Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.5 has renewed the Federal Information Processing Standard (FIPS 140-2) security certifications from the National Institute of Standards and Technology (NIST). FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive but unclassified information.
Regardless of technological advances, protecting sensitive information remains a top priority for every government entity, from executive agencies to state-level organizations. This need is one that Red Hat has helped to meet for more than a decade with a portfolio of enterprise open source solutions built on the backbone of the world’s leading enterprise Linux platform. We further extend this commitment today with the FIPS 140-2 re-certification of Red Hat Enterprise Linux, providing the confidence that Red Hat’s software can provide more secure computing at both the operating system and layered infrastructure levels."
This re-certfication helps to extend Red Hat’s leadership in providing mission-critical-ready open source technologies to government agencies, helping these organizations meet necessary information security guidelines without compromising on their need for innovation, flexible software solutions. Red Hat now holds more than 20 active FIPS validations that meet the criteria for use by U.S. government agencies, maintaining Red Hat’s commitment to providing open, more secure innovation to the public sector.
As with the FIPS 140-2 re-certification of Red Hat Enterprise Linux 7 in March 2018, these cryptography certifications cover Red hat portfolio technologies that incorporate Red Hat Enterprise Linux 7.5. The additional Red Hat products re-certified with Red Hat Enterprise Linux 7.5 for FIPS 140-2 include:
Red Hat Ceph Storage
Red Hat CloudForms
Red Hat Enterprise Linux Atomic Host
Red Hat Gluster Storage
Red Hat OpenStack Platform
Red Hat Virtualization
Red Hat Enterprise Linux 7.5 maintains FIPS 140-2 certification for the following modules:
Additionally, these modules retain FIPS 140-2 certification on these hardware configurations:
Dell EMC PowerEdge R630 with Processor Algorithm Accelerators (PAA)
Dell EMC PowerEdge R630 without PAA (single-user mode)
FIPS 140-2 validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated. In order to achieve FIPS 140-2 certification, cryptographic modules are subject to testing by independent Cryptographic and Security Testing Laboratories, accredited by NIST. The validation for Red Hat Enterprise Linux 7.5 was performed by the atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent organization with long-standing experience in IT security standards.
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the ability of the Company to compete effectively; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; delays or reductions in information technology spending; the integration of acquisitions and the ability to market successfully acquired technologies and products; risks related to errors or defects in our offerings and third-party products upon which our offerings depend; risks related to the security of our offerings and other data security vulnerabilities; fluctuations in exchange rates; changes in and a dependence on key personnel; the effects of industry consolidation; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; the ability to meet financial and operational challenges encountered in our international operations; and ineffective management of, and control over, the Company's growth and international operations, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission's website at http://www.sec.gov), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.