SUSE has received first FIPS 140-3 cryptographic certificates

After several years of work the NIST CMVP agency has improved upon the existing FIPS 140-2 certification and established the FIPS 140-3 certification. The new standard brings many changes which are described in the Implementation Guidance. They established new requirements on lifecycle of cryptographic primitives and extended in the area of self-tests. They also took a look and improved on memory integrity and last but not least improved on the process of certification itself.

SUSE was the first Linux Vendor to receive FIPS 140-3 certificates for its cryptographic modules, based on SUSE Linux Enterprise 15 SP4 and related products.

SUSE has received the following certificates:

• SUSE Linux Enterprise GnuTLS Cryptographic Module
• SUSE Linux Enterprise NSS Cryptographic Module
• SUSE Linux Enterprise Kernel Crypto API Cryptographic Module
  • This certificate covers the kernel default and RT flavors.
• SUSE Linux Enterprise OpenSSL Cryptographic Moduley
  • This certificate covers the system openssl library version 1.1.l
• SUSE Linux Enterprise Libgcrypt Cryptographic Module

These certificates cover the 4 CPU architectures support by SUSE Linux Enterprise 15 (Intel and AMD x86_64, IBM Z (s390x), IBM Power (ppc64le) and ARM aarch64).

SUSE at this time is working on certifying the cryptographic modules of SUSE Linux Enterprise Server 15 SP6, and is listed on the Implementation under Test list already.