Terms & Policies

Learn more about Chainguard policies and our legal documents.

CHAINGUARD FIPS COMMITMENT

‍

Federal Information Processing Standards (FIPS). FIPS are publicly announced standards developed by the National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce. FIPS compliance ensures that cryptographic security services within applications meet strict security and integrity standards, and are implemented and configured correctly

‍

Chainguard FIPS Warranties. Chainguard warranties the following with respect to Chainguard container images:

‍

Chainguard’s FIPS Images available to be delivered in compliance with FIPS specifications are listed here (each a “Chainguard FIPS Image”). Images will be made available in compliance with FIPS specifications provided a customer’s applicable order form designates the purchase of Chainguard FIPS images.

The Chainguard FIPS images contain FIPS-validated software cryptographic modules. Entropy must be provided as specified in its cryptographic policy. The cryptographic module may provide non-approved algorithms, which will result in operating in FIPS non-approved mode.

Below are lists of current, upcoming, and historical certified modules shipped in Chainguard FIPS Images. The SBOM indicator is a differentiator to uniquely identify the primary module location. Within Chainguard FIPS Images, tags and hashes may be used to identify different modules.

Currently in use certified modules:

Name	Certification	SBOM indicator
Chainguard OpenSSL 3.0 FIPS Provider Module	CMVP #4856 rebrand of CMVP #4282	openssl-provider-fips~3.0.9
Chainguard CPU Time Jitter RNG Entropy Source	Entropy Certificate #E191	libcrypto3>=3.4.0-r2
Bouncy Castle FIPS Java API	CMVP #4943	bouncycastle-fips~2.1.0
BoringCrypto	CMVP #4407	cilium-envoy-fips cilium-fips datawire-envoy-fips envoy-fips istio-envoy-fips ztunnel-fips

Upcoming modules (subject to change):

Name	Certification	SBOM indicator
OpenSSL FIPS Provider	CMVP #4985	openssl-provider-fips-3.1.2
Chainguard FIPS Provider for OpenSSL	Module in Process	openssl-provider-fips-3.4.0
Bouncy Castle FIPS Java API	Implementation Under Test	bouncycastle-fips~2.2.0

Previously used modules:

Name	Certification	SBOM indicator
OpenSSL FIPS Provider	CMVP #4282	openssl-provider-fips~3.0.8
Bouncy Castle FIPS Java API	CMVP #4616	bouncycastle-fips~1.0.2 bouncycastle-fips-1.0
Bouncy Castle FIPS Java API	CMVP #4743	bouncycastle-fips~2.0.0

These may be updated occasionally; for further information, contact fips-contact@chainguard.dev.

‍

Chainguard FIPS Warranty Remediation. Chainguard will take commercially reasonable efforts to ensure applications utilize FIPS validated cryptographic modules for any cryptographic operations, provided that the parties acknowledge and agree that certain behaviors or functionalities within such applications, which are beyond the direct control of Chainguard, may not fully adhere to FIPS requirements. In the event there are common vulnerabilities and exposures identified, the Chainguard SLA will apply.

‍

More About FIPS. If Customer requests an image not currently available as a Chainguard FIPS Image, Chainguard will use commercially reasonable efforts to determine if such request is feasible. For further information, contact fips-contact@chainguard.dev.

Our Products

Chainguard Containers

Chainguard Libraries

Chainguard VMs

Images Directory

By Use Case

Container Image Security

Vulnerability Remediation

Compliance & Risk Mitigation

Software Supply Chain Security

AI/ML Security

Resource Hub

Unchained Blog

Events

Trust Center

Education

Documentation

Courses

Featured Event

Terms & Policies