Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-853

Address remaining items required for OCP & layered products FIPS compliance

    XMLWordPrintable

Details

    • Outcome
    • Resolution: Unresolved
    • Critical
    • None
    • None
    • Security & Compliance
    • 33% 33%
    • 0

    Description

      Outcome Overview

      During our work on we discovered a number of gaps in our FIPS compliance that we have not yet remediated and also identified improvements that will make it easier to address an issue like this in future. 

      Success Criteria

      • Customers received the scanner we built to validate that golang images are FIPS ready with the OpenShift payload
      • We know how to deliver FIPS ready RUST images and how to validate that they are FIPS ready
      • We have determined how to address use of non-FIPS validated crypto from the golang xcrypto library. 
      • We have updated our Ecosystem catalog with accurate tagging as to which RH components are FIPS ready. 
      • We have updated the published KCS with all our learnings that are appropriate to include. 
      • Update RHEL documentation to be sure the information on how to build a golang image that is FIPS ready. 
      • Our documentation makes a clear distinction between FIPS Compliant and FIPS Ready so that we do not need to modify our documentation based on where RHEL crypto libraries are in the NIST Validation process. 
      • Ensure that customers have an easy way to determine which crypto libraries OpenShift relies on for FIPS readiness so that they can check our web pages to determine if those are FIPS Validated yet or not. 

      Expected Results (what, how, when)

      These outcomes improve our ability to sell OpenShift to customers who are required to use only FIPS validated crypto. We will measure this by polling the NAPS sales team to determine their satisfaction with the results. 

      These outcomes provide tools and information to such customers that enable them to verify that OpenShift components are FIPS ready / FIPS compliant. We will measure this by polling the NAPS support team to determine customer satisfaction with the results. 

       

      Post Completion Review – Actual Results

      After completing the work (as determined by the "when" in Expected Results above), list the actual results observed / measured during Post Completion review(s).

       

      Attachments

        Issue Links

          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. CMP-2448 As the check_payload tool, I want to detect supported base images

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-1315 Align the filtering option for FIPS to “Designed for FIPS”

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • New

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-327 MicroShift FIPS compliance

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              jjung@redhat.com Jean-Philippe Jung
              knewcome@redhat.com Kirsten Newcomer
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: