FIPS Validation for AlmaLinux OS
The Federal Information Processing Standard 140-3 is the latest set of requirements from NIST in the US and the Canadian Centre for Cyber Security, for products that use cryptography in a system that processes “Sensitive But Unclassified” (SBU) information.
Basically to sell a security product to the US Federal government (and other regulated markets such as infrastructure, energy, telecoms, finance and healthcare) you have to prove that you’re only using approved algorithms for encryption, hashing, signing and so on. You may have heard that MD5 is deprecated and you shouldn’t use SSLv3, well FIPS goes into much more detail.
FIPS 140-3 is a prerequisite for other security regulations and acts of law such as CMMC, FedRAMP, HIPAA and FISMA; the certificates can also be used as evidence for complying with Common Criteria, SOX, ISO27001 and PCI-DSS data encryption requirements. It’s seen as the gold standard, so companies that aren’t even required to comply will seek to, so they know they have a well-tested baseline for cryptography.