FIPS 140-2

Federal Information Processing Standard (FIPS) 140-2 is a standard defined by the U.S. Government that defines the security requirements for cryptographic modules. The standard is published and maintained by the National Institute of Standards and Technology (NIST) and is mandated by the White House Office of Management and Budget (OMB) in Circular A-130 and pursuant to FISMA (44 U.S.C Chapter 35). NIST operates the Cryptographic Module Validation Program (CMVP) which validates cryptographic modules per the requirements defined by the standard. All Federal information systems that transmit and store sensitive information must utilize FIPS 140-2 validated cryptography.

As of October 2018, Docker’s own cryptographic module has been validated by NIST (Certificate #3304). This module is only included with Docker Engine - Enterprise and supports the following cryptographic security functions in the Engine:

• ID hashes
• Swarm Mode distributed state store and Raft log (securely stores Docker Secrets and Docker - Configs)
• Swarm Mode overlay networks (control plane only)
• Swarm Mode mutual TLS implementation
• Docker daemon socket TLS binding

The FIPS Mode of operation can be enabled on the Engine to activate the module. Instructions for doing so on Red Hat Enterprise Linux can be found here and on Windows Server here.

Refer to our blog post and press release on the announcement for more information.