Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Red Hat Gains More FIPS 140-2 Certifications

Open source software giant Red Hat, announced that it has completed seven Federal Information Processing Standard (FIPS) 140-2 certifications from National Institute of Standards and Technology (NIST).

Open source software giant Red Hat, announced that it has completed seven Federal Information Processing Standard (FIPS) 140-2 certifications from National Institute of Standards and Technology (NIST).

Under certain regulations, U.S. federal agencies must use FIPS-140 certified systems in order to meet security requirements to protect sensitive information in computer, telecommunication systems and other IT-related products.

Red Hat Logo

“When dealing with highly sensitive information, IT security is at the forefront of our customer’s minds, especially those within federal sectors,” said Paul Smith, vice president and general manager, Public Sector, Red Hat. “Completing these FIPS 140-2 certifications reinforces the commitment that Red Hat has to meeting the IT needs of those entities and providing the necessary security protection levels required by federal agencies worldwide.”

According to the company, Red Hat Enterprise Linux 6.2 on HP ProLiant DL585 and IBM BladeCenter HS22 servers has achieved the following FIPS 140-2 certifications:

• Kernel Crypto API Cryptographic Module

• dm-crypt Cryptographic Module

• OpenSwan Cryptographic Module

• OpenSSH-Client Cryptographic Module

• OpenSSH-Server Cryptographic Module

• OpenSSL Cryptographic Module

• Libgcrypt Cryptographic Module

“The Secretary of Commerce approves standards and guidelines that are developed by NIST for U.S. federal computer systems,” Red Hat explained. “NIST develops FIPS when there are compelling U.S. government requirements, such as for security and interoperability, and where there are no acceptable industry standards or solutions. The FIPS 140 Publication Series coordinates the requirements and standards from cryptography modules for hardware and software, and in order to achieve FIPS 140-2 validation, cryptographic modules are subjected to rigorous testing by independent, accredited test facilities.”

The validation testing was performed by atsec information security, an independent company with experience in international IT security standards.

The recent certifications mark the culmination of Red Hat’s largest certification effort to date with the U.S. government, the company said.

FIPS 140-2 validation is also required by national agencies in Canada and is recognized in Europe and Australia. A full list of validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules from NIST can be seen here

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...