#USA #OpenSSL #Kirkland #Chainguard #FIPS Provider

Chainguard Launches Revolutionary FIPS Module

In a significant advancement for cybersecurity, Chainguard has unveiled its first FIPS container images based on OpenSSL 3.4. This announcement comes as organizations across various sectors are increasingly required to maintain stringent security and compliance standards. The new Chainguard FIPS Provider promises to elevate the standards of validated cryptography in the realm of open-source software.

What is FIPS?

FIPS, or Federal Information Processing Standards, is a set of standards created by the U.S. federal government to ensure computer security and interoperability. For organizations in regulated environments—such as federal agencies, financial institutions, and healthcare providers—FIPS validation is vital for meeting compliance requirements. However, achieving FIPS validation is merely a starting point; organizations face ongoing challenges as they must adapt to evolving security threats and compliance regulations.

The Unique Offering of Chainguard

Chainguard has taken an innovative approach by owning and maintaining their validated cryptographic module. This allows them to provide continuous updates and improvements that ensure compliance with the latest NIST guidelines well into 2030. "FIPS validation shouldn't just be a paper certification that does not reflect operational realities," stated Patrick Donahue, Senior Vice President of Product at Chainguard. By owning the validated module, Chainguard is positioned to directly address vulnerabilities within their systems and manage updates more fluidly, thus reinforcing both security and compliance simultaneously.

Bridging the Gap Between Compliance and Vulnerability Management

Maintaining security in the face of new vulnerabilities while ensuring compliance is a challenging endeavor for organizations. With their own validated cryptographic module, Chainguard can effectively manage vulnerabilities and maintain compliant status with ease. This dual focus not only simplifies the compliance process but also enhances organizational security posture. Chainguard's FIPS Provider for OpenSSL 3.4 presents the following key features:

• - Zero Known CVEs: Chainguard commits to having zero known vulnerabilities as well as guaranteeing prompt submissions of updates for any in-boundary CVEs, setting a new industry standard for FIPS modules.

• - Built on OpenSSL 3.4: Leveraging the latest version of OpenSSL for enhanced performance and architectural improvements, the module ensures modern computational capabilities within a secure framework.

• - 2030-Ready Cryptography: Fully compliant with NIST SP 800-131A guidance through 2030, the offering includes support for FIPS 186-5 Ed25519 and phases out outdated algorithms.

• - Userspace Design for Enhanced Security: The module operates completely within userspace while ensuring SP 800-90B-validated entropy. This architecture is validated across diverse environments, from edge devices to cloud platforms.

• - Comprehensive Algorithm Coverage: With 39 CAVP certificates, Chainguard’s module supports both software and hardware-accelerated implementations on modern processors.

The Security Community's Perspective

Industry experts praise this development, viewing it as a major leap towards aligning vulnerability management with compliance protocols. Orbby Chang, Senior Architect at Trend Micro, remarked, “Bringing validated cryptography and vulnerability management closer together is a significant step forward for the broader security community.” Chainguard’s proactive approach in ensuring their cryptographic solutions remain secure, modern, and compliant promises to bolster the security landscape significantly.

Looking Ahead

All of Chainguard's FIPS container images are set to upgrade to the newly certified Chainguard FIPS Provider for OpenSSL 3.4 on March 17, 2026. This transformation indicates a more robust future for organizations aiming to navigate the complexities of cybersecurity and compliance. For organizations seeking to learn more about Chainguard’s FIPS commitment and how it can enhance their operations, further information is available on Chainguard's official website.

As cybersecurity continues to evolve, Chainguard’s innovative approach not only reflects their commitment to supporting open-source software but also highlights their strategic position as a pivotal player in providing secure and compliant technologies.