Security Compliance & Certifications for 22.04

Ubuntu goes through several rigorous security certifications and programs to meet common compliance requirements. All these security features are available with an Ubuntu Pro subscription.

FIPS 140-3

Federal Information Processing Standards Publications (FIPS) are issued by the National Institute of Standards and Technology (NIST). FIPS 140 specifies the security requirements for cryptographic modules. These requirements address the areas of secure design and implementation.

Ubuntu LTS releases have optional FIPS validated cryptographic packages, including the Linux kernel and OpenSSL, which are available with Ubuntu Pro. The full list of packages and certificates is available here.

Ubuntu 22.04 LTS is being certified against the new FIPS 140-3 standard. The cryptographic modules are reviewed by an independent testing lab before being officially certified by NIST. The list of modules in the testing phase is here, and the list of modules undergoing certification by NIST is here.


Ubuntu LTS releases have compliance benchmark documents developed by the Center for Internet Security (CIS). Ubuntu has developed the Ubuntu Security Guide to automate hardening Ubuntu LTS systems based off of the published CIS benchmarks. CIS benchmarks are available with the Ubuntu Security Guide for 22.04 LTS.

For more information see


Security Technical Implementation Guides (STIG) are developed by the Defense Information System Agency (DISA) for the U.S. Department of Defense (DoD). Ubuntu 22.04 is undergoing evaluation by DISA and when the STIG is produced it will be incorporated into the Ubuntu Security Guide.


Documentation versions
Path Version
2204 22.04
16-18 16.04 / 18.04
Level Path Navlink
0 security-certifications Security Certifications
1 fips [FIPS 140-3] (FIPS for Ubuntu 22.04)
1 usg Ubuntu Security Guide
2 usg/installation Installation
2 usg/cis CIS compliance
3 usg/cis/audit Audit
3 usg/cis/compliance Compliance
3 usg/cis/customization Customization
1 disa-stig DISA-STIG compliance
2 disa-stig/installation Installation
2 disa-stig/audit Audit
2 disa-stig/compliance Compliance


Mapping table
Path Location
/security/certifications/docs/cis-20-18-16 /security/certifications/docs/16-18/cis
/security/certifications/docs/cis-manual-requirements /security/certifications/docs/16-18/cis/customization
/security/certifications/docs/cis-ruleset-params /security/certifications/docs/16-18/cis/customization2
/security/certifications/docs/cis-juju /security/certifications/docs/16-18/cis/juju
/security/certifications/docs/cis-18-16 /security/certifications/docs/16-18/cis
/security/certifications/docs/cc-16 /security/certifications/docs/16-18/cc
/security/certifications/docs/cc /security/certifications/docs/16-18/cc
/security/certifications/docs/fips-updates /security/certifications/docs/fips
/security/certifications/docs/fips-16 /security/certifications/docs/16-18/fips
/security/certifications/docs/cis-audit /security/certifications/docs/usg/cis/audit
/security/certifications/docs/cis-compliance /security/certifications/docs/usg/cis/compliance
/security/certifications/docs/cis /security/certifications/docs/usg/cis

This is great to hear! Is there any way to get notifications for when 22.04 has the relevant FIPS compliance modules released? Or is there some beta channel I can use for dev/test environments?