Red Hat, Inc., the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.5 has renewed the Federal Information Processing Standard (FIPS 140-2) security certifications from the National Institute of Standards and Technology (NIST). FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive but unclassified information.
This re-certification helps to extend Red Hat’s leadership in providing mission-critical-ready open source technologies to government agencies, helping these organizations meet necessary information security guidelines without compromising on their need for innovation, flexible software solutions.
As with the FIPS 140-2 re-certification of Red Hat Enterprise Linux 7 in March 2018, these cryptography certifications cover Red hat portfolio technologies that incorporate Red Hat Enterprise Linux 7.5. The additional Red Hat products re-certified with Red Hat Enterprise Linux 7.5 for FIPS 140-2 include:
Red Hat Ceph Storage
Red Hat CloudForms
Red Hat Enterprise Linux Atomic Host
Red Hat Gluster Storage
Red Hat OpenStack Platform
Red Hat Virtualization
Red Hat Enterprise Linux 7.5 maintains FIPS 140-2 certification for the following modules:
Additionally, these modules retain FIPS 140-2 certification on these hardware configurations:
Dell EMC PowerEdge R630 with Processor Algorithm Accelerators (PAA)
Dell EMC PowerEdge R630 without PAA (single-user mode)
FIPS 140-2 validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated. In order to achieve FIPS 140-2 certification, cryptographic modules are subject to testing by independent Cryptographic and Security Testing Laboratories, accredited by NIST. The validation for Red Hat Enterprise Linux 7.5 was performed by the atsec information security corporation’s Cryptographic and Security Testing Laboratory. Atsec is an independent organization with long-standing experience in IT security standards.