diff --git a/source/deployment-guide/server/containers/fips-stig.rst b/source/deployment-guide/server/containers/fips-stig.rst new file mode 100644 index 00000000000..cd4db4f1daa --- /dev/null +++ b/source/deployment-guide/server/containers/fips-stig.rst @@ -0,0 +1,28 @@ +.. meta:: + :name: robots + :content: noindex + +:orphan: +:nosearch: + +From Mattermost v11, each release provides two variants: a FIPS-compliant build and a non-FIPS build. This ensures that organizations with strict compliance requirements can adopt the FIPS version while others can continue with the standard release, both staying in sync with Mattermost’s overall product lifecycle. + +Mattermost FIPS-compliant Docker images are built using Chainguard’s FIPS-certified base containers. These images help organizations meet stringent security requirements by ensuring compliance with the Federal Information Processing Standards (FIPS). + +On top of this foundation, Mattermost product code itself is aligned with FIPS requirements, using only FIPS-approved cryptographic algorithms. This ensures that both the underlying container base and the application layer meet compliance expectations. + +In addition, the Chainguard base images are STIG-hardened and rigorously scanned against the DISA General Purpose Operating System SRG, providing a robust and secure operational posture. + +Mattermost FIPS Overview +------------------------- + +Mattermost’s FIPS-compliant images are built using two Chainguard base images: + +- `Build-Time Image `_: Ensures compiled Mattermost binaries invoke OpenSSL through CGO for FIPS-compliance during compilation. +- `Runtime Image `_: Enforces FIPS compliance in the runtime environment using strict OpenSSL configurations. + +All application-level code uses only FIPS-approved algorithms, ensuring that cryptographic requirements are consistently enforced across every layer of the system. + +.. note:: + + The Mattermost FIPS image includes only prepackaged Boards, Playbooks, and Agents. \ No newline at end of file diff --git a/source/deployment-guide/server/deploy-containers.rst b/source/deployment-guide/server/deploy-containers.rst index 4502c61824b..8756d255ac5 100644 --- a/source/deployment-guide/server/deploy-containers.rst +++ b/source/deployment-guide/server/deploy-containers.rst @@ -6,6 +6,12 @@ This deployment method shouldn't be used in production environments as it doesn' Choose your preferred container platform below for specific deployment instructions: +.. tab:: FIPS/STIG + :parse-titles: + + .. include:: containers/fips-stig.rst + :start-after: :nosearch: + .. tab:: Docker :parse-titles: