FIPS 140-2

Estimated reading time: 1 minute

Federal Information Processing Standard (FIPS) 140-2 is a standard defined by the U.S. Government that defines the security requirements for cryptographic modules. The standard is published and maintained by the National Institute of Standards and Technology (NIST) and is mandated by the White House Office of Management and Budget (OMB) in Circular A-130 and pursuant to FISMA (44 U.S.C Chapter 35). NIST operates the Cryptographic Module Validation Program (CMVP) which validates cryptographic modules per the requirements defined by the standard. All Federal information systems that transmit and store sensitive information must utilize FIPS 140-2 validated cryptography.

Beginning in 2017, Docker’s own cryptographic module, which is used by Docker Engine - Enterprise starting with version 18.03, has been submitted for testing and validation via the NIST CMVP and an independent testing laboratory. As of the most recent update to our documentation, the status of this module is “Module In Process, Coordination”.

Refer to our latest blog post which provides more detail on the latest status of the module undergoing validation. We anticipate full validation to be completed in September 2018, and we’ll have more information to share on technical specifics in the weeks thereafter.

standards, compliance, security