On the Wiki EL8 Comparison page, it shows FIPS planned for 2022 Q1. We’re past that, is there any status/progress/update on FIPS certification effort?
Thanks
Hey Ryan,
Thanks. We should get that updated. The process takes a while and there are alot of hoops to jump through. Also as we learned NIST is backlogged with stuff due to the pandemic so validations are moving slowly. I think realistically we will probably have something in late Q3 or Q4 at this point.
FYI: Looks like Rocky now has implementation under test with NIST for their FIPS cert, so FAQ might update that too.
|Rocky Linux 8.6 Libgcrypt Cryptographic Module |Ctrl IQ, Inc. |FIPS 140-3 |6/8/2022|
|Rocky Linux 8.6 NSS Cryptographic Module |Ctrl IQ, Inc. |FIPS 140-3 |6/8/2022|
|Rocky Linux 8.6 OpenSSL Cryptographic Module |Ctrl IQ, Inc. |FIPS 140-3 |6/8/2022|
Hi Jack:
Any further update on FIPS 140 certification for Alma Linux 8? When can we expect the same?
Have few questions below?
- Is it FIPS 140-2 or FIPS 140-3 certification?
- What all OS modules are covered in it? Is the below list correct?
Kernel Crypto API
Libreswan
NSS
OpenSSL
Regards,
Venkat
@Venkat Would have to be FIPS 140-3.
FWIW Rocky Linux 8.6 now has 5 modules in process:
| Module Name | Vendor Name | Standard | IUT Date |
|---|---|---|---|
| Rocky Linux 8.6 GnuTLS Cryptographic Module | Ctrl IQ, Inc. | FIPS 140-3 | 6/29/2022 |
| Rocky Linux 8.6 Kernel Crypto API Cryptographic Module | Ctrl IQ, Inc. | FIPS 140-3 | 6/29/2022 |
| Rocky Linux 8.6 Libgcrypt Cryptographic Module | Ctrl IQ, Inc. | FIPS 140-3 | 6/8/2022 |
| Rocky Linux 8.6 NSS Cryptographic Module | Ctrl IQ, Inc. | FIPS 140-3 | 6/8/2022 |
| Rocky Linux 8.6 OpenSSL Cryptographic Module | Ctrl IQ, Inc. | FIPS 140-3 | 6/8/2022 |
Hopefully Alma is already working with a test lab toward NIST submission, it’s a long process…
We are wanting to migrate to Alma but require FIPS. We need something similar to this listing from Alma so we can prove the process. We have to migrate from CentOS before December.
Is there any public documentation showing something similar so we can show our auditors?
Hi @revstal, would a letter of acknowledgement from the lab be sufficient for you? I assume that modules in process should be updated soon to show AlmaLinux there.
1 Like
I see Alma Linux 9 shows under test via Cloudlinux Inc., TuxCare division. Any plan for 8, or will it be skipped for FIPS cert?
You can check for the guidance solution at:- https://signmycode.com/blog/what-is-fips-detailed-guide-on-fips-140-2. Hope it helps!
1 Like
almalinux 9.2 has all five FIPS 140-3 validated modules on the NIST Active list.
9.6 is moving to the Modules In Process list as we speak, should be done within a week or two.