Groowe Groowe BETA / Newsroom
⏱ News is delayed by 15 minutes. Sign in for real-time access. Sign in

Chainguard Introduces FIPS Module with Industry-Leading CVE Commitment

prnewswire.com
TM Trend Micro's Senior Architect comments on Chainguard's FIPS initiative, acknowledging its importance for the security community. The statement is positive but does not directly impact Trend Micro's stock sentiment based on this article. CAN Canva is listed as a customer of Chainguard. The article does not offer any performance data or future projections for Canva, resulting in a neutral sentiment. FTNT Fortinet is named as a Chainguard customer. The article does not contain information that would influence Fortinet's stock sentiment. HPE Hewlett Packard Enterprise is mentioned as a client of Chainguard. The article does not provide any specific news or analysis related to HPE's business or stock performance. OPEN OpenAI is listed as a customer of Chainguard. The article focuses on Chainguard's product and does not offer insights into OpenAI's current business standing or future prospects. SNAP Snap Inc. is cited as a customer of Chainguard. The article's content does not provide any information that would affect Snap's stock sentiment. SNOW Snowflake is mentioned as a client of Chainguard. The article does not contain any specific news or analysis that would impact Snowflake's stock sentiment.

Chainguard Introduces FIPS Module with Industry-Leading CVE Commitment Chainguard FIPS Provider for OpenSSL 3.4 combines validated cryptography, zero known CVEs, and continuous compliance

KIRKLAND, Wash., March 11, 2026 /PRNewswire/ -- Chainguard, the trusted source for open source, today announced the launch of the first FIPS container images built on OpenSSL 3.4. With Chainguard FIPS Provider for OpenSSL 3.4, the company owns and maintains the validated cryptographic module that underpins its FIPS images. Regulated organizations using Chainguard will have access to a simpler, more durable path to staying both compliant and securely patched, aligned with NIST guidance through 2030. This marks a structural shift in how validated cryptography is built, maintained, and kept current as vulnerabilities and compliance requirements evolve.

The challenge of aligning FIPS validation with vulnerability management

For organizations operating in regulated environments, FIPS validation is foundational. Federal agencies, financial institutions, healthcare providers, and enterprises pursuing compliance with frameworks such as FedRAMP and DoD IL rely on FIPS-validated cryptography to meet requirements. However, achieving validation is only the beginning. As new vulnerabilities are disclosed and standards evolve, organizations must balance staying secure while remaining within the bounds of validated cryptography. When the validated module is owned by a third party rather than the hardened container image provider, the image provider has limited visibility and control over the validated module, which can introduce delays, coordination challenges, and ambiguity during audits or updates. The Chainguard FIPS Provider for OpenSSL 3.4 changes that dynamic, reducing compliance friction and operational risk.

"FIPS validation shouldn't be a static certificate that drifts from operational reality," said Patrick Donahue, Senior Vice President of Product, Chainguard. "By maintaining our own validated cryptographic module, Chainguard can directly address in-boundary vulnerabilities, submit updates regardless of severity, and ensure that compliance and security move together. This is about providing Chainguard customers in regulated organizations both the confidence and control they need to be 2030-ready."

Bringing compliance and vulnerability management together

By owning and operating its own validated cryptographic module, Chainguard can directly address in-boundary vulnerabilities and take responsibility for maintaining validated status as updates are made. This means Chainguard can more easily help customers achieve compliance in addition to managing their vulnerabilities, reducing friction while strengthening security posture.

Chainguard FIPS Provider for OpenSSL 3.4 features include:

"Meeting compliance requirements while staying ahead of new vulnerabilities has always been a challenge for organizations in regulated industries," said Orbby Chang, Senior Architect, Trend Micro. "Efforts that bring validated cryptography and vulnerability management closer together are an important step forward for the broader security community. It's encouraging to see the ecosystem moving toward more proactive, collaborative approaches to compliance and security."

By building and validating its own FIPS provider, Chainguard ensures that compliance, cryptographic modernization, and vulnerability remediation evolve together. The result is a simpler, more durable path to compliance, giving organizations confidence that their validated cryptography will remain secure, up to date, and audit-ready over time.

All Chainguard FIPS container images will upgrade to the newly certified Chainguard FIPS Provider for OpenSSL 3.4.0 on March 17, 2026. To learn more about Chainguard's FIPS commitment, visit: https://www.chainguard.dev/legal/fips-commitment

About Chainguard

Chainguard is the trusted source for open source. By delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on, Chainguard helps organizations build faster, stay compliant, and eliminate risk. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, OpenAI, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: https://www.chainguard.dev/

SOURCE Chainguard