In regulated environments, some machines must adhere to strict cryptography requirements designed to protect systems from being cracked, altered, or tampered with. Using cryptographic modules that are FIPS certified or compliant ensure a systems’ encryption solutions adequately protect its digital assets. FIPS validated operating systems are a prerequisite for government agencies, their partners, and those wanting to conduct business with the federal government.
There are multiple ways to enable, manage, and monitor FIPS on Ubuntu.
Network access control influences the mode for FIPS enablement
FIPS validated operating systems are deployed across two network types:
- Connected: machines have the ability to contact subdomains on canonical.com to stay current with an evolving security baseline
- Airgapped: machines can not reach beyond their local network
You may have some machines which require strict adherence to FIPS validation. There may be other machines that require FIPS compliance…