Ubuntu, the world’s most popular operating system across private and public clouds has received the FIPS 140-2, Level 1 certification for its cryptographic modules in Ubuntu 20.04 LTS, including OpenSSL 1.1.1. This certification is built on Canonical’s track record in designing Ubuntu for high security and regulated workloads. The FIPS 140-2 modules on Ubuntu 20.04 LTS enable organisations to run and develop applications and solutions for the US public sector and Federal government including regulated industries such as healthcare and finance.
The FIPS-certified modules for Ubuntu 20.04 LTS are available through Ubuntu Advantage subscription and Ubuntu Pro, alongside additional open source security and support services. To get started with Ubuntu for high security and regulated workloads contact our team.
Why is FIPS 140-2 important?
Encryption is key to protecting sensitive data. In the world of encryption, there are several methodologies using different cryptographic algorithms to convert plain text into cipher text. Navigating multiple methodologies and algorithms creates a complex, labour-intensive process for teams evaluating the cryptographic services offered within software components.
The U.S. Government addresses this challenge by mandating the use of Federal Information Processing Standard Publication (FIPS) 140-2 certified software within all federal agencies and entities that work with these agencies. FIPS 140-2 defines the critical security parameters that must be used for encryption in the products sold into the U.S. public sector.
FIPS 140-2 is, therefore, required under multiple compliance regimes, such as Federal Risk and Authorization Management Program (FedRAMP), Federal Information Security Management Act of 2002 (FISMA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).
FIPS-certification ensures that software has been thoroughly reviewed and tested before being deployed and used within an agency or organisation requiring data encryption. Industries storing and processing sensitive data spans outside the public sector space, leading to FIPS-certified software being widely adopted within the payment card industry, healthcare and other regulated industries.
Ubuntu and NIST transition to FIPS 140-3
NIST is transitioning from the existing FIPS 140-2 standard to the new FIPS 140-3 revision. FIPS 140-3 aligns the general security requirements with ISO/IEC 19790 – an international standard- and after September 2021, it is expected to be the only active cryptographic certification mechanism by NIST. Existing certifications under FIPS 140-2 have a sunset date of five years from the validation date. Canonical is preparing Ubuntu for the new certification, and intends to provide FIPS 140-3 certified cryptographic packages on a future release of Ubuntu.
Which Ubuntu 20.04 packages versions are FIPS certified?
|Linux kernel||The Linux kernel cryptographic library||184.108.40.2067.8||#3928|
|OpenSSL||General purpose cryptographic library that includes TLS implementation||1.1.1f||#3966|
|Libgcrypt||The GNUPG cryptographic general purpose library (provides fully certified full disk encryption)||1.8.5||#3902|
|StrongSwan||IPSec based VPN solution||Under validation|
How can I get Ubuntu FIPS?
If you are already an Ubuntu Advantage customer, please refer to our FIPS documentation to learn more about FIPS in Ubuntu.
For a list of all current security certifications Canonical has, see Ubuntu security certifications and hardening standards.
Both FIPS-certified and FIPS-compliant modules for Ubuntu 20.04 LTS are offered with the Ubuntu Advantage for Infrastructure package.
Additionally, you can get optimised Ubuntu images with FIPS modules and other critical security and compliance services by default for public cloud with Ubuntu Pro for AWS and Ubuntu Pro for Azure.
Get FIPS for Ubuntu LTS