Bug 962247 - OpenShift Enterprise is not FIPS 140-2 Compliant
OpenShift Enterprise is not FIPS 140-2 Compliant
Status: CLOSED DUPLICATE of bug 923119
Product: OpenShift Container Platform
Classification: Red Hat
Component: Security (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Brenton Leanhardt
Xiaoli Tian
Depends On:
  Show dependency treegraph
Reported: 2013-05-12 19:48 EDT by Shawn Wells
Modified: 2016-05-25 07:45 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-05-14 08:47:42 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Shawn Wells 2013-05-12 19:48:21 EDT
Description of problem:

U.S. Government deployments require FIPS 140-2 compliance, however OpenShift Enterprise is not FIPS 140-2 compliant. This will prohibit deployments on US Government networks across State, Local, Federal, Military, and Intelligence markets.

NIST 800-53 SA-4: Prohibits the U.S. Government from procuring solutions which are not FIPS 140-2 certified.

NIST 800-53 IA-7: Access control must be performed over FIPS 140-2 (e.g., FIPS enable SSH connections)

NIST 800-54 MA-4(6): FIPS mechanisms to protect the integrity and confidentiality of non-local maintenance and diagnostic communications.

The list is extensive. A copy of the NIST regulations can be found at:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure Base RHEL6 in FIPS mode
2. Watch things break
Actual results:

Expected results:
OpenShift Enterprise remains functional when FIPS 140-2 enabled in BaseOS.
Additionally, need checks to ensure that OpenShift components (such as web server) are using FIPS 140-2 crypto libraries.

Additional info:

The impact of OpenShift not having FIPS 140-2 cryptography is quiet severe. U.S. government procurement regulations prevent acquisition of non-FIPS certified software. As currently stands, the U.S. government and associated system integrator community is not allowed to purchase the RH OpenShift product.
Comment 2 Brenton Leanhardt 2013-05-14 08:47:42 EDT

*** This bug has been marked as a duplicate of bug 923119 ***

Note You need to log in before you can comment on or make changes to this bug.