FIPS
FIPS 140 ãšã¯ïŒ
FIPS 140 ã¯ãæ©å¯æ å ±ãä¿è·ããæå·ã¢ãžã¥ãŒã«ã®ã»ãã¥ãªãã£èŠä»¶ãå®çŸ©ããç±³åœæ¿åºã®æšæºèŠæ Œã§ãã
ãã®èŠæ Œã¯ãæ¿åºæ©é¢ãå»çãéèãµãŒãã¹ãªã©ã®èŠå¶å¯Ÿè±¡ç°å¢ã§åºãå©çšãããŠããŸãã
FIPS èªèšŒã¯ãNISTïŒç±³åœåœç«æšæºæè¡ç 究æïŒã«ããæå·ã¢ãžã¥ãŒã«èªèšŒããã°ã©ã ïŒCMVPïŒÂ ã«ãã£ãŠç®¡çãããŠãããæå·ã¢ãžã¥ãŒã«ãå³æ Œãªã»ãã¥ãªãã£åºæºãæºãããŠããããšãä¿èšŒããŸãã
ãªã FIPS æºæ ãéèŠãªã®ã
FIPS 140 æºæ ã¯ãæ¿åºãå»çãéèãé²è¡ãªã©ãæ©å¯ããŒã¿ã®ä¿è·ãæ±ããããå€ãã®èŠå¶å¯Ÿè±¡ç°å¢ã«ãããŠãå¿ é ãŸãã¯åŒ·ãæšå¥šãããŠããŸãã
ãã®èŠæ Œã¯ãæå·åŠçãä¿¡é Œã§ããã¢ã«ãŽãªãºã ã䜿çšããå®å šãªã¢ãžã¥ãŒã«å ã§å®è¡ãããããšãä¿èšŒããŸãã
æ€èšŒæžã¿æå·ã¢ãžã¥ãŒã«ã«äŸåãããœãããŠã§ã¢ã³ã³ããŒãã³ãã䜿çšããããšã§ãçµç¹ã¯æ¬¡ã®ãããªã¡ãªãããåŸãããŸãïŒ
-
FedRAMP ã®ããã«ãFIPS 140 æ€èšŒæžã¿æå·ã®äœ¿çšãå¿ é ãŸãã¯åŒ·ãæšå¥šããé£éŠã»æ¥çèŠå¶ã®èŠä»¶ãæºããã
-
ç£æ»å¯Ÿå¿æ§ã®åäž: å®å šã§æšæºã«åºã¥ãæå·åŠçãè¡ã£ãŠããããšããæ€èšŒå¯èœãªèšŒæ ãšããŠæ瀺å¯èœ
-
ã»ãã¥ãªãã£ãªã¹ã¯ã®äœæž: MD5 ãªã©ã®æ¿èªãããŠããªãããŸãã¯å®å šã§ãªãã¢ã«ãŽãªãºã ããããã¯ããç°å¢éã§ã®åäœãäžè²«ããããã
Docker Hardened Images ã«ãã FIPS æºæ ã®ãµããŒã
Docker Hardened ImagesïŒDHIïŒã«ã¯ãFIPS 140 æ€èšŒæžã¿æå·ã¢ãžã¥ãŒã«ã䜿çšããããªã¢ã³ããå«ãŸããŠããŸãã
ãããã®ã€ã¡ãŒãžã¯ãèŠæ Œãæºããã³ã³ããŒãã³ããçµã¿èŸŒãããšã§ãçµç¹ãã³ã³ãã©ã€ã¢ã³ã¹èŠä»¶ãæºããããšãæ¯æŽããããšãç®çãšããŠããŸãã
-
FIPS ã€ã¡ãŒãžããªã¢ã³ãã¯ããã§ã« FIPS 140 ã®æ€èšŒãåããæå·ã¢ãžã¥ãŒã«ã䜿çšããŸãã
-
ãããã®ããªã¢ã³ãã¯ãèŠå¶ãã³ã³ãã©ã€ã¢ã³ã¹èŠä»¶ã®ããç°å¢ããµããŒãããããã« Docker ã«ãã£ãŠæ§ç¯ã»ä¿å®ãããŠããŸãã
-
Docker ã¯ãFIPS æ€èšŒæžã¿æå·ã¢ãžã¥ãŒã«ã®äœ¿çšãèšé²ãã眲åä»ããã¹ãã¢ãã¹ããŒã·ã§ã³ãæäŸããŸãããããã¯å éšç£æ»ãã³ã³ãã©ã€ã¢ã³ã¹å ±åã«å©çšã§ããŸãã
FIPS ã€ã¡ãŒãžããªã¢ã³ãã®äœ¿çšã¯ãã³ã³ãã©ã€ã¢ã³ã¹èŠä»¶ãæºããäžå©ã«ã¯ãªããŸãããããã ãã§ã¢ããªã±ãŒã·ã§ã³ãã·ã¹ãã å šäœãå®å šã«æºæ ããããã§ã¯ãããŸããã æºæ ãã©ããã¯ãã€ã¡ãŒãžãã·ã¹ãã å šäœã§ã©ã®ããã«çµ±åã»éçšããããã«äŸåããŸãã
FIPS ã«å¯Ÿå¿ããŠããã€ã¡ãŒãžãç¹å®ãã
FIPS ã«å¯Ÿå¿ããŠãã Docker Hardened Images ã¯ãDocker Hardened Images ã«ã¿ãã°å 㧠FIPS æºæ ãšããŠè¡šç€ºãããŸãã
FIPS ã€ã¡ãŒãžããªã¢ã³ããå«ã DHI ãªããžããªãæ¢ãã«ã¯ãã€ã¡ãŒãžãæ¢çŽ¢ãã ã«é²ã¿ã以äžãå®è¡ããŸã:
-
ã«ã¿ãã°ããŒãžã§ FIPS ãã£ã«ã¿ãŒã䜿çšãã
-
åã€ã¡ãŒãžã®ãªã¹ã㧠FIPS compliant 衚瀺ãæ¢ã
ãããã®è¡šç€ºã«ãããFIPS æºæ ãå¿ èŠãªã³ã³ãã©ã€ã¢ã³ã¹å¯Ÿå¿ããµããŒããããªããžããªãçŽ æ©ãç¹å®ã§ããŸãã
FIPS 察å¿ã®ã€ã¡ãŒãžããªã¢ã³ãã¯ã3.13-fips ã®ããã«ã¿ã°ã®æ«å°Ÿã -fips ã«ãªã£ãŠããŸãã
FIPS ã¢ãã¹ããŒã·ã§ã³ã衚瀺ãã
Docker Hardened Images ã® FIPS ããªã¢ã³ãã«ã¯ããã®ã€ã¡ãŒãžã«å«ãŸããå®éã®æå·ã¢ãžã¥ãŒã«ãäžèŠ§åãã FIPS ã¢ãã¹ããŒã·ã§ã³ ãå«ãŸããŠããŸãã
Docker Scout CLI ã䜿çšããŠããã® FIPS ã¢ãã¹ããŒã·ã§ã³ãååŸã»ç¢ºèªã§ããŸã:
$ docker scout attest get \
--predicate-type https://docker.com/dhi/fips/v0.1 \
--predicate \
<your-namespace>/dhi-<image>:<tag>äŸ:
$ docker scout attest get \
--predicate-type https://docker.com/dhi/fips/v0.1 \
--predicate \
docs/dhi-python:3.13-fipsã¢ãã¹ããŒã·ã§ã³ã®åºå㯠JSON é åã§ãã€ã¡ãŒãžã«å«ãŸããæå·ã¢ãžã¥ãŒã«ãšãã®ã³ã³ãã©ã€ã¢ã³ã¹ç¶æ³ãèšèŒããŠããŸããäŸ:
[
{
"certification": "CMVP #4985",
"certificationUrl": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4985",
"name": "OpenSSL FIPS Provider",
"package": "pkg:dhi/openssl-provider-fips@3.1.2",
"standard": "FIPS 140-3",
"status": "active",
"sunsetDate": "2030-03-10",
"version": "3.1.2"
}
]