We are very excited about Rocky Linux but we require our OS to be FIPS 140-2 certified/validated because of our requirements from our customers. We are currently running the latest CentOS 8. We are investigating moving away from CentOS 8 and Rocky Linux has some great potential but I cannot investigate/use Rocky Linux if it doesn’t support FIPS 140-2. Are their any plans to fully support this like CentOS 8 anytime soon?
FIPS Validation is very important. Rocky Linux should have a dedicated page about FIPS and the process and current status of FIPS validation [keeping it updated of course]. Having a dedicated page will make it easier for people to find.
Governments are now starting to ask for FIPS 140-3 to superseded FIPS-140-2 [Which FIPS 140-2 will not be validated by CMVP after September 21, 2026]. If you are going to start the validation process, please go for FIPS 140-3 validation.
We are excited to announce that Rocky Linux has reached a significant step in the FIPS 140-3 validation process; right on schedule, Rocky Linux is now named in the NIST Implementation Under Test List.
Big thanks to our founding partner and sponsor CIQ, who has arranged and paid for the FIPS validation process and will be providing it back to the entire RESF/Rocky community. This is not a small effort, the FIPS validation is a million dollar investment and we’re very grateful for their contribution. Thank you CIQ!