Each FIPS 140 certificate for a package can take several months to complete and is valid for 5 years. However, as vulnerabilities happen security-critical fixes may need to be included faster than a certification cycle. For that, we provide two ways to consume validated packages: a stream called fips
, where the exact packages validated by NIST are present; and another stream called fips-updates
where the validated packages are present, but are updated with security fixes. The fips-updates
stream also allows access to the packages during the validation phase, enabling early application development and testing. Both streams are revalidated periodically during Ubuntu standard support phase.
Switching from ‘fips’ to ‘fips-updates’
If you are on a system with the fips
stream enabled such as Ubuntu Pro FIPS, you can switch to the fips-updates
stream with the following command.
sudo pro enable fips-updates