Your submission was sent successfully! Close

Security Compliance & Certifications

Ubuntu goes through several rigorous security certifications and programs and these pages are dedicated to them. All certification artifacts are available with an Ubuntu Advantage subscription.

FIPS 140

Federal Information Processing Standards Publications (FIPS) are issued by the National Institute of Standards and Technology (NIST). FIPS 140-2 specifies the security requirements for cryptographic modules. These requirements address the areas of secure design and implementation.

Ubuntu LTS releases starting with 16.04 (Xenial) come with FIPS validated cryptographic packages, including the Linux kernel and OpenSSL. The full list of packages and certificates is available here.

For more information on FIPS certification on Ubuntu see the FIPS Information and Installation Guide.


Ubuntu LTS releases starting with 16.04 (Xenial) have compliance benchmark documents developed by the Center for Internet Security (CIS), available on their website. Ubuntu with has developed CIS certified tooling to automate hardening Ubuntu LTS systems based off of the published CIS benchmarks.

For more information see the CIS Compliance for Ubuntu.

Common Criteria

Common Criteria for Information Technology Security Evaluation (CC) is an international standard. The CC provides a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.

The evaluation process establishes a level of confidence that the security functionality of these IT products and the assurance measures applied to these IT products meet these requirements:

For more information on the Common Criteria certification on Ubuntu see the Common Criteria Guide.

Last updated 19 days ago. Help improve this document in the forum.