Docker Achieves FIPS 140-2 Validation
With this validation and industry-recognized seal of approval for cryptographic modules, we are able to further deliver on the fundamental confidentiality, integrity and availability objectives of information security and provide our commercial customers with a validated and secure platform for their applications. As required by the Federal Information Security Management Act (FISMA) and other regulatory technology frameworks like HIPAA and PCI, FIPS 140-2 is an important validation mechanism for protecting the sensitivity and privacy of information in mission-critical systems.
Docker Engine – Enterprise version 18.03 and above includes this now-validated crypto module. This module has been validated at FIPS 140-2 Level 1. The formal Docker Enterprise Edition Crypto Library’s Security Policy calls out the specific security functions in Docker Engine – Enterprise supported by this module and includes the following:
- ID hashes
- Swarm Mode distributed state store and Raft log (securely stores Docker Secrets and Docker Configs)
- Swarm Mode overlay networks (control plane only)
- Swarm Mode mutual TLS implementation
- Docker daemon socket TLS binding
Behind the scenes, Docker Engine – Enterprise leverages a proprietary switching library to swap the crypto module used for functions when FIPS mode is enabled, as shown by the figure below.
We are continuing to work to incorporate this FIPS 140-2 validated module into the remainder of the Docker Enterprise container platform so stay tuned for updates.