Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

Rajan Patel
on 21 February 2022

In regulated environments, some machines must adhere to strict cryptography requirements designed to protect systems from being cracked, altered, or tampered with. Using cryptographic modules that are FIPS certified or compliant ensure a systems’ encryption solutions adequately protect its digital assets. FIPS validated operating systems are a prerequisite for government agencies, their partners, and those wanting to conduct business with the federal government.

There are multiple ways to enable, manage, and monitor FIPS on Ubuntu.

Network access control influences the mode for FIPS enablement

FIPS validated operating systems are deployed across two network types:

  1. Connected: machines have the ability to contact subdomains on to stay current with an evolving security baseline
  2. Airgapped: machines can not reach beyond their local network

You may have some machines which require strict adherence to FIPS validation. There may be other machines that require FIPS compliance and critical vulnerability updates right away, before a formal FIPS certification process can be completed. In that case, network accessibility and the nature of the workload will influence which flavour of FIPS is required.

FIPS in connected environments

Ubuntu Pro entitlements, associated with your free or paid subscription, can be managed in the Ubuntu Pro dashboard at FIPS configurations, or access to FIPS Updates, can be associated with a unique token within the Ubuntu Pro dashboard. Running a single ua attach <token> command with the appropriate token will enable the entitlements according to your selections on the Ubuntu Pro dashboard, on the target Ubuntu machine. The free tier grants you access to one token, which serves as a default configuration profile for a set of machines. If you do not wish to automatically enable any entitlements, or if you are using Ubuntu Pro and your UA Client is already attached, this tutorial provides a walkthrough of using the UA Client to enable FIPS.

Monitoring FIPS configurations with Landscape

Landscape is Canonical’s monitoring and management tool for Ubuntu. Organisations incorporate Landscape into their compliance strategies, because of its highly configurable auditing and logging capabilities. In less than 15 minutes, you can configure Landscape to audit UA Client FIPS configurationsin your entire Ubuntu estate.

FIPS in air-gapped environments

Massimiliano Gori, Cybersecurity Compliance Product Manager at Canonical, will discuss how to enable FIPS on Ubuntu in air-gapped environments in a live webinar which you can attend from the comfort of your own desk. Please mark February 23th at 9 AM PST, 12:00 PM EST on your calendar. We look forward to answering all of your questions about FIPS and Landscape.

If you want to learn more

Talk to us about Landscape and our professional services options.

Contact Us

Related posts

Henry Coggill
7 December 2023

Ubuntu 22.04 FIPS 140-3 modules available for preview

FIPS Article

Canonical has been working with our testing lab partner, atsec information security, to prepare the cryptographic modules in Ubuntu 22.04 LTS (Jammy Jellyfish) for certification with NIST under the new FIPS 140-3 standard. The modules passed all of atsec’s algorithm validation tests and are in the queue awaiting NIST’s approval. We can’t ...

Rajan Patel
13 September 2023

Deploy fully configured VMs in minutes on Google Cloud, using gcloud CLI and cloud-init

Cloud and server Article

Make reusable deployment templates for Landscape and other applications ...

Rajan Patel
8 September 2023

Manage FIPS-enabled Linux machines at scale with Landscape 23.03

Cloud and server Article

You or your organisation are tasked with hardening your workstations and servers, where do you begin? Installing Ubuntu and applying all the security patches is a good place to start, but what else is needed? The National Institute of Standards and Technology (NIST), a cybersecurity agency established in 1988, has published a series of se ...