Red Hat Enterprise Linux 7.5 renewed FIPS 140-2 security certifications from National Institute of Standards and Technology



Red Hat Inc., provider of open source solutions, announced that Red Hat Enterprise Linux 7.5 has renewed the Federal Information Processing Standard (FIPS 140-2) security certifications from the National Institute of Standards and Technology (NIST). Red Hat now holds more than 20 active FIPS validations that meet the criteria for use by U.S. government agencies, maintaining Red Hat’s commitment to providing open, more secure innovation to the public sector.

FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules — including both hardware and software components — used within a security system to protect sensitive but unclassified information.

This re-certification helps to extend Red Hat’s position in providing mission-critical-ready open source technologies to government agencies, helping these organizations meet necessary information security guidelines without compromising on their need for innovation, flexible software solutions.

Red Hat Enterprise Linux 7.5 maintains FIPS 140-2 certification for the various modules, including OpenSSL Cryptographic Module, OpenSSH Server Cryptographic Module, OpenSSH Client Cryptographic Module, NSS Cryptographic Module, Kernel Crypto API Cryptographic Module, and Libreswan Cryptographic Module.

Additionally, these modules retain FIPS 140-2 certification on hardware configurations including Dell EMC PowerEdge R630 with Processor Algorithm Accelerators (PAA), and Dell EMC PowerEdge R630 without PAA (single-user mode).

FIPS 140-2 validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated. In order to achieve FIPS 140-2 certification, cryptographic modules are subject to testing by independent Cryptographic and Security Testing Laboratories, accredited by NIST.

The validation for Red Hat Enterprise Linux 7.5 was performed by the atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent organization with experience in IT security standards.

As with the FIPS 140-2 re-certification of Red Hat Enterprise Linux 7 in March 2018, these cryptography certifications cover Red hat portfolio technologies that incorporate Red Hat Enterprise Linux 7.5. The additional Red Hat products re-certified with Red Hat Enterprise Linux 7.5 for FIPS 140-2 include Red Hat Ceph Storage, Red Hat CloudForms, Red Hat Enterprise Linux Atomic Host, Red Hat Gluster Storage, Red Hat OpenStack Platform, and Red Hat Virtualization.

“Regardless of technological advances, protecting sensitive information remains a top priority for every government entity, from executive agencies to state-level organizations,” said Paul Smith, senior vice president and general manager, Red Hat. “This need is one that Red Hat has helped to meet for more than a decade with a portfolio of enterprise open source solutions built on the backbone of the world’s leading enterprise Linux platform. We further extend this commitment today with the FIPS 140-2 re-certification of Red Hat Enterprise Linux, providing the confidence that Red Hat’s software can provide more secure computing at both the operating system and layered infrastructure levels.”

 

Leave a Reply

WWPI – Covering the best in IT since 1980