Each FIPS 140 certificate for a package can take several months to complete and is valid for 5 years. However, as vulnerabilities happen security-critical fixes may need to be included faster than a certification cycle. For that, we provide two ways to consume validated packages: a stream called
fips, where the exact packages validated by NIST are present; and another stream called
fips-updates where the validated packages are present, but are updated with security fixes. The
fips-updates stream also allows access to the packages during the validation phase, enabling early application development and testing. Both streams are revalidated periodically during Ubuntu standard support phase.
Switching from ‘fips’ to ‘fips-updates’
If you are on a system with the
fips stream enabled such as Ubuntu Pro FIPS, you can switch to the
fips-updates stream with the following command.
sudo pro enable fips-updates