Red Hat Completes FIPS 140-2 Re-certification for Red Hat Enterprise Linux 7

Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7 has renewed and expanded the Federal Information Processing Standard 140-2 (FIPS 140-2) security certifications from the National Institute of Standards and Technology (NIST). FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive, but unclassified information.

Confidence that sensitive information is kept secure is of critical importance to every level of government, and a responsibility that Red Hat does not take lightly.

Historically, software operating on a FIPS 140-2 certified system did not automatically inherit the sophisticated cryptography certifications of the base operating system. With this certification, Red Hat becomes the first in the industry to provide assurance that its integrated solutions that incorporate Red Hat Enterprise Linux will retain the FIPS 140-2 certification. These solutions include, but are not limited to:

• Red Hat Ceph Storage

• Red Hat CloudForms

• Red Hat Enterprise Linux Atomic Host

• Red Hat Gluster Storage

• Red Hat OpenShift Container Platform

• Red Hat OpenStack Platform

• Red Hat Virtualization

Red Hat Enterprise Linux 7 has achieved FIPS 140-2 re-certification for the following modules:

• GnuTLS Cryptographic Module

• Kernel Cryptographic API

• Libgcrypt Cryptographic Module

• Libreswan Cryptographic Module

• NSS Cryptographic Module

• OpenSSH Client Cryptographic Module

• OpenSSH Server Cryptographic Module

• OpenSSL Cryptographic Module

The certified modules retain FIPS 140-2 certification on these hardware configurations:

• Dell PowerEdge R630 with Processor Algorithm Accelerators (PAA)

• Dell PowerEdge R630 without PAA

FIPS 140-2 validation is required by U.S. law when information systems use cryptography to protect sensitive government information. In order to achieve FIPS 140-2 certification, cryptographic modules are subject to rigorous testing by independent Cryptographic and Security Testing Laboratories, accredited by NIST. The validation for Red Hat Enterprise Linux 7.4 was performed by the atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent, internationally recognized organization with long-standing experience in IT security standards.

Supporting Quote

Paul Smith, senior vice president and general manager, U.S. Public Sector, Red Hat
"Confidence that sensitive information is kept secure is of critical importance to every level of government, and a responsibility that Red Hat does not take lightly. We have a long history of providing the U.S. government with robust enterprise open source solutions with strong security capabilities and we are continuing to lead the way with this latest certification. With this announcement, we are pleased to be the first to offer the federal government a NIST validated cryptography that encompasses both the operating system and the layered infrastructure support."

Additional Resources

• Read more about Red Hat’s government solutions and commitment to public sector standards

• Learn more about the NIST Cryptographic Module Validation Program