Steve Reed via FreeIPA-users wrote:
I'm using CENTOS 7. I post to this Fedora site for FreeIPA
because I was told this is the place for these types of questions. I apologize if this is
the wrong place.
What he was saying is that FIPS certifications are not transitive, they
are for a particular binary build. Depending on your auditor this may or
may not be acceptable. Certification is a rather expensive and
time-consuming initiative so while a given crypto package may be
certified there is no guarantee that some FIPS breakage occurs elsewhere
(I have no evidence that this has happened but it's possible).
No certification happens against Fedora or CentOS at all so while you
can be in FIPS mode it hasn't been checked for compliance. So the
question is: what value does enabling FIPS bring you?
rob