RALEIGH, N.C - —
Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.5 has renewed the Federal Information Processing Standard (FIPS 140-2) security certifications from the National Institute of Standards and Technology (NIST). FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive but unclassified information.
Regardless of technological advances, protecting sensitive information remains a top priority for every government entity, from executive agencies to state-level organizations. This need is one that Red Hat has helped to meet for more than a decade with a portfolio of enterprise open source solutions built on the backbone of the world’s leading enterprise Linux platform. We further extend this commitment today with the FIPS 140-2 re-certification of Red Hat Enterprise Linux, providing the confidence that Red Hat’s software can provide more secure computing at both the operating system and layered infrastructure levels.”
This re-certfication helps to extend Red Hat’s leadership in providing mission-critical-ready open source technologies to government agencies, helping these organizations meet necessary information security guidelines without compromising on their need for innovation, flexible software solutions. Red Hat now holds more than 20 active FIPS validations that meet the criteria for use by U.S. government agencies, maintaining Red Hat’s commitment to providing open, more secure innovation to the public sector.
As with the FIPS 140-2 re-certification of Red Hat Enterprise Linux 7 in March 2018, these cryptography certifications cover Red hat portfolio technologies that incorporate Red Hat Enterprise Linux 7.5. The additional Red Hat products re-certified with Red Hat Enterprise Linux 7.5 for FIPS 140-2 include:
Red Hat Enterprise Linux 7.5 maintains FIPS 140-2 certification for the following modules:
Additionally, these modules retain FIPS 140-2 certification on these hardware configurations:
FIPS 140-2 validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated. In order to achieve FIPS 140-2 certification, cryptographic modules are subject to testing by independent Cryptographic and Security Testing Laboratories, accredited by NIST. The validation for Red Hat Enterprise Linux 7.5 was performed by the atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent organization with long-standing experience in IT security standards.