@KathyReid@ubuntu unfortunately we don't have a timeframe currently for FIPS for 22.04 LTS - we are waiting on NIST and they are not able to give us an estimate on this. However, the modules (which are waiting to be certified by NIST etc) are available via the fips-updates service in Ubuntu Pro - so you could use this to be #FIPS compliant (but not FIPS certified) in the meantime.
That's helpful, but unfortunately doesn't solve the problem with Palo Alto VPN requiring FIPS certification - because it means I can't connect to Global Protect using 22.04 LTS and the uni service desk wants me to downgrade to 20.04 LTS (!) which I'm not going to do - because I'm running a CUDA / GPU stack ....
@KathyReid@ubuntusecurity@ubuntu Why is an Australian university requiring FIPS (a US certification) in the first place? Not that I'm suggesting it's feasible, but the assertion is surely client-side so something like OpenConnect could spoof it.
Another option - run 20.04 LTS in a VM and route your traffic through it.
@KathyReid@ubuntusecurity@ubuntu FIPS certification notoriously takes years so you end up running out of date software if you require it. Perhaps feed that back to the security team that they're forcing the use of older, insecure software (notwithstanding that 20.04 LTS is still under security support, there will still be security improvements that aren't backported) by requiring FIPS. Easy and thoughtless box-ticking security teams don't go hand-in-hand unfortunately
Add comment