TL;DR: Chainguard FIPS images will use the Chainguard FIPS provider for OpenSSL 3.1.2 (CMVP #5102) beginning January 7th, 2026.
| Announcement date | Planned Change date |
| Dec 8, 2025 | Jan 7, 2026 |
We are pleased to announce that Chainguard FIPS container images containing OpenSSL will upgrade to the recently certified Chainguard FIPS provider for OpenSSL 3.1.2 (CMVP #5102) beginning January 7th, 2026.
The latest information on all current and upcoming FIPS validated cryptography modules can always be found in Chainguard’s FIPS commitment page, and the full timeline for all FIPS module transitions can be found in this Knowledge Base article.
This communication includes the following topics:
What is changing?
Chainguard FIPS container images will transition from the OpenSSL 3.1 FIPS Provider Module (CMVP #4985) to the Chainguard FIPS provider for OpenSSL 3.1.2 (CMVP #5102) on January 7th, 2026.
Why is Chainguard making this change?
Chainguard is committed to ensuring that Chainguard FIPS container images remain aligned with industry standards and evolving regulatory requirements. We regularly seek CMVP certification & update our catalog to the most up to date version of FIPS validated cryptography modules tailored for compliance with Chainguard hardened containers.
What do I need to do?
Customers will see no technical impact from this upgrade. However, changing CMVP certificate numbers may require additional compliance reviews for some customers. Chainguard recommends consulting with your auditor and sponsor to understand if this upgrade will require any action on your part.
To receive notifications for this and future FIPS module transitions, we recommended clicking “follow” on the "CMVP Certification Upgrades with FIPS 140-3" knowledge base article containing the timeline for all FIPS module transitions.
Need help or have questions?
We're here to help - talk with your account team or visit our support portal at support.chainguard.dev.
- Chainguard Team
Comments
0 comments
Please sign in to leave a comment.