Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-327

MicroShift FIPS compliance

XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-1131MicroShift Enhancements 2024 for Industrial, Retail and Public Sector edge customers
    • 0% To Do, 0% In Progress, 100% Done
    • 0
    • Program Call

      Feature Overview (aka. Goal Summary)  

      Ensure MicroShift is compliant with FIPS 140-3

      Goals (aka. expected user outcomes)

      MicroShift is a layered/derived product based on RHEL 9.x and OpenShift V4.x - both base products are either FIPS certified already, or in the process of (see linked JIRAs).

      RHEL 9.0/9.2 are currently in the FIPS certification process. The goal of this feature is that on the day RHEL certification is completed, we can claim the MicroShift is FIPS compliant, because it is using only those certified crypto libs. 

      The goal of this feature is to determine and complete the necessary work so that MicroShift can be sold / used to/by US Public Sector accounts as FIPS 140-3 validated cryptographic modules in order to meet legal requirements for deploying IT solutions. 

      Requirements (aka. Acceptance Criteria):

      MicroShift can be installed and operated in a way that only FIPS compliant crypto libraries are used.

      Questions to Answer (Optional):

      What needs to be actually done on MicroShift side? e.g. add a config switch "fips_enabled=true", or can we inherit this from the OS?

      How can we test/validate e.g. workload containers are also running in fips enabled mode?

      Out of Scope

      The actual FIPS crypt libraries certification is done by RHEL. 

       

      Background

      Helpful links:

      Customer Considerations

      After refinement, we should validate with NAPS customers to ensure that our plans suit their needs.

       

       

      Documentation Considerations

      Provide information that needs to be considered and planned so that documentation will meet customer needs.  Initial completion during Refinement status.

      Provide documenation how to install and operator MicroShift in FIPS compliant way. Can point to RHEL docs for OS installation, then add whatever is necessary for MicroShift

      Interoperability Considerations

      Which other projects and versions in our portfolio does this feature impact?  What interoperability test scenarios should be factored by the layered products?  Initial completion during Refinement status.

              dfroehli42rh Daniel Fröhlich
              dfroehli42rh Daniel Fröhlich
              John George John George
              Matthew Werner Matthew Werner
              Doug Hellmann Doug Hellmann
              Daniel Fröhlich Daniel Fröhlich
              Jon Thomas Jon Thomas
              Votes:
              3 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: