Ubuntu Pro FIPS for AWS compliance
For AWS compliance in production environments.
Ubuntu Pro FIPS is a FIPS 140-3 out of the box certified image for AWS. Built upon the enhanced stability and security features of Ubuntu Pro, Ubuntu Pro FIPS is a critical foundation for federal programs and government contractors.
What's in Ubuntu Pro FIPS?
FIPS-compliant by default
FIPS 140-3 modules pre-enabled out of the box with Ubuntu Pro FIPS. No extra configuration steps required.
FedRAMP compliance
Operate environments under the FedRAMP compliance regime, with FIPS 140-3 certified modules.
CIS and DISA STIG
Automated auditing and remediation for the DISA STIG and CIS security benchmarks through the Ubuntu Security Guide.
HIPAA, PCI, ISO compliance
Healthcare, financial services, insurance and other organizations that operate in heavily-regulated industries ensure compliance with HIPAA, PCI and ISO.
Predictable and Secure
Ubuntu Pro FIPS is based on Ubuntu Pro premium images, with AWS optimizations built in and the most comprehensive open source security coverage in the industry.
Common Criteria EAL2 certification
Ubuntu Pro FIPS has been evaluated to assurance level EAL2, with Common Criteria certification.
Open source security
Ubuntu Pro adds security coverage for the most important open source applications like Apache Kafka, NGINX, MongoDB, Redis, and PostgreSQL.
Up to 15-year lifetime
Canonical backs Ubuntu Pro FIPS for up to 15 years, ensuring security updates are available throughout, with a guaranteed upgrade path.
Priced for the cloud
Ubuntu Pro FIPS pricing tracks the underlying compute cost, starting at under $0.01 for the smallest instance type, and ramping down to less than 1% of hourly compute.
Launch Ubuntu Pro FIPS for AWS
Ubuntu Pro FIPS 22.04 LTS
Ubuntu Pro FIPS 22.04 LTS includes an AWS-optimized FIPS-certified 5.15 kernel and other FIPS-certified modules pre-enabled out of the box. Ubuntu Pro FIPS provides extended security maintenance through April 2032.
Ubuntu Pro FIPS 20.04 LTS
Ubuntu Pro FIPS 20.04 LTS includes an AWS-optimized FIPS-certified 5.4 kernel and other FIPS-certified modules pre-enabled out of the box. Ubuntu Pro FIPS provides expanded security maintenance through April 2030.
Launch 20.04 LTS
Ubuntu Pro FIPS 18.04 LTS
Ubuntu Pro FIPS 18.04 LTS includes an AWS-optimized FIPS-certified 4.15 kernel and other FIPS-certified modules pre-enabled out of the box. Ubuntu Pro FIPS provides expanded security maintenance through April 2028.
Launch 18.04 LTS
Ubuntu Pro FIPS 16.04 LTS
Ubuntu Pro FIPS 16.04 LTS includes FIPS-certified 4.4 kernel and other FIPS-certified modules pre-enabled out of the box. Ubuntu Pro FIPS provides expanded security maintenance through April 2026.
Launch 16.04 LTS
AWS compliance made easy
Ubuntu Pro FIPS: AWS compliance made easy
With AWS, US government agencies and their partners have been able to combine unparalleled flexibility, breakthrough innovation, world-class security, and AWS compliance. However when it comes to running a secure and compliant enterprise Linux on AWS, IT departments are often left with expensive options that sacrifice innovation for compliance. Watch this on-demand webinar to see how AWS and Canonical, the publisher of Ubuntu, have collaborated to create a new way for government agencies to consume Linux on AWS.
Watch the webinar
FIPS-certified Ubuntu components for AWS
| Ubuntu LTS | FIPS certified component | Description | Version | CMVP Certificate |
|---|---|---|---|---|
| 22.04 | AWS Kernel | Kernel optimized for use in AWS clouds | 5.15 | 4894* |
| 22.04 | openssl | General purpose cryptographic library that includes TLS implementation | 3.0.2 | 4794 |
| 22.04 | strongswan | IPSec-based VPN solution library | 5.9.5 | 4911 |
| 22.04 | libgnutls30 | A portable library which implements the TLS and DTLS protocols | 3.7.3 | 4855 |
| 22.04 | libgcrypt20 |
The GNUPG cryptographic general purpose library
(provides fully certified full disk encryption) |
1.9.4 | 4793 |
| 22.04 | libkcapi1 | Linux Kernel Crypto API User Space Interface Library | 1.4.0 | 4894 |
| Ubuntu LTS | FIPS certified component | Description | Version | CMVP Certificate |
|---|---|---|---|---|
| 20.04 | AWS Kernel | Kernel optimized for use in AWS clouds | 5.4 | 4126 |
| 20.04 | OpenSSL | General purpose cryptographic library that includes TLS implementation | 3966 | |
| 20.04 | StrongSWAN | IPSec-based VPN solution library | 4046 | |
| 20.04 | Libgcrypt |
The GNUPG cryptographic general purpose library
(provides fully certified full disk encryption) |
3902 |
| Ubuntu LTS | FIPS certified component | Description | Version | CMVP Certificate |
|---|---|---|---|---|
| 18.04 | AWS Kernel | Kernel optimized for use in AWS clouds | 4.15 | 3664 |
| 18.04 | OpenSSL | General purpose cryptographic library that includes TLS implementation | 1.1.1 | 3622 |
| 18.04 | OpenSSH client | SSH server application for operating systems | 7.9p1 | 3633 |
| 18.04 | OpenSSH server | SSH client application for operating systems | 7.9p1 | 3632 |
| 18.04 | StrongSWAN | IPSec-based VPN solution library | 5.6.2 | 3648 |
| 18.04 | Libgcrypt |
The GNUPG cryptographic general purpose library
(provides fully certified full disk encryption) |
1.8.1 | 3748 |
| Ubuntu LTS | FIPS certified component | Description | Version | CMVP Certificate |
|---|---|---|---|---|
| 16.04 | Linux Kernel(generic) | The Linux kernel cryptographic library | 4.4.0.1002 | 2962 |
| 16.04 | OpenSSL | General purpose cryptographic library that includes TLS implementation | 1.0.2g | 2888 |
| 16.04 | OpenSSH client | SSH server application for operating systems | 7.2p2 | 2907 |
| 16.04 | OpenSSH server | SSH client application for operating systems | 7.2p2 | 2906 |
| 16.04 | StrongSWAN | IPSec based VPN solution library | 5.3.5 | 2978 |
Pricing
| Example instance size | EC2 hourly* | Ubuntu Pro hourly |
|---|---|---|
| t3.nano | $0.005 | $0.004 |
| t3.medium | $0.042 | $0.004 |
| c5.large | $0.085 | $0.004 |
| r5.xlarge | $0.252 | $0.007 |
| i3.2xlarge | $0.624 | $0.014 |
| r5d.4xlarge | $1.152 | $0.028 |
*The above pricing is based on the US East (Northern Virginia) region. For complete pricing, see the Ubuntu Pro FIPS 22.04 LTS listings on the AWS Marketplace (AMD64 | Graviton)
AWS compliance and the most comprehensive open-source security coverage with Ubuntu Pro FIPS
Ubuntu Pro FIPS images are based on Ubuntu Pro premium images, with security coverage included for the entire collection of software packages shipped with Ubuntu, tracking high and critical CVEs. This makes it ideal for companies that have embraced open source for their new products and need to ensure long-term stability, reliability, and security for production and mission-critical workloads.
- Get up to 15 years of security updates
- Access tools, automations, and profiles for security hardening
- Maximize uptime with automated, rebootless kernel patches