Hacker News new | ask | show | jobs
by Twirrim 722 days ago
Why is it a problem with FedRAMP? CentOS 8 is FIPS certified, has STIG profiles etc.
1 comments
p_l 722 days ago
Last I checked, CentOS Stream is not FIPS certified, and CentOS 8 is already past EOL, which makes it not allowed for FedRAMP.

And IIRC CentOS8 FIPS certificate was taken out by Red Hat (wouldn't have had to implement our own FIPS handling on CentOS7 if not for that move).

link
tiberious726 722 days ago
Centos was never FIPS certified https://csrc.nist.gov/projects/cryptographic-module-validati...
link
p_l 722 days ago
There was a time when RHEL FIPS certificate also applied to CentOS, and one of my former $DAYJOBs depended on that for a long time. Then Red Hat pulled the cert, and later there was a mad scramble to get rid of CentOS because of the EOL :)
link
tiberious726 722 days ago
Oh wow! Do happen to have a link to the old cert? I /really/ looked for a way for us to stay on centos when we started doing this kind of stuff.
link
Twirrim 722 days ago
Doh, sorry. Forgot it only hit Red Hat 8 (and derivatives).
link