Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7 has renewed and expanded the Federal Information Processing Standard 140-2 (FIPS 140-2) security certifications from the National Institute of Standards and Technology (NIST). FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive, but unclassified information.
Confidence that sensitive information is kept secure is of critical importance to every level of government, and a responsibility that Red Hat does not take lightly.
Historically, software operating on a FIPS 140-2 certified system did not automatically inherit the sophisticated cryptography certifications of the base operating system. With this certification, Red Hat becomes the first in the industry to provide assurance that its integrated solutions that incorporate Red Hat Enterprise Linux will retain the FIPS 140-2 certification. These solutions include, but are not limited to:
Red Hat Ceph Storage
Red Hat CloudForms
Red Hat Enterprise Linux Atomic Host
Red Hat Gluster Storage
Red Hat OpenShift Container Platform
Red Hat OpenStack Platform
Red Hat Virtualization
Red Hat Enterprise Linux 7 has achieved FIPS 140-2 re-certification for the following modules:
The certified modules retain FIPS 140-2 certification on these hardware configurations:
Dell PowerEdge R630 with Processor Algorithm Accelerators (PAA)
Dell PowerEdge R630 without PAA
FIPS 140-2 validation is required by U.S. law when information systems use cryptography to protect sensitive government information. In order to achieve FIPS 140-2 certification, cryptographic modules are subject to rigorous testing by independent Cryptographic and Security Testing Laboratories, accredited by NIST. The validation for Red Hat Enterprise Linux 7.4 was performed by the atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent, internationally recognized organization with long-standing experience in IT security standards.
Supporting Quote
Paul Smith, senior vice president and general manager, U.S. Public Sector, Red Hat
“Confidence that sensitive information is kept secure is of critical importance to every level of government, and a responsibility that Red Hat does not take lightly. We have a long history of providing the U.S. government with robust enterprise open source solutions with strong security capabilities and we are continuing to lead the way with this latest certification. With this announcement, we are pleased to be the first to offer the federal government a NIST validated cryptography that encompasses both the operating system and the layered infrastructure support.”
Additional Resources
Read more about Red Hat’s government solutions and commitment to public sector standards
Learn more about the NIST Cryptographic Module Validation Program
- About Red Hat
Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to provide reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As a connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT. Learn more at http://www.redhat.com.
- Forward-Looking Statements
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the ability of the Company to compete effectively; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; delays or reductions in information technology spending; the integration of acquisitions and the ability to market successfully acquired technologies and products; fluctuations in exchange rates; the effects of industry consolidation; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; risks related to the security of our offerings and other data security vulnerabilities; changes in and a dependence on key personnel; the ability to meet financial and operational challenges encountered in our international operations; and ineffective management of, and control over, the Company's growth and international operations, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission's website at http://www.sec.gov), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.