Your submission was sent successfully! Close

Security Certifications & Hardening

Run regulated and high security workloads on Ubuntu

Whatever cybersecurity framework you have chosen, including ISO 27000, NIST, PCI or CIS Controls, Ubuntu Pro and Ubuntu Advantage enable your compliance and reduce your operational risk. Access automation for hardening and compliance profiles, such as CIS and DISA-STIG as well as the FIPS 140-2 and Common Criteria certifications.

Contact us

Comply with established security baselines

The default configuration of Ubuntu balances usability and security. However, systems carrying dedicated workloads can be further hardened to reduce their attack surface. Canonical works with DISA to ensure STIG guides are available for Ubuntu, and we provide OpenSCAP tooling and automation for the Industry accepted CIS benchmark. Available with Ubuntu Advantage and Ubuntu Pro.

See our compliance profiles

Know your defenses

Each Ubuntu release enables state of the art protection against vulnerability exploitation and malware and we publicly detail our choices. Canonical has a public vulnerability disclosure policy and vulnerabilities are not only fixed with automated security updates and livepatches but also publicly disclosed with our security notices. We further provide machine readable OVAL CVE output to be used by OpenSCAP and other 3rd party vulnerability management tools.

See our security features

Access certifications for high security environments

Access to certification artifacts as well as the necessary tooling for regulated and high security environments. Ubuntu Advantage and Ubuntu Pro provide access to FIPS 140-2 certified cryptographic packages, allowing you to deploy workloads that need to operate under compliance regimes like FedRAMP, HIPAA, and PCI-DSS. Additionally, Ubuntu versions have been certified under Common Criteria, providing 3rd party attestation of the security mechanisms in the operating system.

See our certifications

FIPS certification and CIS compliance with Ubuntu

Learn about Ubuntu CIS and FIPS certified components to enable operating under compliance regimes like FedRAMP, HIPAA, PCI and ISO. Get all of your compliance questions answered in our upcoming webinar to ensure you and your team are, and remain, compliant.

Contact us

Ubuntu compliance & hardening profiles

The default configuration of Ubuntu LTS releases, balances between usability, performance and security. However, non general purpose systems can be further hardened to reduce their attack surface. Reducing the attack surface is often part of the compliance with the organization’s cybersecurity framework, but is also a widely accepted security best practice. We recommend using the industry accepted benchmarks below. Click on each benchmark for more detailed information.

Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS
Center for Internet Security (CIS) certified benchmarks for Ubuntu systems
Defence Information System Agency (DISA) Security Technical Implementation Guides (STIGs)
  • Yes Certified tooling & automation
  • Yes: STIG content STIG guide
Contact us

Ubuntu security certifications

We strive to make Ubuntu the platform of choice in regulated and high security environments. Ubuntu Advantage enables access to the certification artifacts as well as the necessary tooling for such environments. The following is a list of the certifications available with Ubuntu Advantage and Ubuntu Pro on public clouds. Click on each for more detailed information.

Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS
FIPS 140-2 Level 1 certification: A US and Canada government cryptographic module certification of compliance with the FIPS140-2 data protection standard. US agencies, their service providers or other institutions that comply with similar requirements (e.g., HIPAA, PCI-DSS) are required to comply with FIPS 140-2.
Yes: Tooling and automation
Yes: Tooling and automation
Yes: Tooling and automation
Common Criteria, EAL2, an internationally accepted security certification: A 3rd party attestation of the security mechanisms in the operating system. Ubuntu has a Common Criteria EAL2 certification recognized by CCRA and EU SOGIS members. Yes Yes
  • Yes Tooling & automation
Contact us

Frequently asked questions about security certifications

How do I harden my Ubuntu system?

Hardening always involves a tradeoff with usability and performance. The default configuration of Ubuntu LTS releases, as provided by Canonical, balances between usability, performance and security. However, systems with a dedicated workload are well positioned to benefit from hardening. You can reduce your workload’s attack surface by applying an Industry accepted baseline. At Canonical we recommend applying the Center for Internet Security (CIS) benchmarks for hardening the configuration of Ubuntu.

How do I comply with PCI-DSS?

PCI-DSS is a payment industry standard and any company that stores, processes or transmits payment card or cardholder information is required to comply with it. The standard is defined by the Payment Card Industry council and defines measures and processes to secure online financial transactions. The standard is about making business as usual processes like monitoring of security controls, timely response, review of environmental and organizational changes, as well as review of hardware and software being under support by its vendors. For companies with large volumes of transactions compliance with the standard is enforced by an audit of a Qualified Security Assessor (QSA).

Achieving and maintaining compliance is a complex and costly process that involves business processes in addition to software requirements. Ubuntu by Canonical contains software and security controls, such as disk encryption, password settings configuration, cryptographic compliance with FIPS140-2, CIS hardening as well as a comprehensive Enterprise software maintenance program, to achieve and maintain compliance with the standard.

Contact us