Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated markets | CyberScoop<\/title> <meta name=\"description\" content=\"Open-source software security firm Chainguard announced Wednesday that it is now building FIPS-validated images for Apache Cassandra.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/chainguard-fips-apache-cassandra-secure-by-design-open-source\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Chainguard's FIPS-compliant Cassandra addresses security demand of federal and regulated markets\"> <meta property=\"og:description\" content=\"Open-source software security firm Chainguard announced Wednesday that it is now building FIPS-validated images for Apache Cassandra.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/chainguard-fips-apache-cassandra-secure-by-design-open-source\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-03-05T17:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg\"> <meta property=\"og:image:width\" content=\"8000\"> <meta property=\"og:image:height\" content=\"4500\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1741103813g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83730\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83730\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchainguard-fips-apache-cassandra-secure-by-design-open-source%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchainguard-fips-apache-cassandra-secure-by-design-open-source%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83730 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/chainguard-fips-apache-cassandra-secure-by-design-open-source\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.58188976378\">\n<div class=\"single-article__header-content\" readability=\"34.086956521739\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/chainguard-fips-apache-cassandra-secure-by-design-open-source\/\"> <span>Uncategorized<\/span> <\/a> <\/li>\n<\/ul>\n<p> The new offering paves the way for orgs to use the widely popular open-source software with their highly sensitive data. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83730\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg 8000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-2.jpg?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> Previously deemed unfeasible due to incompatibilities between Cassandra\u2019s upstream code and FIPS-approved libraries, the development responds to persistent customer demand for compliance-ready solutions. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"30.581324466611\"><body readability=\"62.117024793388\"><\/p>\n<p>Open-source software security firm Chainguard announced Wednesday that it is now building FIPS-validated images for Apache Cassandra, achieving what it describes as a first-of-its-kind accomplishment in the open-source community. <\/p>\n<p>The project enables organizations in regulated industries \u2014 including government, health care, and finance \u2014 to deploy Cassandra with cryptographic libraries compliant with the National Institute of Standards and Technology\u2019s Federal Information Processing Standards (FIPS). Previously deemed unfeasible due to incompatibilities between Cassandra\u2019s upstream code and FIPS-approved libraries, the development responds to persistent customer demand for compliance-ready solutions.<\/p>\n<p>According to Chainguard, customer demand drove this initiative. Companies selling software to federal government agencies through FedRAMP authorization are required to meet certain FIPS compliance to access government contracts. Similarly, businesses handling sensitive consumer data in regulated industries consider FIPS encryption an important security practice. Many of these organizations could not feasibly redesign their products to avoid using Cassandra, a widely used open-source, distributed NoSQL database management system designed to handle large volumes of data.<\/p>\n<p>Some of the biggest companies in the world use Apache Cassandra in their technology stack. According to <a href=\"https:\/\/cassandra.apache.org\/_\/case-studies.html\">the Apache Foundation website<\/a>, companies like Apple, Netflix, Spotify, Target and Uber all use the software. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Dustin Kirkland, Chainguard\u2019s VP of engineering, told CyberScoop that the product \u201cguarantees that the cryptography and data protections are implemented and used correctly,\u201d which is important for organizations that are looking to <a href=\"https:\/\/fedscoop.com\/cisa-and-partners-issue-secure-by-design-principles-for-software-manufacturers\/\">embrace secure-by-design principles<\/a>.<\/p>\n<p>\u201cWhile many open-source binaries can be compiled in a FIPS-compliant mode, there are many that can\u2019t \u2014 and we have customers every day requesting more FIPS-compliant builds of heavily utilized open-source projects, such as Apache Cassandra,\u201d Kirkland said. \u201cUsers within federal agencies understand and appreciate and value that we\u2019re helping them enforce strict security standards at the code level, and doing so without adding risk or complexity.\u201d<\/p>\n<p>To make this offering possible, Chainguard forked Cassandra\u2019s source code, introducing modular changes that allow users to toggle between default Java cryptography and FIPS-approved alternatives. These modifications were applied to three supported versions of Cassandra: 4.0, 4.1, and 5.0.<\/p>\n<p>The company is in the process of contributing its code forks and patches back to the upstream project maintainers for review and acceptance. If users are satisfied with the product, the company says it will look to achieve something similar with Apache Spark (data analytics engine), Apache Kafka (stream processing platform), and Apache ZooKeeper (library that enables coordination in distributed systems).<\/p>\n<p>You can read more about the project <a href=\"https:\/\/www.chainguard.dev\/unchained\/fips-ing-the-un-fips-able-apache-cassandra\">on Chainguard\u2019s website<\/a>. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.9519725557461\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/chainguard-fips-apache-cassandra-secure-by-design-open-source\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3823,3687,78,1583,3824,3719,1073,1276,310,1],"tags":[3825,3689,86,1587,3826,3720,1076,1278,311,325],"class_list":["post-7416","post","type-post","status-publish","format-standard","hentry","category-apache-cassandra","category-chainguard","category-cybersecurity","category-encryption","category-fips","category-java","category-open-source","category-secure-by-design","category-technology","category-uncategorized","tag-apache-cassandra","tag-chainguard","tag-cybersecurity","tag-encryption","tag-fips","tag-java","tag-open-source","tag-secure-by-design","tag-technology","tag-uncategorized"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apache-cassandra\/\" rel=\"category tag\">Apache Cassandra<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/chainguard\/\" rel=\"category tag\">Chainguard<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/encryption\/\" rel=\"category tag\">encryption<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fips\/\" rel=\"category tag\">FIPS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/java\/\" rel=\"category tag\">Java<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source\/\" rel=\"category tag\">open source<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/secure-by-design\/\" rel=\"category tag\">secure-by-design<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7416"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7416\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7416,"date":"2025-03-05T11:00:00","date_gmt":"2025-03-05T17:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83730"},"modified":"2025-03-05T11:00:00","modified_gmt":"2025-03-05T17:00:00","slug":"chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/03\/05\/chainguards-fips-compliant-cassandra-addresses-security-demand-of-federal-and-regulated-markets\/","title":{"rendered":"Chainguard\u2019s FIPS-compliant Cassandra addresses security demand of federal and regulated markets"},"content":{"rendered":"