security
May 7, 2025 Linux / Open Source
Back to blog

eLxr Pro: Raising the Bar on Security

eLxr Pro™ from Wind River® has reached a significant security milestone by achieving FIPS 140-3 Implementation Under Test (IUT) status, and two more certifications are underway.

Federal Information Processing Standard (FIPS) 140-3 is the latest iteration of the U.S. government standard for cryptographic module security. Managed by the National Institute of Standards and Technology (NIST), FIPS 140-3 ensures that cryptographic modules meet stringent security requirements to provide assurances in data confidentiality, integrity, and authentication. Compliance with FIPS 140-3 is critical for industries that handle sensitive data, including aerospace, defense, telecommunications, healthcare, and industrial automation.

Cybersecurity threats are increasingly sophisticated, and organizations operating at the enterprise edge require robust security measures to protect sensitive data and ensure compliance with industry standards. Wind River is committed to delivering secure and high-performance Linux solutions tailored for mission-critical applications, and this milestone helps us demonstrate that commitment.

Achieving IUT status means that eLxr Pro’s cryptographic modules are undergoing formal evaluation against the FIPS 140-3 standard. This is a crucial step toward full certification. It signals that eLxr Pro is on track to meet the highest-level security benchmarks, those that align with stringent compliance and security requirements.

CIS Benchmark and STIG Submissions

In addition to achieving FIPS 140-3 IUT status, eLxr Pro has been certified for the Center for Internet Security (CIS) Benchmarks and has been submitted for Security Technical Implementation Guide (STIG) approval, further solidifying its position as a trusted Linux solution for secure enterprise and defense applications.

The CIS Benchmarks are globally recognized security standards that provide best practices for securing IT systems, including operating systems, cloud environments, and network devices. The CIS Benchmarks help enterprises:

  • Reduce security risks by providing a well-defined framework for system hardening
  • Ensure compliance with industry regulations and security policies
  • Streamline security configurations to make it easier to protect the organization

The Security Technical Implementation Guide (STIG), maintained by the Defense Information Systems Agency (DISA), provides a comprehensive set of security configurations and requirements to secure IT systems within U.S. Department of Defense (DOD) networks. STIG compliance enables organizations to:

  • Meet DOD and federal security mandates for secure system deployment
  • Enhance security posture by implementing rigorous system-hardening measures
  • Facilitate accreditation and authorization for deployment in classified and sensitive environments

We are well into the testing and refinement of our STIG profile to demonstrate that eLxr Pro meets the stringent security standards required in government, military, and highly regulated environments. The results will be made available to customers, followed by a formal submission to DISA at the appropriate time.  

Why It Matters

The enterprise edge has become a focal point for innovation and security. Deployments at the edge often involve processing sensitive data in distributed environments, making them prime targets for cyberthreats. With FIPS 140-3 IUT status, CIS Benchmark alignment, and our STIG analysis, eLxr Pro can ensure that security processes are met for:

  • Aerospace and defense, where compliance with government security mandates for mission-critical systems are required
  • Telecommunications, by providing robust encryption for 5G networks and its infrastructure
  • Industrial and manufacturing, in which safeguarding connected devices in smart factories and industrial IoT environments are paramount — and subject to industry standards
  • Healthcare, by protecting patient data and ensuring regulatory compliance in medical devices and systems

Now that IUT status has been achieved, eLxr Pro will continue through the certification process, bringing customers one step closer to a fully FIPS 140-3–validated Linux distribution. Simultaneously, its CIS Benchmark and STIG submissions aim to reinforce security practices for enterprises and government agencies.

eLxr Pro delivers the benefits of open source accompanied by enterprise-grade security, long-term support, and compliance readiness. Organizations looking for a secure, supported, and future-ready Linux solution should explore how eLxr Pro can enhance their security posture and operational resilience.

Stay tuned for further updates as we progress toward full FIPS 140-3 certification and CIS Benchmark validation.

Read next: Do you know what security vulnerabilities your Linux devices are facing in this connected era? Use our free tool to find out how vulnerable you are.

 

By David Reyna, Wind River Senior Member of Technical Staff – Security

Wind River Blog

The Wind River Blog is made up of a variety of voices: executives, technologists and industry enthusiasts. We hope to foster conversations and encourage the sharing of insights regarding the evolving landscape of intelligent, connected systems with our ecosystem of customers, partners and colleagues.

Get our RSS feed

Subscribe

Popular Tags

Wind RiverVxWorksAerospace & DefenseLinux / Open SourceLinuxNetworkingSoftware EngineeringSecurityOpen SourceSimicsMulti-coreEclipseNFVIoT / M2MTools & SimulationvirtualizationIndustrial

Disclaimer

The postings on this site are the views of the individual poster and do not represent Wind River's positions, strategies or opinions. This site is subject to Wind River’s Terms of Use.