Security patching

Each FIPS 140 certificate for a package can take several months to complete and is valid for 5 years. However, as vulnerabilities happen security-critical fixes may need to be included faster than a certification cycle. For that, we provide two ways to consume validated packages: a stream called fips, where the exact packages validated by NIST are present; and another stream called fips-updates where the validated packages are present, but are updated with security fixes. The fips-updates stream also allows access to the packages during the validation phase, enabling early application development and testing. Both streams are revalidated periodically during Ubuntu standard support phase.

Switching from ‘fips’ to ‘fips-updates’

If you are on a system with the fips stream enabled such as Ubuntu Pro FIPS, you can switch to the fips-updates stream with the following command.

sudo pro enable fips-updates