Minimus JFIPS images using the Java FIPS module require specialized hardware as listed in the certificate. The hardware is approved by the NIST CMVP program and must be configured with kernel-level FIPS mode enabled.
Does my image include the Java FIPS 140-3 module?
To check if your Minimus image includes the Java FIPS module, look for the package minimus-java-fips-libs in the SBOM. If it exists, the image requires specialized FIPS approved hardware and additional environment configurations to comply with FIPS 140-3 standards.
Do I need FIPS-certified hardware?
Minimus Java FIPS-validated container images do require FIPS certified hardware as specified in the certificate.
| Requirements | Minimus Java FIPS module |
|---|
| Hardware requirements | Certified host kernel configured in FIPS mode |
| Cloud environment requirements | Only certified FIPS-enabled environment |
| Entropy source | Kernel-dependent entropy |
Is my app FIPS 140-3 compliant?
For Java FIPS images, compliance requires a more active approach. As a user, you will need to ensure that your implementation does not invoke insecure, unapproved algorithms, APIs, and other aspects that might undermine FIPS compliance. See the Java FIPS Tutorial
As a user of the FIPS validated image, you are responsible to ensure the FIPS-validated cryptographic module is used with the correct configuration that meets CVMP requirements and tested by an independent laboratory. Since all cryptographic operations occur within a FIPS 140-validated cryptographic module in the image and have no direct cryptographic dependency on the host OS, hypervisor, or hardware, this has been tested and validated by the cryptographic module developer under various operational environments captured in the associated CMVP certificate or asserted by the cryptographic module developer for the module bundled and configured properly in the image.
Requesting FIPS 140-3 assistance
Particularly with Java FIPS images, compliance depends on the underlying OS, hypervisor, and hardware to also be correctly configured in FIPS mode. There is a risk that some lower layer in the stack or a malicious admin could alter the settings such that the image or application would not run in FIPS mode.
Please get in touch with us directly if you would like to request guidance with FIPS related issues. Contact us directly Last modified on April 16, 2026
