Red Hat Delivers a More Secure Foundation for Modern Applications with First FIPS 140-2 Validation for Red Hat Enterprise Linux 8

Red Hat Enterprise Linux 8.1, many layered products within Red Hat’s hybrid cloud portfolio continue to meet the stringent software security criteria for sensitive computing deployments

RALEIGH, N.C.--()--Red Hat, Inc., the world's leading provider of open source solutions, today announced the renewal of the Federal Information Processing Standard 140-2 (FIPS 140-2) security validation for Red Hat Enterprise Linux 8.1. This is the first FIPS certification for the Red Hat Enterprise Linux 8 platform, showing Red Hat’s continued commitment to providing a more secure and production-ready set of open hybrid cloud technologies built on the latest generation of the world’s leading enterprise Linux platform.

Driven by the National Institute of Standards and Technology (NIST), FIPS 140-2 is a computer security standard that specifies the requirements for cryptographic modules -- including both hardware and software components -- used within a security system to protect sensitive information. This validation is needed when agencies determine that specific information systems should use cryptography to protect data; if cryptography is required, then it must be validated.

With this validation for Red Hat Enterprise Linux 8.1, many of Red Hat’s open hybrid cloud offerings also retain the FIPS 140-2 certification as layered products building on Red Hat Enterprise Linux 8.1’s cryptography modules. These include but are not limited to:

  • Red Hat Ceph Storage
  • Red Hat Gluster Storage
  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat Satellite
  • Red Hat Virtualization

Red Hat Enterprise Linux 8.1 includes FIPS 140-2 validation for the following modules:

In Red Hat Enterprise Linux 8, the Libreswan and OpenSSH components were modified to use cryptography exclusively from other validated cryptographic modules, NSS and OpenSSL respectively. This means that these two specific modules no longer require standalone validation as part of the platform or Red Hat’s layered products.

In order to achieve FIPS 140-2 validation, cryptographic modules are subject to testing by NIST-accredited independent Cryptographic and Security Testing Laboratories. The validation for Red Hat Enterprise Linux 8.1 was performed by atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas.

In addition to the certification of Red Hat Enterprise Linux 8.1, Red Hat Enterprise Linux 7.7 and Red Hat Enterprise Linux 8.2 are currently on the NIST "Modules In Process" list with the intent to extend FIPS 140-2 validation to these releases.

Supporting Quote

Paul Smith, senior vice president and general manager, Public Sector, North America, Red Hat

“Today’s validation for Red Hat Enterprise Linux 8.1 marks the first FIPS 140-2 certification for the latest generation of the world’s leading enterprise Linux platform. This continues Red Hat’s strong commitment to delivering a more secure backbone for sensitive computing deployments across the hybrid cloud and both the public and private sectors.”

Additional Resources

Connect with Red Hat

About Red Hat, Inc.

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Forward-Looking Statements

Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company or its parent International Business Machines Corporation (NYSE:IBM) may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.


Red Hat, Red Hat Enterprise Linux, the Red Hat logo, Ceph, Gluster and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. The OpenStack Word Mark is either a registered trademark/service mark or trademark/service mark of the OpenStack Foundation, in the United States and other countries, and is used with the OpenStack Foundation's permission. Red Hat is not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.


Media Contact:
John Terrill
Red Hat, Inc.

Release Summary

Red Hat Enterprise Linux 8 adds FIPS 140-2 validation


Media Contact:
John Terrill
Red Hat, Inc.