Chainguard Java Images Now Support FIPS 140-3
Chainguard Java images now support FIPS 140-3 compliance using the newly certified Bouncy Castle 2.0 cryptographic modules. This update provides our customers with the latest in cryptographic security standards while maintaining backwards compatibility for existing FIPS 140-2 implementations.
Key highlights:
FIPS 140-3 Support: All Chainguard Open JDK-based images now include Bouncy Castle FIPS (BCFIPS) 2.0.x modules, enabling FIPS 140-3 compliance.
JDK 21 Support: We're introducing FIPS mode for JDK 21 images, powered by BCFIPS 2.0.x.
Continued FIPS 140-2 Support: Existing customers using FIPS 140-2 with JDK 11 and 17 can continue to do so, ensuring a smooth transition path.
Bouncy Castle 1.0.0 is now archived
For anyone using hardened Java images compliant with FedRAMP, maintaining FIPS compliance is crucial, yet the immediate need for 140-3 might not be a top priority. With countless other tasks demanding attention, the focus is often on present concerns rather than future requirements. The archiving of Bouncy Castle 1.0.0 this month serves as a reminder of the need to stay updated, but the prospect of upgrading numerous open-source applications to Bouncy Castle 2.0.0 can be daunting.
Chainguard offers a streamlined solution to this challenge. By utilizing Chainguard's pre-configured FIPS-compliant app images, customers can effortlessly incorporate Bouncy Castle 2.0.0 into their applications. This not only ensures compliance with both current and future FIPS standards but also provides vulnerability remediation, safeguarding applications from potential security threats. This approach eliminates the need for time-consuming manual upgrades, allowing customers to focus on their core business objectives while maintaining a secure and compliant software environment.
Chainguard’s Java Images add Bouncy Castle 2.0.x support
Chainguard's Java images with Bouncy Castle 2.0.x offer several key benefits, including:
Future-proof compliance:
FIPS 140-3 is the most recent standard for cryptographic modules, ensuring the highest level of security for your applications. By utilizing our FIPS-compliant solutions, you can be confident that your applications meet the latest regulatory requirements, reducing the risk of security breaches and compliance violations.
Simplified audits:
Our pre-configured FIPS-compliant images streamline the certification process, saving you time and resources. With our pre-built FIPS-compliant images, you no longer need to spend valuable time and effort manually configuring and testing your applications for compliance.
Reduced risk:
Chainguard's expertise in secure software supply chains ensures that our FIPS-compliant images are built with the highest security standards in mind. By leveraging our expertise, you can minimize the risk of vulnerabilities and non-compliance, giving you peace of mind knowing that your applications are protected.
Performance optimized:
Our FIPS-compliant images are designed with performance in mind. They maintain high performance, with minimal overhead compared to non-FIPS Java images. This ensures that your applications will run smoothly and efficiently, without sacrificing security.
The full list of images is the following:
For existing customers, we've designed a seamless upgrade path. Our JDK 11 and 17 images now support both FIPS 140-2 and 140-3, allowing you to transition at your own pace. New JDK 21 images are FIPS 140-3 compliant out of the box.
To learn more about our FIPS-compliant Java images and how they can benefit your organization, check out our updated FIPS documentation or contact our sales team for a personalized consultation.
Stay tuned for more updates as we continue to enhance our secure, compliant image offerings. At Chainguard, we're committed to simplifying security and compliance for developers and organizations alike.
Share this article
Related articles
- Product
Introducing New Updates to the Chainguard Images Directory
We've improved the Chainguard Images Directory with Helm charts for faster deployments, an ROI calculator, and more refreshed data to improve your experience.
Ron Norman, Director of UX and Design, and Julian Vermette, Principal Software Engineer
- Product
Introducing the Self-Serve Catalog Experience
Chainguard launches the Self-Serve Experience for Catalog customers: instantly add, rename, or remove container images from our catalog, no tickets required.
Tony Camp, Staff Product Manager
- Product
Custom Assembly Updates: Create Multiple, Customized Variants of a Chainguard Container
Customize Chainguard Containers with the latest Custom Assembly update. You can create, edit, and manage secure, zero-CVE image variants directly in the console.
Tony Camp, Staff Product Manager
- Product
Class in Session: Chainguard Contributes to the Higher Education Community
Catch up on what Chainguard is doing with higher education institutions to advance open source security and build the next generation of innovation.
Ewan Simpson, Higher Education Advocate, and SJ Cushing, Field Marketing Manager, Higher Education
- Product
Secure and Free MinIO Chainguard Containers
MinIO pulled its free images—but Chainguard has you covered. Get zero-CVE, continuously built MinIO and MinIO Client containers, free and secure from Chainguard.
Manfred Moser, Senior Principal Developer Relations Engineer, Dimitri John Ledkov, Senior Principal Software Engineer, Lisa Tagliaferri, Senior Director, Developer Enablement, and Aaditya Jain, Senior Product Marketing Manager
- Product
Chainguard Libraries for Python: Now Generally Available with CVE Remediation and Malware Protection
Chainguard Libraries for Python, trusted open source language libraries designed for CVE remediation and malware protection, is now generally available.
Bria Giordano, Director, Product Marketing, and Anushka Iyer, Product Marketing Manager