Open source software giant Red Hat, announced that it has completed seven Federal Information Processing Standard (FIPS) 140-2 certifications from National Institute of Standards and Technology (NIST).
Under certain regulations, U.S. federal agencies must use FIPS-140 certified systems in order to meet security requirements to protect sensitive information in computer, telecommunication systems and other IT-related products.
“When dealing with highly sensitive information, IT security is at the forefront of our customer’s minds, especially those within federal sectors,” said Paul Smith, vice president and general manager, Public Sector, Red Hat. “Completing these FIPS 140-2 certifications reinforces the commitment that Red Hat has to meeting the IT needs of those entities and providing the necessary security protection levels required by federal agencies worldwide.”
According to the company, Red Hat Enterprise Linux 6.2 on HP ProLiant DL585 and IBM BladeCenter HS22 servers has achieved the following FIPS 140-2 certifications:
• Kernel Crypto API Cryptographic Module
• dm-crypt Cryptographic Module
• OpenSwan Cryptographic Module
• OpenSSH-Client Cryptographic Module
• OpenSSH-Server Cryptographic Module
• OpenSSL Cryptographic Module
• Libgcrypt Cryptographic Module
“The Secretary of Commerce approves standards and guidelines that are developed by NIST for U.S. federal computer systems,” Red Hat explained. “NIST develops FIPS when there are compelling U.S. government requirements, such as for security and interoperability, and where there are no acceptable industry standards or solutions. The FIPS 140 Publication Series coordinates the requirements and standards from cryptography modules for hardware and software, and in order to achieve FIPS 140-2 validation, cryptographic modules are subjected to rigorous testing by independent, accredited test facilities.”
The validation testing was performed by atsec information security, an independent company with experience in international IT security standards.
The recent certifications mark the culmination of Red Hat’s largest certification effort to date with the U.S. government, the company said.
FIPS 140-2 validation is also required by national agencies in Canada and is recognized in Europe and Australia. A full list of validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules from NIST can be seen here.