Red Hat, Inc., the world's leading provider of open source solutions, today announced the renewal of the Federal Information Processing Standard 140-2 (FIPS 140-2) security validations for Red Hat Enterprise Linux 7.6. Driven by the National Institute of Standards and Technology (NIST), FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive information.
The FIPS 140-2 re-certification of Red Hat Enterprise Linux 7.6 shows our continued commitment to delivering a more secure and product-ready set of open hybrid cloud technologies, all based on the foundation of the world’s leading enterprise Linux platform.
This renewed validation maintains and extends Red Hat’s leadership in providing mission-critical-ready open source technologies to government agencies and regulated industries, such as healthcare and telecommunications. With Red Hat’s FIPS 140-2 validated solutions, these industries can better meet necessary information security guidelines without compromising on the need for innovative, flexible software solutions. Red Hat maintains a strong commitment to providing open, more secure IT innovation to the public sector, with the company’s technologies now holding more than 20 active FIPS validations that meet the criteria for use by U.S. government agencies.
Following the FIPS 140-2 validation of Red Hat Enterprise Linux 7.5 in November 2018, these cryptography re-validations cover Red Hat Enterprise Linux 7.6 and portfolio technologies that incorporate Red Hat Enterprise Linux 7.6. Additional products which use the FIPS 140-2 re-validated cryptography modules include, but are not limited to:
Red Hat Virtualization
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat Gluster Storage
Red Hat Ceph Storage
Red Hat CloudForms
Red Hat Satellite
Red Hat Enterprise Linux 7.6 updates FIPS 140-2 validation for the following modules:
These modules retain FIPS 140-2 validation when used on these hardware configurations:
Dell EMC PowerEdge R630 with Processor Algorithm Accelerators (PAA)
Dell EMC PowerEdge R630 without PAA (single-user mode)
FIPS 140-2 validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated. In order to achieve FIPS 140-2 validation, cryptographic modules are subject to testing by NIST-accredited independent Cryptographic and Security Testing Laboratories. The validation for Red Hat Enterprise Linux 7.6 was performed by Atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. Atsec is an independent organization with long-standing experience in IT security standards.
In addition to the renewed certification of Red Hat Enterprise Linux 7.6, Red Hat Enterprise Linux 7.7 and Red Hat Enterprise Linux 8.1 are currently on the NIST "Implementation Under Test" list with the intent to extend FIPS 140-2 validation to the latest releases of the Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 platforms.
Paul Smith, senior vice president and general manager, Public Sector, North America, Red Hat
"For more than a decade, Red Hat has been helping to meet the technology needs of organizations where IT security is a primary concern, from executive agencies to state governments. The FIPS 140-2 re-certification of Red Hat Enterprise Linux 7.6 shows our continued commitment to delivering a more secure and product-ready set of open hybrid cloud technologies, all based on the foundation of the world’s leading enterprise Linux platform."
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to our pending merger with International Business Machines Corporation, the ability of the Company to compete effectively; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; delays or reductions in information technology spending; the integration of acquisitions and the ability to market successfully acquired technologies and products; risks related to errors or defects in our offerings and third-party products upon which our offerings depend; risks related to the security of our offerings and other data security vulnerabilities; fluctuations in exchange rates; changes in and a dependence on key personnel; the effects of industry consolidation; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; the ability to meet financial and operational challenges encountered in our international operations; and ineffective management of, and control over, the Company's growth and international operations, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission's website at www.sec.gov), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.
Red Hat, Red Hat Enterprise Linux, the Red Hat logo, JBoss, Ansible, Ceph, CloudForms, Gluster and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. The OpenStack Word Mark is either a registered trademark/service mark or trademark/service mark of the OpenStack Foundation, in the United States and other countries, and is used with the OpenStack Foundation's permission. Red Hat is not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.