The Oracle FIPS Certifications website provides the following information for each module:

• Name and description of the module.

• Status of the FIPS 140-3 validation process.

  Important:

  To achieve compliance with FIPS Publication 140-3, you must use the package version that the Security Policy document specifies for each respective module only.

• Package version for the module.

• Certificate number for the module.

After NIST completes its review for each cryptographic module, the status moves from "Review Pending" or "In Progress" to "Validated." You can then click the certificate number for each cryptographic module to review its associated FIPS certificate, and each FIPS certificate links to the relevant Security Policy document for that module. See the "Life-Cycle Assurance" section of those Security Policy documents for details about each module, and instructions with which the Cryptographic officer can verify their installation and configuration.

After you enable FIPS mode on Oracle Linux 9, you can then install FIPS validated cryptographic modules, as required. For information about the software channels that provide packages containing FIPS validated cryptographic modules, see Yum Repositories and ULN Channels for FIPS Validated Cryptographic Modules.

The following information applies to systems that are running a fully patched Oracle Linux 9 release that can install and enable FIPS cryptographic modules.

To install FIPS validated cryptographic modules, see the "Life-Cycle Assurance" section of the Security Policy document for the FIPS module that you plan to install.

The Security Policy document explains how to verify that the package is FIPS 140-3 validated, and how to configure the module for FIPS mode. See the Oracle FIPS Certifications website for the certificate number, which includes a link to the NIST FIPS 140-3 validation page. This page provides details about FIPS certification and the Security Policy document. The package versions that are listed reflect information that's found in the logical cryptographic boundary for the specific module.

The following are the dedicated Unbreakable Linux Network (ULN) channels and yum repository containing FIPS validated cryptographic modules for Oracle Linux 9:

x86_64 Platform:

• ol9_x86_64_u3_security_validation ULN channel

• ol9_u3_security_validation yum repository

aarch64 Platform:

• ol9_aarch64_u3_security_validation ULN channel

• ol9_u3_security_validation yum repository

Note that the ol9_u3_security_validation yum repository is a common repository name for the x86_64 and aarch64 platforms. This repository contains FIPS validated packages for both platforms and security updates for those packages.

The epoch for package updates with the _fips suffix is set to 10, so they supersede any versions of the same package that don't use the _fips suffix and don't contain FIPS 140-3 compliance patches.

Security updates for the Oracle Linux 9 Kernel Crypto API Cryptographic Module (RHCK) are available in the "RHCK with Oracle fixes" yum repository with identifier ol9_MODRHCK and the corresponding ULN channel.

Security updates for the UEK7 cryptographic module are available in the corresponding yum repository and ULN channel. For more information, see the Unbreakable Enterprise Kernel documentation.

For more information about how to manage yum repositories and ULN channels, see Oracle Linux: Managing Software on Oracle Linux.

For specific instructions on installing FIPS validated cryptographic modules, see Installing FIPS Validated Cryptographic Modules for Oracle Linux 9.