Getting started with Chainguard's FIPS images

Cut through the complexity of FIPS compliance and learn how Chainguard’s products make achieving it easier.

Cancel Apply

rate limit

Code not recognized.

About this course

This course introduces learners to the fundamentals of FIPS (Federal Information Processing Standards)—what it is, why it matters, and where it applies in regulated industries. From there, we’ll dive into how Chainguard products, including FIPS container images and emerging VM support, help organizations align with FIPS requirements. We’ll also address common misconceptions, your responsibilities as a customer, and practical steps for building FIPS-ready environments. By the end, you will not only understand the role of FIPS in compliance frameworks but also how to confidently leverage Chainguard solutions to meet FIPS goals.

At the end of the course, you will:

  • Understand how Chainguard’s kernel independent FIPS module works, at a high level.
  • Understand the “no config needed” nature of our FIPS images.
  • Understand how to ensure their application is FIPS compliant when running on our images.
  • Understand that tampering with the images may break compliance.
  • Know the basics of how non-compliant algorithms are handled (such as md5).

Curriculum

  • Introduction to FIPS and the course
  • What is FIPS?
  • Who requires FIPS (and why it matters)
  • FIPS 140-2 vs 140-3 and cryptographic modules
  • How it FIPS in
  • FIPS “compliant” v. FIPS “validated”
  • CMVP: The FIPS validation process
  • FIPS with Chainguard
  • 🛠️ Demo: Verifying FIPS in practice
  • 🛠️ Hands-on: FIPS Enforcement in Practice
  • Achieving FIPS in practice (and what can break it)
  • Testing and proving FIPS
  • Common misconceptions and practical guidance
  • Wrapping up: Putting FIPS into practice

About this course

This course introduces learners to the fundamentals of FIPS (Federal Information Processing Standards)—what it is, why it matters, and where it applies in regulated industries. From there, we’ll dive into how Chainguard products, including FIPS container images and emerging VM support, help organizations align with FIPS requirements. We’ll also address common misconceptions, your responsibilities as a customer, and practical steps for building FIPS-ready environments. By the end, you will not only understand the role of FIPS in compliance frameworks but also how to confidently leverage Chainguard solutions to meet FIPS goals.

At the end of the course, you will:

  • Understand how Chainguard’s kernel independent FIPS module works, at a high level.
  • Understand the “no config needed” nature of our FIPS images.
  • Understand how to ensure their application is FIPS compliant when running on our images.
  • Understand that tampering with the images may break compliance.
  • Know the basics of how non-compliant algorithms are handled (such as md5).

Curriculum

  • Introduction to FIPS and the course
  • What is FIPS?
  • Who requires FIPS (and why it matters)
  • FIPS 140-2 vs 140-3 and cryptographic modules
  • How it FIPS in
  • FIPS “compliant” v. FIPS “validated”
  • CMVP: The FIPS validation process
  • FIPS with Chainguard
  • 🛠️ Demo: Verifying FIPS in practice
  • 🛠️ Hands-on: FIPS Enforcement in Practice
  • Achieving FIPS in practice (and what can break it)
  • Testing and proving FIPS
  • Common misconceptions and practical guidance
  • Wrapping up: Putting FIPS into practice