Red Hat's Linux 7.1 awarded multiple federal certifications

The FIPS 140-2 certification program is a joint initiative between the U.S.-based National Institute for Standards and Technology (NIST) and the Communications Security Establishment (CSE) for the Government of Canada. This internationally recognized certification is mandated by national agencies in the U.S. and Canada and recognized in Europe and Australia. Information systems based on Red Hat Enterprise Linux 7 now have greater assurance that native cryptographic security systems, such as those used to encrypt data and provide more secure communications, have been formally evaluated to meet international cryptography standards.

Red Hat Enterprise Linux 7.1 has achieved FIPS 140-2 certification for the following modules:

•  OpenSSL
• OpenSSH Server
• OpenSSH Client
• Libgcrypt
• NSS
• Libreswan
• Kernel Cryptographic API
• Kernel Cryptographic API with CPAFC
• GnuTLS

The certified Red Hat Enterprise Linux 7.1 modules retain FIPS 140-2 certification when running on these hardware configurations:

•  HPE ProLiant DL380p Gen8 with PAA
• HPE ProLiant DL380p Gen8 without PAA
• IBM Power8 Little Endian 8286-41A
• IBM z13 (single-user mode)

The U.S. Secretary of Commerce approves standards and guidelines that are developed by NIST for U.S. federal information systems. The FIPS 140 Publication Series coordinates the requirements and standards from cryptographic modules for hardware and software, and in order to achieve FIPS 140-2 validation, cryptographic modules are subjected to rigorous testing by independent, accredited test facilities.

The validation testing for today’s announcement was performed by atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. atsec is an independent company with long-standing experience in international IT security standards.

Supporting Quotes

Paul Smith, vice president and general manager, Red Hat

“Protecting highly-sensitive data, from employee and customer financial data to national security details, is a critical need for modern IT departments, particularly those operating in the public sector. Red Hat understands the varied IT security needs of these organizations, and Red Hat Enterprise Linux’s FIPS 140-2 and Common Criteria EAL4+ certifications provide continued support of our commitment to deliver a highly-secure operating system for environments that require the strictest of protections.”

Yi Mao, manager, Cryptographic Security Test Laboratory, atsec information security

“Red Hat endeavors to keep assurances by having a third party lab working with them to perform code inspection and independent testing against rigorous standards in cryptography as well as product security. It has been a dramatic effort for Red Hat to take their stack of cryptographic libraries running on the operating system RHEL 7.1 through FIPS 140-2 validation. Their pursuit for greater security is demonstrated in the wide validation scope and deep understanding of security requirements, and we are honored to be Red Hat’s chosen lab for these FIPS 140-2 certifications and applaud their achievement.”

Additional Resources

Learn more about FIPS 140-2 compliance and Red Hat Enterprise Linux

Read more about Red Hat’s accredited and certified open source technologies

About Red Hat, Inc.

Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to provide reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As a connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT. Learn more at http://www.redhat.com.