Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

on 11 August 2021

Ubuntu, the world’s most popular operating system across private and public clouds has received the FIPS 140-2, Level 1 certification for its cryptographic modules in Ubuntu 20.04 LTS, including OpenSSL 1.1.1. This certification is built on Canonical’s track record in designing Ubuntu for high security and regulated workloads. The FIPS 140-2 modules on Ubuntu 20.04 LTS enable organisations to run and develop applications and solutions for the US public sector and Federal government including regulated industries such as healthcare and finance.

The FIPS-certified modules for Ubuntu 20.04 LTS are available through Ubuntu Advantage subscription and Ubuntu Pro, alongside additional open source security and support services. To get started with Ubuntu for high security and regulated workloads contact our team.

On public clouds, Ubuntu Pro for AWS​ and ​Ubuntu Pro for Azure​ include subscriptions to Canonical’s FIPS 140-2 repositories, alongside expanded security and hardening.

Why is FIPS 140-2 important? 

Encryption is key to protecting sensitive data. In the world of encryption, there are several methodologies using different cryptographic algorithms to convert plain text into cipher text. Navigating multiple methodologies and algorithms creates a complex, labour-intensive process for teams evaluating the cryptographic services offered within software components. 

The U.S. Government addresses this challenge by mandating the use of Federal Information Processing Standard Publication (FIPS) 140-2 certified software within all federal agencies and entities that work with these agencies. FIPS 140-2 defines the critical security parameters that must be used for encryption in the products sold into the U.S. public sector.

FIPS 140-2 is, therefore, required under multiple compliance regimes, such as Federal Risk and Authorization Management Program (FedRAMP), Federal Information Security Management Act of 2002 (FISMA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).

FIPS-certification ensures that software has been thoroughly reviewed and tested before being deployed and used within an agency or organisation requiring data encryption. Industries storing and processing sensitive data spans outside the public sector space, leading to FIPS-certified software being widely adopted within the payment card industry, healthcare and other regulated industries.

Ubuntu and NIST transition to FIPS 140-3

NIST is transitioning from the existing FIPS 140-2 standard to the new FIPS 140-3 revision. FIPS 140-3 aligns the general security requirements with ISO/IEC 19790 – an international standard- and after September 2021, it is expected to be the only active cryptographic certification mechanism by NIST. Existing certifications under FIPS 140-2 have a sunset date of five years from the validation date. Canonical is preparing Ubuntu for the new certification, and intends to provide FIPS 140-3 certified cryptographic packages on a future release of Ubuntu.

Which Ubuntu 20.04 packages versions are FIPS certified?

ComponentDescriptionVersionCMVP Certificate
Linux kernelThe Linux kernel cryptographic library5.4.0.1007.8#3928
OpenSSLGeneral purpose cryptographic library that includes TLS implementation1.1.1f#3966
LibgcryptThe GNUPG cryptographic general purpose library (provides fully certified full disk encryption)1.8.5#3902
StrongSwanIPSec based VPN solution5.8.2#4046

How can I get Ubuntu FIPS?

If you are already an Ubuntu Advantage customer, please refer to our FIPS documentation to learn more about FIPS in Ubuntu.

For a list of all current security certifications Canonical has, see Ubuntu security certifications and hardening standards.

Both FIPS-certified and FIPS-compliant modules for Ubuntu 20.04 LTS are offered with the Ubuntu Advantage for Infrastructure package.

Additionally, you can get optimised Ubuntu images with FIPS modules and other critical security and compliance services by default for public cloud with Ubuntu Pro for AWS and Ubuntu Pro for Azure.
Get FIPS for Ubuntu LTS

Related posts

Lech Sandecki
26 October 2023

Running OpenSSL 1.1.1 after EOL? Stay secure with Ubuntu Pro.

Ubuntu Article

A few months ago, the OpenSSL Project announced the end of life of OpenSSL 1.1.1. It is used by thousands of software components included in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, with many organisations relying on version 1.1.1. Rest assured that the Ubuntu security team will continue to maintain important security fixes in OpenSSL ...

Henry Coggill
7 December 2023

Ubuntu 22.04 FIPS 140-3 modules available for preview

FIPS Article

Canonical has been working with our testing lab partner, atsec information security, to prepare the cryptographic modules in Ubuntu 22.04 LTS (Jammy Jellyfish) for certification with NIST under the new FIPS 140-3 standard. The modules passed all of atsec’s algorithm validation tests and are in the queue awaiting NIST’s approval. We can’t ...

5 September 2023

도커(Docker) 컨테이너 보안: 우분투 프로(Ubuntu Pro)로 FIPS 지원 컨테이너 이해하기

FIPS Security

오늘날 급변하는 디지털 환경에서 강력한 도커 컨테이너 보안 조치의 중요성은 아무리 강조해도 지나치지 않습니다. 컨테이너화된 계층도 규정 준수 표준의 적용을 받기 때문에 보안 문제 및 규정 준수 요구 사항이 발생합니다. 도커 컨테이너 보안 조치는 경량의 어플라이언스 유형 컨테이너(각 캡슐화 코드 및 해당 종속성)를 위협 및 취약성으로부터 보호하는 것을 수반합니다. 민감한 개인 데이터를 처리하는 데 의존하는 ...