Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 9. Industry Standards and Certification

FIPS 140 Revalidations

Federal Information Processing Standards (FIPS) publications 140 is a U.S. government security standard that specifies the security requirements that must be satisfied by a cryptographic module utilized within a security system protecting sensitive, but unclassified information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification, cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.
Red Hat Enterprise Linux 6.5 supports NSA Suite B cryptography enhancements and certifications. These cryptographic algorithms provide highly secure networking communication. NSA SUITE B is required for government agencies under NIST 800 - 131. Components of NSA Suite B cryptography include the following:
  • Advanced Encryption Standard (AES) encryption GCM mode of operation
  • Elliptic Curve Diffie–Hellman (ECDH)
  • Secure Hash Algorithm 2 (SHA-256)
The following targets are in the process of validation:
  • NSS FIPS-140 Level 1
  • Suite B Elliptic Curve Cryptography (ECC)
  • OpenSSH (Client and Server)
  • Openswan
  • dm-crypt
  • OpenSSL
  • Kernel Crypto
  • AES-GCM, AES-CTS, AES-CTR ciphers