At Qualys, we are constantly working to enhance the protection of your digital assets. That’s why we are pleased to share an important update that underscores our commitment: Starting with Linux Qualys Cloud Agent 6.3 (April 2024), we’re announcing a significant evolution in our Qualys Cloud Agent on RPM-based Operating Systems.
Embracing FIPS Compliance for Enhanced Security
As part of our ongoing efforts to provide state-of-the-art security solutions, we are deprecating the use of SHA-1 and introducing a Federal Information Processing Standards (FIPS)-compliant build for our Qualys Cloud Agent on RPM-based Operating Systems. FIPS compliance is crucial for several reasons:
- Regulatory Requirements: Many industries, especially those dealing with sensitive information, have regulatory requirements that mandate adherence to FIPS standards. This compliance ensures that our solutions align with the regulatory frameworks governing your business.
- Global Recognition: FIPS is a globally recognized set of security standards issued by the National Institute of Standards and Technology (NIST). Achieving FIPS compliance reflects our commitment to meeting internationally accepted benchmarks for cryptographic security.
- Enhanced Data Integrity: FIPS compliance involves the use of robust cryptographic algorithms, such as SHA-256, which significantly enhances data integrity and reduces the risk of unauthorized access or tampering.
- Interoperability: FIPS-compliant solutions are designed with interoperability in mind. Our Qualys Cloud Agent ensures seamless integration with other security tools and systems within your IT infrastructure by adhering to these standards.
Some operating systems, such as Red Hat Enterprise Linux 9 (RHEL 9), have already deprecated SHA-1, the once widely used message digest, due to its documented vulnerabilities and successful collision attacks. In RHEL 9, the default signature creation using SHA-1 has been discontinued in core cryptographic components, and applications running SHA-1 will be flagged. For detailed insights, refer to Red Hat’s documentation.
SHA-1-Only Supported Operating Systems – Important Changes
In light of this enhancement, it’s crucial to be aware that certain legacy operating systems cannot support a FIPS-Compliant Build due to their inability to accommodate SHA-256 and support for modern third-party packages used by Cloud Agent. The affected operating systems include:
- CentOS 5.x and prior
- Red Hat Enterprise Linux 5.x and prior
- SUSE Linux Enterprise Server (SLES) 11 and prior
- Oracle Enterprise Linux (OEL) 5.x and prior
Auto-Upgrade of Qualys Agent on SHA-1-Only Supported Operating Systems: What To Expect
Qualys has implemented a seamless transition process for those utilizing auto-upgrade of the Qualys Agent on the SHA-1-only supported operating systems mentioned above. Agents on these systems will automatically be excluded from auto-upgrading, ensuring interoperability and uninterrupted experience for your organization.
For those operating one of the SHA-1-only supported operating systems above who wish to continue to receive the latest Qualys Agent, we recommend upgrading to a FIPS-compliant operating system.
We appreciate your understanding and cooperation as we implement these crucial changes to fortify your security posture further. At Qualys, we remain dedicated to providing cutting-edge solutions that empower you to protect what matters most.
Customers who wish to update their Qualys Agents now can request a FIPS-Compliant Build by opening up a Qualys Support case and by following the article FIPS-Compliant Qualys Cloud Agent for Linux.