Ubuntu Pro has been designed to simplify your security compliance burden for frameworks such as NIST, FedRAMP, PCI-DSS, ISO27001 or CIS. Pro includes security vulnerability patching for up to 12 years, FIPS-validated cryptographic modules, and automated system hardening for CIS and DISA STIG, and can be deployed on-premise or in the public cloud.
Ubuntu Pro provides access to FIPS 140 certified cryptographic packages, allowing you to deploy workloads that need to operate under compliance regimes like FedRAMP, HIPAA, and PCI-DSS. Canonical works with NIST-approved testing labs to certify the core cryptographic modules within Ubuntu for FIPS 140 requirements, enabling applications to use these libraries in compliance with the FIPS standard.
Explore our certificationsThe default configuration of Ubuntu balances usability and security. However, systems carrying dedicated workloads can be further hardened to reduce their attack surface. Canonical provides the Ubuntu Security Guide to automatically harden systems to DISA STIG and CIS benchmarks profiles, and generate audit reports. Available with Ubuntu Pro on-premise or ready-built on public clouds.
See our compliance profilesEach Ubuntu LTS release enables state of the art protection against vulnerability exploitation and malware. Canonical has a public vulnerability disclosure policy and vulnerabilities are fixed with automated security updates and kernel livepatches and publicly disclosed with our security notices. We further provide machine readable OVAL CVE output to be used by OpenSCAP and other 3rd party vulnerability management tools. Critical CVEs are typically patched within 24 hours.
See our security featuresThe operating system is the cornerstone of a security compliance programme. Ubuntu Pro enables functionality such as FIPS-certified crypto libraries and system hardening with the Ubuntu Security Guide to help meet stringent government security standards. Watch this webinar to find out more.
Navigating the maze of complex compliance requirements facing the US Public Sector is a daunting prospect. Confusing abbreviations and terminology only make charting this course more difficult. If you’re looking to understand what FIPS, FedRAMP and DISA-STIG are all about, this whitepaper is for you.
Download the whitepaperThe ever-present threats of ransomware and data breaches make it imperative to lock down systems and prevent attackers from gaining a foothold. Using industry best-practice guidelines such as the CIS benchmarks, this whitepaper will walk you through the process of hardening Linux-based deployments.
Download the whitepaperThe default configuration of Ubuntu LTS releases balances between usability, performance and security. Mission-critical systems can be further hardened to reduce their attack surface. Reducing the attack surface is a widely accepted security best practice, and is often required by cybersecurity frameworks. Canonical works with industry leading organisations, such as CIS and DISA, to produce security hardening benchmarks for Ubuntu.
These security benchmarks contain hundreds of steps which can be prohibitively time-consuming to apply manually, so we provide the Ubuntu Security Guide (USG) - a tool based on OpenSCAP - to automate the process. USG can generate remediation scripts to harden a system in one procedure, as well as producing audit reports detailing the hardening rules that have been applied. USG profiles are available for CIS benchmarks and DISA STIGs.
Center for Internet Security (CIS) certified benchmarks for Ubuntu systems
Defence Information System Agency (DISA) Security Technical Implementation Guides (STIGs)
We strive to make Ubuntu the platform of choice in regulated and high security environments. Ubuntu Pro enables access to the certification artifacts as well as the necessary tooling for such environments. The following is a list of the certifications available with Ubuntu Pro. Click on each for more detailed information.
Hardening always involves a tradeoff with usability and performance. The default configuration of Ubuntu LTS releases, as provided by Canonical, balances between usability, performance and security. However, systems with a dedicated workload are well positioned to benefit from hardening. You can reduce your workload’s attack surface by applying an Industry accepted baseline. At Canonical we recommend applying the Center for Internet Security (CIS) benchmarks for hardening the configuration of Ubuntu.
PCI-DSS is a payment industry standard and any company that stores, processes or transmits payment card or cardholder information is required to comply with it. The standard is defined by the Payment Card Industry council and defines measures and processes to secure online financial transactions. The standard is about making business as usual processes like monitoring of security controls, timely response, review of environmental and organizational changes, as well as review of hardware and software being under support by its vendors. For companies with large volumes of transactions compliance with the standard is enforced by an audit of a Qualified Security Assessor (QSA).
Achieving and maintaining compliance is a complex and costly process that involves business processes in addition to software requirements. Ubuntu by Canonical contains software and security controls, such as disk encryption, password settings configuration, cryptographic compliance with FIPS140-2, CIS hardening as well as a comprehensive Enterprise software maintenance program, to achieve and maintain compliance with the standard.
Contact us
