TransWikia.com

Is running software in Docker an allowable way to bypass FIPS 140-2 issues?

Information Security Asked by anon289837 on December 15, 2021

Someone has a service that uses a FIPS non-compatible hash in a protocol signature. When FIPS 140-2 compatibility is enabled on the hosts the service crashes (due to the hash signature being not allowed by the security configuration of the host). A way to get around this is to put the service in a Docker container on the FIPS compatible host. It works, but is it ok from a FIPS compatibility point of view? If not, why?

One Answer

You are basically asking if it is ok to ignore FIPS 140-2 requirements for a specific task, the actual way you do this does really not matter. It is unknown if this is acceptable or not in your specific use case. But at least you can no longer claim that all the cryptographic operations you do on the machine conform to FIPS 140-2 requirements.

Answered by Steffen Ullrich on December 15, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP