Elevating Security Standards: Qualys Cloud Agent Moves to FIPS-Compliant Build on RPM-Based Operating Systems

At Qualys, we are constantly working to enhance the protection of your digital assets. That’s why we are pleased to share an important update that underscores our commitment: Starting with Linux Qualys Cloud Agent 6.3 (May 2024), we’re announcing a significant evolution in our Qualys Cloud Agent on RPM-based Operating Systems.

Embracing FIPS Compliance for Enhanced Security

As part of our ongoing efforts to provide state-of-the-art security solutions, we are deprecating the use of SHA-1 and introducing a Federal Information Processing Standards (FIPS)-compliant build for our Qualys Cloud Agent on RPM-based Operating Systems. FIPS compliance is crucial for several reasons:

1. Regulatory Requirements: Many industries, especially those dealing with sensitive information, have regulatory requirements that mandate adherence to FIPS standards. This compliance ensures that our solutions align with the regulatory frameworks governing your business.
2. Global Recognition: FIPS is a globally recognized set of security standards issued by the National Institute of Standards and Technology (NIST). Achieving FIPS compliance reflects our commitment to meeting internationally accepted benchmarks for cryptographic security.
3. Enhanced Data Integrity: FIPS compliance involves the use of robust cryptographic algorithms, such as SHA-256, which significantly enhances data integrity and reduces the risk of unauthorized access or tampering.
4. Interoperability: FIPS-compliant solutions are designed with interoperability in mind. Our Qualys Cloud Agent ensures seamless integration with other security tools and systems within your IT infrastructure by adhering to these standards.

SHA-1 Deprecation

Some operating systems, such as Red Hat Enterprise Linux 9 (RHEL 9), have already deprecated SHA-1, the once widely used message digest, due to its documented vulnerabilities and successful collision attacks. In RHEL 9, the default signature creation using SHA-1 has been discontinued in core cryptographic components, and applications running SHA-1 will be flagged. For detailed insights, refer to Red Hat’s documentation.

Support for Legacy Operating Systems – Important Changes

For more information on changes to support for legacy operating systems, see our blog post, Qualys Cloud Agent: Support for Legacy Operating Systems – Important Changes.

Customers who wish to update their Qualys Agents now can request a FIPS-Compliant Build by opening up a Qualys Support case and by following the article FIPS-Compliant Qualys Cloud Agent for Linux.