FIPS 140-2Estimated reading time: 1 minute
Federal Information Processing Standard (FIPS) 140-2 is a standard defined by the U.S. Government that defines the security requirements for cryptographic modules. The standard is published and maintained by the National Institute of Standards and Technology (NIST) and is mandated by the White House Office of Management and Budget (OMB) in Circular A-130 and pursuant to FISMA (44 U.S.C Chapter 35). NIST operates the Cryptographic Module Validation Program (CMVP) which validates cryptographic modules per the requirements defined by the standard. All Federal information systems that transmit and store sensitive information must utilize FIPS 140-2 validated cryptography.
As of October 2018, Docker’s own cryptographic module has been validated by NIST (Certificate #3304). This module is only included with Docker Engine - Enterprise and supports the following cryptographic security functions in the Engine:
- ID hashes
- Swarm Mode distributed state store and Raft log (securely stores Docker Secrets and Docker - Configs)
- Swarm Mode overlay networks (control plane only)
- Swarm Mode mutual TLS implementation
- Docker daemon socket TLS binding