Red Hat Extends Red Hat Enterprise Linux 8 as a Foundation for More Secure Computing with Second FIPS 140-2 Validation

30

Red Hat Enterprise Linux 8.2 now meets the stringent software security criteria for sensitive computing deployments, adding greater security posture to layered products within Red Hat’s open hybrid cloud portfolio

Paul Smith, senior vice president and general manager, Public Sector, North America, Red Hat

Dubai, UAE: Red Hat, Inc., the world’s leading provider of open source solutions, today announced the renewal of the Federal Information Processing Standard 140-2 (FIPS 140-2) security validation for Red Hat Enterprise Linux 8.2. The second FIPS certification for the Red Hat Enterprise Linux 8 platform, this validation indicates Red Hat’s leadership and commitment to providing a more secure backbone for the innovation of open hybrid cloud.

Driven by the National Institute of Standards and Technology (NIST), FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules — including both hardware and software components — used within a security system to protect sensitive information. This validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated. 

With this validation for Red Hat Enterprise Linux 8.2, many of Red Hat’s open hybrid cloud offerings also retain the FIPS 140-2 certification as layered products building on Red Hat Enterprise Linux 8.2’s cryptography modules. These include but are not limited to:

  • Red Hat Ceph Storage
  • Red Hat Gluster Storage
  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat Satellite
  • Red Hat Virtualization

Red Hat Enterprise Linux 8.2 includes FIPS 140-2 validation for the following modules:

  • OpenSSL Cryptographic Module
  • NSS Cryptographic Module
  • Kernel Crypto API Cryptographic Module
  • GnuTLS Cryptographic Module
  • Libgcrypt Cryptographic Module (previously validated in Red Hat Enterprise Linux 8.1)

In addition to the certification of Red Hat Enterprise Linux 8.2, Red Hat Enterprise Linux 7.7 received renewed FIPS 140-2 certificates for the following modules:

  • OpenSSL Cryptographic Module
  • NSS Cryptographic Module
  • Kernel Crypto API Cryptographic Module
  • OpenSSH Client Cryptographic Module and OpenSSH Server Cryptographic Module
  • Libreswan Cryptographic Module 

As part of the well-documented Red Hat Enterprise Linux life cycle, Red Hat Enterprise Linux 7 is in Maintenance Phase 2 and will be the last RHEL 7 release to receive FIPS 140-2 validation. Red Hat intends to seek Kernel Crypto API Cryptographic Module certificate updates to include the latest Red Hat Enterprise Linux 7.8 and Red Hat Enterprise Linux 7.9 kernel versions.

In order to achieve FIPS 140-2 validation, cryptographic modules are subject to testing by NIST-accredited independent Cryptographic and Security Testing Laboratories. The validation for Red Hat Enterprise Linux 8.2 was performed by atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. 

Red Hat Enterprise Linux 8.3 and Red Hat Enterprise Linux 8.4 are currently being validated or are already on the NIST “Modules In Process” list with the intent to extend FIPS 140-2 validation to these releases.

Supporting Quote

Paul Smith, senior vice president and general manager, Public Sector, North America, Red Hat

“The renewed FIPS 140-2 validation for Red Hat Enterprise Linux 8.2 and Red Hat Enterprise Linux 7.7 indicated Red Hat’s strong commitment to delivering an independently validated, more secure platform for sensitive computing deployments across the hybrid cloud and in both the public and private sectors.”

About Red Hat, Inc.:

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Forward-Looking Statements

Except for the historical information and discussions contained herein, statements contained in this press release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the company’s current assumptions regarding future business and financial performance. These statements involve a number of risks, uncertainties and other factors that could cause actual results to differ materially. Any forward-looking statement in this press release speaks only as of the date on which it is made. Except as required by law, the company assumes no obligation to update or revise any forward-looking statements.