Red Hat Enterprise Linux 6 In Evaluation for FIPS 140-2 Certification

April 26, 2011

By: Red Hat Enterprise Linux Team

In addition to our announcement today that Red Hat Enterprise Linux 5 on HP ProLiant Servers has achieved six Federal Information Processing Standard (FIPS) 140-2 certifications, we’re excited to let you know that Red Hat Enterprise Linux 6 is officially “in evaluation” for FIPS 140-2 certification. The U.S. Government requires that cryptographic-based security systems in computer and telecommunication systems (including voice systems) used to protect sensitive information must be certified against the FIPS 140-2 standard prior to agency procurement.  

Red Hat is committed to providing secure and stable software that can be easily used in security-sensitive environments. We continue to work closely with U.S. Government customers and security specialists to get Red Hat products certified for Government use and accredited by the appropriate authorities. Red Hat Enterprise Linux 6 continues on the path of critical security certifications to help our customers have smooth transitions to newer Red Hat Enterprise Linux releases.  

Red Hat is embarking on a new FIPS-140-2 certification for disk volume encryption, which is included in the evaluation modules in progress for Red Hat Enterprise Linux 6.    Customers will be able to more securely protect sensitive data on storage devices, giving customers assurance that their deployments fulfill emerging security requirements.

Similar to the certifications we achieved with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 is in evaluation for a number of FIPS 140-2 certifications, including the Kernel Crypto API, OpenSwan Cryptographic, OpenSSH-Client, OpenSSH-Server, OpenSSL and Libgcrypt Cryptographic Modules. Along with this certification effort, we updated Red Hat software to meet the current requirements for FIPS 186-3 (the Digital Signature Standard), and we plan to increase coverage with different security profiles to better meet our customer needs.

In the coming months, you’ll hear more from us on the status of this, and other, certifications for Red Hat solutions. For a complete picture of our current certifications, visit http://www.redhat.com/solutions/government/certifications/.

Back to top