Ubuntu Security Certifications

Canonical’s security certifications offerings are available to Ubuntu Advantage customers. For further information, please contact a member of the Canonical Sales team.

FIPS

Federal Information Processing Standards Publications (FIPS) are issued by the National Institute of Standards and Technology (NIST). FIPS 140-2 specifies the security requirements for cryptographic modules. These requirements address the areas of secure design and implementation.

Ubuntu 16.04 LTS (Xenial) and Ubuntu 18.04 LTS (Bionic) have certified FIPS packages. Ubuntu 20.04 LTS (Focal) has FIPS packages currently undergoing the NIST review process.

Future Ubuntu LTS releases will also be put through the certification process. Visit the NIST Computer Security Resource Center’s Modules In Process List to see current Canonical modules in the certification process.

Certified use of FIPS packages

Non-Certified use of FIPS packages

CC

Common Criteria for Information Technology Security Evaluation (CC) is an international standard. The CC provides a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.

The evaluation process establishes a level of confidence that the security functionality of these IT products and the assurance measures applied to these IT products meet these requirements:

Common Criteria for Information Technology Security Evaluation, April 2017

CC EAL2 Configuration for Ubuntu Information and Installation Guide

CIS

Ubuntu 20.04 LTS (Focal), Ubuntu 18.04 LTS (Bionic), and Ubuntu 16.04 LTS (Xenial) have compliance benchmark documents developed by the Center for Internet Security (CIS), available on their website. Canonical has developed a tool to assist in hardening Ubuntu LTS systems based off of the published CIS benchmarks.

Canonical CIS Benchmark Hardening Tool Installation

Last updated 19 days ago. Help improve this document in the forum.