Docker Completes FIPS 140-2 Validation

Corsec would like to congratulate our partner, Docker, on completing the validation process for the Federal Information Processing Standard 140-2 (FIPS 140-2) on their Enterprise Edition Crypto Module.

Docker partnered with Corsec to complete the certification process, completing CAVP algorithm testing, arduous documentation support, and design consulting in a smooth and structured process. For more information on the validation and to find additional details on the Docker security policy, visit NIST’s validated modules site.

Their completion of the FIPS 140-2 validation process demonstrates their commitment to strong levels of security, including a government backed product offering and a dedication to providing customers and end users with the most scrutinized and highly tested security solutions.

For more information on engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140-2

FIPS 140-2 is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140-2, which is mandated by law in the U.S. and very strictly enforced in Canada, is also currently being reviewed by ISO to become an international standard. FIPS 140-2 is gaining worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140-2 validation of a product provides end users with a high degree of product security, assurance, and dependability.

About the Docker Enterprise Edition Crypto Module

The Docker Enterprise Edition provides businesses with the ability to deploy a Containers 1 as a Service (CaaS) environment to build, ship and run applications (apps). It enables IT operations to secure, provision, and manage both infrastructure resources and base app content while allowing developers to build and deploy their apps in a self-service manner.

The Docker Enterprise Edition Crypto Library is a component of the Docker Engine Enterprise runtime (versions 18.03 and later), and it supplies the cryptographic functionality necessary to support TLS-secured data and management communications between the Docker Engine Enterprise and the other Enterprise Edition components, cluster nodes, users, and external IT entities. It also supplies cryptographic functionality used to support Docker secrets, ID 10 hashes, encrypted overlay networks, and other Docker Enterprise platform components.

About Corsec Security, Inc.

For two decades Corsec has assisted companies through the IT security certification process for FIPS 140-2Common Criteria (CC) and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

Connect With Us

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

###

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com