An Update on the Docker FIPS 140-2 Compliance Initiative

Aug 15 2018

Last year, we announced our pursuit of FIPS 140-2 validation of the Docker Enterprise container platform. This meant starting with the included cryptography components at the Docker Engine foundation to better address the rigorous security requirements of government agencies and others in regulated industries. Over the last year, we’ve progressed through the NIST Cryptographic Module Validation Program (CMVP), from “Implementation Under Test” to “Module In Process” and are nearing full completion of validation. Track our progress online at NIST’s CMVP website and as of this post, we are “Module In Process, Coordination”. We are anticipating full validation of Docker Engine – Enterprise in the coming months.

Recently Docker Engine – Enterprise version 18.03 was released, our first to include the FIPS 140-2 compliant modules currently undergoing validation by the NIST CMVP. These modules cover the cryptography elements in Docker Engine – Enterprise and are used when Engines are deployed standalone or with Docker Swarm enabled.

Compliance from Docker Engine to Container Platform

Additionally we are working to bring the FIPS 140-2 compliant modules into the remainder of the Docker Enterprise container platform and make this available to our customers. This will include FIPS 140-2 compliance for the private registry and management control plane, in addition to the integrated Kubernetes orchestration system. Furthermore, these components will also undergo FIPS 140-2 validation via the NIST CMVP, and you can learn more in a few months.

In the interim, Docker Engine – Enterprise 18.03, which includes the FIPS 140-2 compliant modules, can be deployed into your own environments and provides a great foundation on which to begin your containerization journey – safely and securely.

Stay tuned for more updates!

More Resources


0 thoughts on "An Update on the Docker FIPS 140-2 Compliance Initiative"

DockerCon 2022

With over 50 sessions for developers by developers, watch the latest developer news, trends, and announcements from DockerCon 2022. From the keynote to product demos to technical breakout sessions, hacks, and tips & tricks, there’s something for everyone.

Watch Now