Elevating Security Standards: Qualys Cloud Agent Moves to FIPS-Compliant Build on RPM-Based Operating Systems
Last updated on: October 22, 2024
At Qualys, we are constantly working to enhance the protection of your digital assets. That’s why we are pleased to share an important update that underscores our commitment: Starting with Linux Qualys Cloud Agent 6.3 (May 2024), we’re announcing a significant evolution in our Qualys Cloud Agent on RPM-based Operating Systems.
Embracing FIPS Compliance for Enhanced Security
As part of our ongoing efforts to provide state-of-the-art security solutions, we are deprecating the use of SHA-1 and introducing a Federal Information Processing Standards (FIPS)-compliant build for our Qualys Cloud Agent on RPM-based Operating Systems. FIPS compliance is crucial for several reasons:
- Regulatory Requirements: Many industries, especially those dealing with sensitive information, have regulatory requirements that mandate adherence to FIPS standards. This compliance ensures that our solutions align with the regulatory frameworks governing your business.
- Global Recognition: FIPS is a globally recognized set of security standards issued by the National Institute of Standards and Technology (NIST). Achieving FIPS compliance reflects our commitment to meeting internationally accepted benchmarks for cryptographic security.
- Enhanced Data Integrity: FIPS compliance involves the use of robust cryptographic algorithms, such as SHA-256, which significantly enhances data integrity and reduces the risk of unauthorized access or tampering.
- Interoperability: FIPS-compliant solutions are designed with interoperability in mind. Our Qualys Cloud Agent ensures seamless integration with other security tools and systems within your IT infrastructure by adhering to these standards.
SHA-1 Deprecation
Some operating systems, such as Red Hat Enterprise Linux 9 (RHEL 9), have already deprecated SHA-1, the once widely used message digest, due to its documented vulnerabilities and successful collision attacks. In RHEL 9, the default signature creation using SHA-1 has been discontinued in core cryptographic components, and applications running SHA-1 will be flagged. For detailed insights, refer to Red Hat’s documentation.
Support for Legacy Operating Systems – Important Changes
For more information on changes to support for legacy operating systems, see our blog post, Qualys Cloud Agent: Support for Legacy Operating Systems – Important Changes.
Customers who wish to use a SHA 256 only Qualys Cloud Agent can request by reaching out to their TAM or contact support.