Amazon Linux 2023 achieves FIPS 140-3 validation

Amazon Linux 2023 (AL2023) has earned FIPS 140-3 Level 1 validation for several of its cryptographic modules. This means it’s now approved for use in systems that need to meet U.S. and Canadian government standards for encryption.

FIPS (Federal Information Processing Standard) 140-3 replaces the older 140-2 version. It sets rules for how cryptographic software and hardware should handle things like encryption, key management, and random number generation.

In AL2023, modules such as OpenSSL, the Linux Kernel Crypto API, GnuTLS, NSS, and Libgcrypt are part of the validation process. The Kernel Crypto API is already fully validated, while the others are still under review but listed as “in process.”

To turn on FIPS mode in AL2023 install the crypto-policies package and then run:

sudo fips-mode-setup --enable
sudo reboot
sudo fips-mode-setup --check

Make sure you’re not using ED25519 SSH keys, as they aren’t supported in FIPS mode.