Last year, we announced our pursuit of FIPS 140-2 validation of the Docker Enterprise container platform. This meant starting with the included cryptography components at the Docker Engine foundation to better address the rigorous security requirements of government agencies and others in regulated industries. Over the last year, we’ve progressed through the NIST Cryptographic Module Validation Program (CMVP), from “Implementation Under Test” to “Module In Process” and are nearing full completion of validation. Track our progress online at NIST’s CMVP website and as of this post, we are “Module In Process, Coordination”. We are anticipating full validation of Docker Engine – Enterprise in the coming months.
Recently Docker Engine – Enterprise version 18.03 was released, our first to include the FIPS 140-2 compliant modules currently undergoing validation by the NIST CMVP. These modules cover the cryptography elements in Docker Engine – Enterprise and are used when Engines are deployed standalone or with Docker Swarm enabled.
Compliance from Docker Engine to Container Platform
Additionally we are working to bring the FIPS 140-2 compliant modules into the remainder of the Docker Enterprise container platform and make this available to our customers. This will include FIPS 140-2 compliance for the private registry and management control plane, in addition to the integrated Kubernetes orchestration system. Furthermore, these components will also undergo FIPS 140-2 validation via the NIST CMVP, and you can learn more in a few months.
In the interim, Docker Engine – Enterprise 18.03, which includes the FIPS 140-2 compliant modules, can be deployed into your own environments and provides a great foundation on which to begin your containerization journey – safely and securely.
Stay tuned for more updates!