On Mon, 19 Apr 2021 at 11:33, Steve Reed via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

Hi Rob,

So, are you saying that CENTOS is not FIPS compliant? Because there is a long list of web sites that state that CENTOS and RHEL are FIPS 140-2 compliant.

He is talking about certification and you are talking about compliance. They are very different things. Compliance is up to the auditor to say if it meets or does not meet 'compliance'. You can go from auditor A to auditor B and find your entire compliance removed. Certification is a step above that because it is meant to be a 'trump' in auditing [not always but close enough.]

Certification is usually very specific to a particular version of the OS which has gone through a long certification process. Certification is not transferable from RHEL to CentOS (depending on the certification it is not even transferable from version to version of RHEL. Each update has to go back to the certification authority to confirm it does not lose certification.

https://www.google.com/search?q=is+centos+7+fips+compliant&rlz=1C1DKCZ_enUS768US768&oq=Is+Centos+7+FIPS+com&aqs=chrome.0.0j69i57j0i390l2.6417j0j15&sourceid=chrome&ie=UTF-8&safe=active
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Stephen J Smoogen.