I've recently taken over a server that processes health and medical data, and I'm looking to upgrade it as it's running Debian 11, which is approaching its end of life. A coworker mentioned that I need FIPS 140-3 certification for this type of data. Debian doesn't currently support FIPS 140-3, so I'm considering switching to either AlmaLinux 9.2 with TuxCare's FIPS 140-3 or Ubuntu LTS 22.04 with PRO included and FIPS 140-3 support. Since I'm based in Italy, I'm wondering whether I should prefer Canonical for its EU orientation or go with AlmaLinux, which is US-based. Is there a significant difference depending on whether the distribution is from the US or EU? Also, since I have a backup server for this sensitive data, does it also require FIPS 140-3 certification? I appreciate any insights you can share!
4 Answers
FIPS is very much a US-focused standard. It's worth investigating whether there's an equivalent certification within the EU. Honestly, I find dealing with FIPS can be complex, and I've noted some issues with Ubuntu Pro FIPS that weren't present in the regular version.
I'd recommend reaching out to your backup vendor. The last backup system I worked with had some oddities relating to FIPS 140-3, especially in terms of encryption methods. Essentially, the FIPS certification for the operating system mainly applies to the client running the backup, while the server's FIPS compliance largely depends on the backup software vendor itself.
It's crucial to check with your local regulatory bodies about compliance requirements. You definitely need to adhere to GDPR. As for FIPS, it's more of an American standard, though it is recognized internationally. From my research, it doesn't seem mandatory in Italy or the EU, but I recommend confirming this with legal counsel or local authorities to be sure you're fully compliant.
Make sure to look into local regulations. If you opt for FIPS certification, I have mostly worked with EL-based systems. I haven't encountered a Debian or Ubuntu system with FIPS enabled yet. Just a heads up, FIPS mode can bring unexpected challenges that aren't always straightforward to resolve.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Fix Not Being Able To Add New Categories With Intuitive Category Checklist For Wordpress
Get Real User IP Without Installing Cloudflare Apache Module
How to Get Total Line Count In Visual Studio 2013 Without Addons
Install and Configure PhpMyAdmin on Centos 7
How To Setup PostfixAdmin With Dovecot and Postfix Virtual Mailbox