Red Hat, Inc., the world's leading provider of open source solutions, today announced the renewal of the Federal Information Processing Standard 140-2 (FIPS 140-2) security validation for Red Hat Enterprise Linux 8.2. The second FIPS certification for the Red Hat Enterprise Linux 8 platform, this validation indicates Red Hat’s leadership and commitment to providing a more secure backbone for the innovation of open hybrid cloud.
The renewed FIPS 140-2 validation for Red Hat Enterprise Linux 8.2 and Red Hat Enterprise Linux 7.7 indicated Red Hat’s strong commitment to delivering an independently validated, more secure platform for sensitive computing deployments across the hybrid cloud and in both the public and private sectors.
Driven by the National Institute of Standards and Technology (NIST), FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive information. This validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated.
With this validation for Red Hat Enterprise Linux 8.2, many of Red Hat’s open hybrid cloud offerings also retain the FIPS 140-2 certification as layered products building on Red Hat Enterprise Linux 8.2’s cryptography modules. These include but are not limited to:
Red Hat Ceph Storage
Red Hat Gluster Storage
Red Hat OpenShift
Red Hat OpenStack Platform
Red Hat Satellite
Red Hat Virtualization
Red Hat Enterprise Linux 8.2 includes FIPS 140-2 validation for the following modules:
Libgcrypt Cryptographic Module (previously validated in Red Hat Enterprise Linux 8.1)
In addition to the certification of Red Hat Enterprise Linux 8.2, Red Hat Enterprise Linux 7.7 received renewed FIPS 140-2 certificates for the following modules:
As part of the well-documented Red Hat Enterprise Linux life cycle, Red Hat Enterprise Linux 7 is in Maintenance Phase 2 and will be the last RHEL 7 release to receive FIPS 140-2 validation. Red Hat intends to seek Kernel Crypto API Cryptographic Module certificate updates to include the latest Red Hat Enterprise Linux 7.8 and Red Hat Enterprise Linux 7.9 kernel versions.
In order to achieve FIPS 140-2 validation, cryptographic modules are subject to testing by NIST-accredited independent Cryptographic and Security Testing Laboratories. The validation for Red Hat Enterprise Linux 8.2 was performed by atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas.
Red Hat Enterprise Linux 8.3 and Red Hat Enterprise Linux 8.4 are currently being validated or are already on the NIST "Modules In Process" list with the intent to extend FIPS 140-2 validation to these releases.
Paul Smith, senior vice president and general manager, Public Sector, North America, Red Hat
“The renewed FIPS 140-2 validation for Red Hat Enterprise Linux 8.2 and Red Hat Enterprise Linux 7.7 indicated Red Hat’s strong commitment to delivering an independently validated, more secure platform for sensitive computing deployments across the hybrid cloud and in both the public and private sectors.”
- ABOUT RED HAT
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
- FORWARD-LOOKING STATEMENTS
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to our pending merger with International Business Machines Corporation, the ability of the Company to compete effectively; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; delays or reductions in information technology spending; the integration of acquisitions and the ability to market successfully acquired technologies and products; risks related to errors or defects in our offerings and third-party products upon which our offerings depend; risks related to the security of our offerings and other data security vulnerabilities; fluctuations in exchange rates; changes in and a dependence on key personnel; the effects of industry consolidation; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; the ability to meet financial and operational challenges encountered in our international operations; and ineffective management of, and control over, the Company's growth and international operations, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission's website at www.sec.gov), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.
Red Hat, Red Hat Enterprise Linux, the Red Hat logo, JBoss, Ansible, Ceph, CloudForms, Gluster and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. The OpenStack Word Mark is either a registered trademark/service mark or trademark/service mark of the OpenStack Foundation, in the United States and other countries, and is used with the OpenStack Foundation's permission. Red Hat is not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.