FIPS-140 Certification?

On the Wiki EL8 Comparison page, it shows FIPS planned for 2022 Q1. We’re past that, is there any status/progress/update on FIPS certification effort?
Thanks

1 Like

Hey Ryan,

Thanks. We should get that updated. The process takes a while and there are alot of hoops to jump through. Also as we learned NIST is backlogged with stuff due to the pandemic so validations are moving slowly. I think realistically we will probably have something in late Q3 or Q4 at this point.

1 Like

FYI: Looks like Rocky now has implementation under test with NIST for their FIPS cert, so FAQ might update that too.
|Rocky Linux 8.6 Libgcrypt Cryptographic Module |Ctrl IQ, Inc. |FIPS 140-3 |6/8/2022|
|Rocky Linux 8.6 NSS Cryptographic Module |Ctrl IQ, Inc. |FIPS 140-3 |6/8/2022|
|Rocky Linux 8.6 OpenSSL Cryptographic Module |Ctrl IQ, Inc. |FIPS 140-3 |6/8/2022|

1 Like

Hi Jack:
Any further update on FIPS 140 certification for Alma Linux 8? When can we expect the same?

Have few questions below?

  1. Is it FIPS 140-2 or FIPS 140-3 certification?
  2. What all OS modules are covered in it? Is the below list correct?

Kernel Crypto API
Libreswan
NSS
OpenSSL

Regards,
Venkat

1 Like

@Venkat Would have to be FIPS 140-3.
FWIW Rocky Linux 8.6 now has 5 modules in process:

Module Name Vendor Name Standard IUT Date
Rocky Linux 8.6 GnuTLS Cryptographic Module Ctrl IQ, Inc. FIPS 140-3 6/29/2022
Rocky Linux 8.6 Kernel Crypto API Cryptographic Module Ctrl IQ, Inc. FIPS 140-3 6/29/2022
Rocky Linux 8.6 Libgcrypt Cryptographic Module Ctrl IQ, Inc. FIPS 140-3 6/8/2022
Rocky Linux 8.6 NSS Cryptographic Module Ctrl IQ, Inc. FIPS 140-3 6/8/2022
Rocky Linux 8.6 OpenSSL Cryptographic Module Ctrl IQ, Inc. FIPS 140-3 6/8/2022

Hopefully Alma is already working with a test lab toward NIST submission, it’s a long process…

1 Like

We are wanting to migrate to Alma but require FIPS. We need something similar to this listing from Alma so we can prove the process. We have to migrate from CentOS before December.

Is there any public documentation showing something similar so we can show our auditors?

2 Likes

Hi @revstal, would a letter of acknowledgement from the lab be sufficient for you? I assume that modules in process should be updated soon to show AlmaLinux there.

1 Like