OpenStack Platform 13 Overview

OpenStack Platform 13 overview

Common Criteria

OpenStack Platform 13 has not undergone Common Criteria certification. A future certification against the NIAP Protection Profile for Application Software is being considered.

To help Red Hat track demand for a Common Criteria certification of OpenStack Platform 13, please open a customer support case requesting an evaluation.

FIPS 140-2

Federal Information Processing Standard 140-2 is a legal requirement ensuring cryptographic tools implement algorithms properly. Vendors must certify their cryptographic implementations through NIST’s Cryptographic Module Validation Program.

FIPS 140-2 validation does not constitute an entire product. Rather, underlying cryptographic subsystems or components, such as OpenSSL and OpenSSH, are validated.

When OpenStack Platform 13 runs on Red Hat Enterprise Linux 7.x, the following FIPS 140-2 validations are retained:

Product Component Version NIST Certificate Status Sunset/Expiration?
Red Hat Enterprise Linux 7.x OpenSSL 5.0 #3016 ACTIVE 9/14/2022
Red Hat Enterprise Linux 7.x OpenSSH Client 5.0 #3067 ACTIVE 11/26/2022
Red Hat Enterprise Linux 7.x OpenSSH Server 5.0 #3063 ACTIVE 11/13/2022
Red Hat Enterprise Linux 7.x Libreswan 5.0 #3083 ACTIVE 12/18/2022
Red Hat Enterprise Linux 7.x GnuTLS 5.0 #3012 ACTIVE 9/7/2022
Red Hat Enterprise Linux 7.x libgcrypt 5.0 #2657 ACTIVE 6/12/2021
Red Hat Enterprise Linux 7.x NSS 5.0 #3070 ACTIVE 2/7/2023

Known Issues with FIPS 140-2 Enablement

Coming soon.

USGv6 / IPv6

OpenStack Platform 13 does not have any US Government IPv6 certifications.

Section 508 / VPAT

Coming soon.

Configuration Guides

A NIST National Checklist for OpenStack Platform 13 is currently being developed. Contact your Red Hat representative for pre-release access!