Outcome Overview

During our work on we discovered a number of gaps in our FIPS compliance that we have not yet remediated and also identified improvements that will make it easier to address an issue like this in future. 

Success Criteria

• Customers received the scanner we built to validate that golang images are FIPS ready with the OpenShift payload
• We know how to deliver FIPS ready RUST images and how to validate that they are FIPS ready
• We have determined how to address use of non-FIPS validated crypto from the golang xcrypto library. 
• We have updated our Ecosystem catalog with accurate tagging as to which RH components are FIPS ready. 
• We have updated the published KCS with all our learnings that are appropriate to include. 
• Update RHEL documentation to be sure the information on how to build a golang image that is FIPS ready. 
• Our documentation makes a clear distinction between FIPS Compliant and FIPS Ready so that we do not need to modify our documentation based on where RHEL crypto libraries are in the NIST Validation process. 
• Ensure that customers have an easy way to determine which crypto libraries OpenShift relies on for FIPS readiness so that they can check our web pages to determine if those are FIPS Validated yet or not. 

Expected Results (what, how, when)

These outcomes improve our ability to sell OpenShift to customers who are required to use only FIPS validated crypto. We will measure this by polling the NAPS sales team to determine their satisfaction with the results. 

These outcomes provide tools and information to such customers that enable them to verify that OpenShift components are FIPS ready / FIPS compliant. We will measure this by polling the NAPS support team to determine customer satisfaction with the results. 

Post Completion Review – Actual Results

After completing the work (as determined by the "when" in Expected Results above), list the actual results observed / measured during Post Completion review(s).