Chainguard Java Images Now Support FIPS 140-3
Chainguard Java images now support FIPS 140-3 compliance using the newly certified Bouncy Castle 2.0 cryptographic modules. This update provides our customers with the latest in cryptographic security standards while maintaining backwards compatibility for existing FIPS 140-2 implementations.
Key highlights:
FIPS 140-3 Support: All Chainguard Open JDK-based images now include Bouncy Castle FIPS (BCFIPS) 2.0.x modules, enabling FIPS 140-3 compliance.
JDK 21 Support: We're introducing FIPS mode for JDK 21 images, powered by BCFIPS 2.0.x.
Continued FIPS 140-2 Support: Existing customers using FIPS 140-2 with JDK 11 and 17 can continue to do so, ensuring a smooth transition path.
Bouncy Castle 1.0.0 is now archived
For anyone using hardened Java images compliant with FedRAMP, maintaining FIPS compliance is crucial, yet the immediate need for 140-3 might not be a top priority. With countless other tasks demanding attention, the focus is often on present concerns rather than future requirements. The archiving of Bouncy Castle 1.0.0 this month serves as a reminder of the need to stay updated, but the prospect of upgrading numerous open-source applications to Bouncy Castle 2.0.0 can be daunting.
Chainguard offers a streamlined solution to this challenge. By utilizing Chainguard's pre-configured FIPS-compliant app images, customers can effortlessly incorporate Bouncy Castle 2.0.0 into their applications. This not only ensures compliance with both current and future FIPS standards but also provides vulnerability remediation, safeguarding applications from potential security threats. This approach eliminates the need for time-consuming manual upgrades, allowing customers to focus on their core business objectives while maintaining a secure and compliant software environment.
Chainguard’s Java Images add Bouncy Castle 2.0.x support
Chainguard's Java images with Bouncy Castle 2.0.x offer several key benefits, including:
Future-proof compliance:
FIPS 140-3 is the most recent standard for cryptographic modules, ensuring the highest level of security for your applications. By utilizing our FIPS-compliant solutions, you can be confident that your applications meet the latest regulatory requirements, reducing the risk of security breaches and compliance violations.
Simplified audits:
Our pre-configured FIPS-compliant images streamline the certification process, saving you time and resources. With our pre-built FIPS-compliant images, you no longer need to spend valuable time and effort manually configuring and testing your applications for compliance.
Reduced risk:
Chainguard's expertise in secure software supply chains ensures that our FIPS-compliant images are built with the highest security standards in mind. By leveraging our expertise, you can minimize the risk of vulnerabilities and non-compliance, giving you peace of mind knowing that your applications are protected.
Performance optimized:
Our FIPS-compliant images are designed with performance in mind. They maintain high performance, with minimal overhead compared to non-FIPS Java images. This ensures that your applications will run smoothly and efficiently, without sacrificing security.
The full list of images is the following:
For existing customers, we've designed a seamless upgrade path. Our JDK 11 and 17 images now support both FIPS 140-2 and 140-3, allowing you to transition at your own pace. New JDK 21 images are FIPS 140-3 compliant out of the box.
To learn more about our FIPS-compliant Java images and how they can benefit your organization, check out our updated FIPS documentation or contact our sales team for a personalized consultation.
Stay tuned for more updates as we continue to enhance our secure, compliant image offerings. At Chainguard, we're committed to simplifying security and compliance for developers and organizations alike.
Ready to Lock Down Your Supply Chain?
Talk to our customer obsessed, community-driven team.