All services running in a FedRAMP environment must leverage FIPS approved cryptographic ciphers and libraries. In order to run the Kessel services in FedRAMP, they must be built using this approved libraries

Done Critieria

• Image/Binary build process is updated to ensurue FIPS approved ciphers are leveraged and the image/binary is FIPS compliant

Useful Resources

• Any SREP operators running in FedRAMP are FIPS compliant and have solved this issue – see their various dockerfiles and build flags for guidance: LINK
• Red Hat ships a special fork of Go that supports using the correct libraries for FIPS, using UBI images – this doc is useful for testing and validating FIPS compliance: LINK