Chapitre 2. Installing the system in FIPS mode
To enable the cryptographic module self-checks mandated by the Federal Information Processing Standard (FIPS) 140-3, you have to operate RHEL 9 in FIPS mode.
You can achieve this by:
- Starting the installation in FIPS mode.
- Switching the system into FIPS mode after the installation.
To avoid cryptographic key material regeneration and reevaluation of the compliance of the resulting system associated with converting already deployed systems, Red Hat recommends starting the installation in FIPS mode.
The cryptographic modules of RHEL 9 are not yet certified for the FIPS 140-3 requirements.
2.1. Federal Information Processing Standard (FIPS)
The Federal Information Processing Standard (FIPS) Publication 140-3 is a computer security standard developed by the U.S. Government and industry working group to validate the quality of cryptographic modules. See the official FIPS publications at NIST Computer Security Resource Center.
The FIPS 140-3 standard ensures that cryptographic tools implement their algorithms correctly. One of the mechanisms for that is runtime self-checks. See the full FIPS 140-3 standard at FIPS PUB 140-3 for further details and other specifications of the FIPS standard.
To learn about compliance requirements, see the Red Hat Government Standards page.