hardware and software components — used within a security system to protect sensitive information.
The FIPS 140-2 re-certification of Red Hat Enterprise Linux 7.6 shows our continued commitment to delivering a more secure and product-ready set of open hybrid cloud technologies, all based on the foundation of the world’s leading enterprise Linux platform.
This renewed validation maintains and extends Red Hat’s leadership in providing mission-critical-ready open source technologies to government agencies and regulated industries, such as healthcare and telecommunications. With Red Hat’s FIPS 140-2 validated solutions, these industries can better meet necessary information security guidelines without compromising on the need for innovative, flexible software solutions. Red Hat maintains a strong commitment to providing open, more secure IT innovation to the public sector, with the company’s technologies now holding more than 20 active FIPS validations that meet the criteria for use by U.S. government agencies.
Following the FIPS 140-2 validation of Red Hat Enterprise Linux 7.5 in November 2018, these cryptography re-validations cover Red Hat Enterprise Linux 7.6 and portfolio technologies that incorporate Red Hat Enterprise Linux 7.6. Additional products which use the FIPS 140-2 re-validated cryptography modules include, but are not limited to:
- Red Hat Virtualization
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat Gluster Storage
- Red Hat Ceph Storage
- Red Hat CloudForms
- Red Hat Satellite
Red Hat Enterprise Linux 7.6 updates FIPS 140-2 validation for the following modules:
- OpenSSL Cryptographic Module
- GnuTLS Cryptographic Module
- Kernel Crypto API Cryptographic Module
- Libreswan Cryptographic Module
These modules retain FIPS 140-2 validation when used on these hardware configurations:
- Dell EMC PowerEdge R630 with Processor Algorithm Accelerators (PAA)
- Dell EMC PowerEdge R630 without PAA (single-user mode)
FIPS 140-2 validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated. In order to achieve FIPS 140-2 validation, cryptographic modules are subject to testing by NIST-accredited independent Cryptographic and Security Testing Laboratories. The validation for Red Hat Enterprise Linux 7.6 was performed by Atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent organization with long-standing experience in IT security standards.
In addition to the renewed certification of Red Hat Enterprise Linux 7.6, Red Hat Enterprise Linux 7.7 and Red Hat Enterprise Linux 8.1 are currently on the NIST “Implementation Under Test” list with the intent to extend FIPS 140-2 validation to the latest releases of the Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 platforms.