Goal

We want a release blocking job to ensure that FIPS mode works with core payload functionality, and also that the base images are correct.  It is possible for the FIPS mode to be funtionally correct but out of compliance if the wrong crypto libraries are used, so I think we need both functional assessment as well as confirmation of the base image version here. (potentially, the base-image checking can also be used for layered operators in another test)

Benefit Hypothesis:

This will ensure we don't backslide on FIPS validated offerings.  The customers who care about this are not going to be OK with mistakes here.

Responsibilities

I think this is mostly on ART side.  We can pull in other teams as needed.

Success Criteria

We have confidence in our FIPS posture, can explain it internally and externally, and do not have any related security issues in 24 months.

Results

Add results here once the Initiative is started. Recommend discussions & updates once per quarter in bullets.