Compliance with FIPS 140-3 from NIST is mandatory for:
Certifying an operating system for this standard yourself requires significant investment, cryptographic expertise, and time.
Simplify your compliance process with TuxCare’s Extended Security Updates for AlmaLinux
You’ll gain a complete set of cryptographic packages validated by atsec, a NIST-accredited laboratory, ensuring ongoing security and stability for your regulated workloads – saving you time and resources while ensuring peace of mind.
Meet stringent US and Canadian government security standards with our FIPS-validated components, protecting against legal and financial penalties and making your products eligible for government contracts.
Bypass the lengthy and expensive certification process by implementing pre-certified AlmaLinux FIPS packages. This speeds up your time-to-market and reduces overall project costs, giving you a competitive edge.
Keep your certified deployments secure with FIPS-compliant updates that fix vulnerabilities without altering validated cryptography, ensuring fast re-certification if a cryptographic vulnerability arises.
Extended Security Updates provide high and critical security fixes to extend the AlmaLinux
lifecycle, so you can stay on a FIPS-validated AlmaLinux minor release (currently 9.2, 9.6 and
9.10) for over six years with at least a year overlap between each ESU release.
Cryptographic modules are specific parts of FIPS-certified packages. Most vulnerabilities do not affect
these modules, allowing you to maintain AlmaLinux FIPS 140-3 compliance with our FIPS-compliant
security patches. If a cryptographic vulnerability arises, we will deliver a re-certified package.
The following list contains information about the current validation statuses for FIPS-validated AlmaLinux
packages available with Extended Security Updates. Cryptographic modules that are on the Modules In Process
list have passed all lab testing, have received intermediate CAVP and ESV certificates, and the report has been
submitted to NIST to issue the final certificates.
Cryptographic Module |
Version String | Associated Packages |
Validation Status |
Certificate |
---|---|---|---|---|
Kernel Crypto API | 5.14.0-284.11.1.el9_2.tux care.5 5.14.0-284.11.1.el9_2.tux care.6 libkcapi 1.3.1-3.el9 |
kernel-5.14.0-284.11.1.el9 _2.tuxcare.5 kernel-5.14.0-284.11.1.el9 _2.tuxcare.6 libkcapi-1.3.1-3.el9.x86 _64 libkcapi- hmaccalc-1.3.1-3.el9.x86 _64 |
Active | #4750 (ESV/CAVP) |
OpenSSL | 3.0.7-1d2bd88ee26b3 c90 |
openssl-3.0.7-20.el9_2.t uxcare.1 openssl- libs-3.0.7-20.el9_2.tuxcare.1 |
Review Pending (submitted for interim validation) |
TBA (ESV/CAVP) |
NSS | 3.90.0- b84457b0165f79bf |
nss- softokn-3.90.0-6.el9_2.t uxcare.1 nss-softokn- freebl-3.90.0-6.el9_2.tu xcare.1 |
Review Pending | TBA (ESV/CAVP) |
Libgcrypt | 1.10.0-19b8f37bc86846fe | libgcrypt-1.10.0-10.el9_2. tuxcare.3 |
Review Pending | TBA (ESV/CAVP) |
GnuTLS | 3.7.6-396796fe0a32b434 | gnutls-3.7.6-23.el9_2.tu xcare.3 nettle-3.8-3.el9_2.tuxcare.1 |
Review Pending | TBA (ESV/CAVP) |
Get round-the-clock access to our technical support engineers.
Our ESU support includes assistance with: