[SOLVED] CentOS is FIPS compliant
[SOLVED] CentOS is FIPS compliant
Hello,
RHEL 6.2 can be made FIPS compliant.
Similar to that is CentOS 6.2 also FIPS compliant.If yes what is the method to make it FIPS compliant.
Thanks
Gayatri
RHEL 6.2 can be made FIPS compliant.
Similar to that is CentOS 6.2 also FIPS compliant.If yes what is the method to make it FIPS compliant.
Thanks
Gayatri
[SOLVED] CentOS is FIPS compliant
I'd suggest you try following the procedure in this upstream documentation [url=https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html]Enabling FIPS Mode[/url]. Then check with this command:
[code]
$ cat /proc/sys/crypto/fips_enabled
1
[/code]
[code]
$ cat /proc/sys/crypto/fips_enabled
1
[/code]
Re: CentOS is FIPS compliant
Thanks!!! its working
Re: [SOLVED] CentOS is FIPS compliant
Thanks for reporting back. Glad to hear it worked. Marking this thread [SOLVED] for posterity.
Re: [SOLVED] CentOS is FIPS compliant
Not sure how this is resolved. FIPS 140-2 validated means that the specific product is listed in http://csrc.nist.gov/groups/STM/cmvp/do ... al-all.htm. CentOS is not validated.
Re: [SOLVED] CentOS is FIPS compliant
For something that isn't validated, I see an awful lot of mentions of the string "CentOS" in that page you linked to.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: [SOLVED] CentOS is FIPS compliant
Hi,
Can we assume that using the OpenSSL coming with the Cent OS 6.x (6.4/6.5) has already bundled with the fips module and when enabled can operate/work in the FIPS Mode. By Using the Open SSL coming with the CentOS can we go for the FIPS validation of our application.
Or is it mandatory to rebuild the OpenSSL with FIPS module and update it inorder to make it FIPS Compliant as Cent OS is not validated for FIPS Compliant.
Thansk,
Srikanth
Can we assume that using the OpenSSL coming with the Cent OS 6.x (6.4/6.5) has already bundled with the fips module and when enabled can operate/work in the FIPS Mode. By Using the Open SSL coming with the CentOS can we go for the FIPS validation of our application.
Or is it mandatory to rebuild the OpenSSL with FIPS module and update it inorder to make it FIPS Compliant as Cent OS is not validated for FIPS Compliant.
Thansk,
Srikanth
Re: [SOLVED] CentOS is FIPS compliant
Hi Srikanth
I have same question as yours, "Openssl that comes with the Cent OS6.5 can be made to work in FIPS mode?" or do we need to compile and build it? I still see your question is open, Were you able to enable FIPS with existing opesssl?
Thanks
I have same question as yours, "Openssl that comes with the Cent OS6.5 can be made to work in FIPS mode?" or do we need to compile and build it? I still see your question is open, Were you able to enable FIPS with existing opesssl?
Thanks
Re: [SOLVED] CentOS is FIPS compliant
No, you do not need to rebuild OpenSSL with FIPS module.
You can enable FIPS mode in CentOS by following the documentation link that toracat provided above. CentOS provides the same technical FIPS functionality as in Red Hat when configured the same way.
Whether some product is validated to FIPS 140-2 is a legal question, not a functional question. Consult your legal adviser. Do not expect getting correct answers to your legal questions from random users on some discussion forum.
You can enable FIPS mode in CentOS by following the documentation link that toracat provided above. CentOS provides the same technical FIPS functionality as in Red Hat when configured the same way.
Whether some product is validated to FIPS 140-2 is a legal question, not a functional question. Consult your legal adviser. Do not expect getting correct answers to your legal questions from random users on some discussion forum.