RALEIGH, N.C. - —
Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7 has renewed and expanded the Federal Information Processing Standard 140-2 (FIPS 140-2) security certifications from the National Institute of Standards and Technology (NIST). FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive, but unclassified information.
Confidence that sensitive information is kept secure is of critical importance to every level of government, and a responsibility that Red Hat does not take lightly.
Historically, software operating on a FIPS 140-2 certified system did not automatically inherit the sophisticated cryptography certifications of the base operating system. With this certification, Red Hat becomes the first in the industry to provide assurance that its integrated solutions that incorporate Red Hat Enterprise Linux will retain the FIPS 140-2 certification. These solutions include, but are not limited to:
Red Hat Ceph Storage
Red Hat CloudForms
Red Hat Enterprise Linux Atomic Host
Red Hat Gluster Storage
Red Hat OpenShift Container Platform
Red Hat OpenStack Platform
Red Hat Virtualization
Red Hat Enterprise Linux 7 has achieved FIPS 140-2 re-certification for the following modules:
The certified modules retain FIPS 140-2 certification on these hardware configurations:
FIPS 140-2 validation is required by U.S. law when information systems use cryptography to protect sensitive government information. In order to achieve FIPS 140-2 certification, cryptographic modules are subject to rigorous testing by independent Cryptographic and Security Testing Laboratories, accredited by NIST. The validation for Red Hat Enterprise Linux 7.4 was performed by the atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent, internationally recognized organization with long-standing experience in IT security standards.
Paul Smith, senior vice president and general manager, U.S. Public Sector, Red Hat
“Confidence that sensitive information is kept secure is of critical importance to every level of government, and a responsibility that Red Hat does not take lightly. We have a long history of providing the U.S. government with robust enterprise open source solutions with strong security capabilities and we are continuing to lead the way with this latest certification. With this announcement, we are pleased to be the first to offer the federal government a NIST validated cryptography that encompasses both the operating system and the layered infrastructure support.”