CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia
Flux result de7f9a03 9dad 47b9 94c8 0a528021ae4e
#
Hybrid Cloud
#
Digital Transformation
#
IT Automation

CIQ launches Linux compliance platform ahead of deadlines

Sat, 18th Apr 2026 (Today)
Author image
By Karen Joy Bacudo, Finance Editor

CIQ has launched an Enterprise Linux compliance platform focused on federal cryptographic validation and post-quantum readiness. The platform includes RLC Pro, RLC Pro Hardened and Ascender Pro.

The launch comes ahead of four compliance deadlines between September 2026 and January 2027, covering federal cryptographic standards, defence contractor rules and quantum-resistant algorithm requirements. Organisations that rely on a FIPS mode setting without an active certificate from the National Institute of Standards and Technology can face audit findings, according to CIQ.

RLC Pro and RLC Pro Hardened are commercial Enterprise Linux platforms that ship with federally validated cryptography on the same distribution. CIQ said the broader compliance offering combines cryptographic validation, pre-applied hardening and audit evidence collection without requiring customers to rebuild systems.

Under the federal timetable outlined by CIQ, FIPS 140-2 certificates move to historical status under the Cryptographic Module Validation Program in September 2026, affecting their use in new government procurement. CMMC Phase 1 is also set to require Department of Defence contractors handling federal contract information or controlled unclassified information to demonstrate cybersecurity compliance, including the use of FIPS-validated modules.

CIQ also pointed to new quantum-resistant algorithm requirements for national security system acquisitions from January 2027. It said the same compliance pressures also apply across sectors, including financial services, energy, healthcare and telecommunications.

Certificate focus

CIQ said RLC Pro ships with five active NIST-issued cryptographic certificates on long-term support versions: 5200, 5117, 5116, 5113 and 5095. Auditors can verify them in the NIST database before a customer adopts the platform, it said.

According to CIQ, RLC Pro is the only commercial Linux distribution with a validated OpenSSL certificate for Rocky Linux 8. The claim goes to the centre of a compliance debate in the Linux market, where suppliers have often highlighted settings and configuration modes rather than active federal validation.

RLC Pro Hardened builds on that base with security settings applied at build time, CIQ said. Up to 95 per cent of federal security configuration standards take effect during the build process, reducing manual hardening from more than 40 hours to less than 30 minutes per system, according to the company.

Linux Kernel Runtime Guard is also included to monitor kernel integrity at runtime and block kernel-level exploitation. CIQ said existing binaries, automation workflows and third-party software certifications can carry over without modification.

Audit evidence

Ascender Pro, CIQ's automation product, is designed to manage Linux and Windows environments through a single management layer. It can run hardening workflows, check cryptographic compliance, apply patches and gather evidence for 800-171 assessments as part of routine operations, according to the company.

CIQ argued that evidence collection has become more demanding as compliance frameworks have expanded. It said recent revisions added 32 per cent more audit checkpoints, increasing the burden on security and infrastructure teams preparing for assessments.

CIQ also said its NSS module has achieved CAVP certification for both ML-KEM and ML-DSA, the post-quantum algorithms finalised by NIST in 2024. Full federal module validation is projected in the second quarter of 2027, according to the company.

That means customers deploying the platform now would use validated cryptography to meet current audit requirements while preparing for post-quantum standards on the same operating-system base, CIQ said. The company presented this as an alternative to deploying one stack for immediate compliance and another for future cryptographic changes.

Peter Nelson, Chief Technology Officer at CIQ, said customers in regulated sectors face a compressed timetable.

"Defence contractors, financial institutions, and healthcare organizations face four federal compliance deadlines within seven months of each other, and most of them run Enterprise Linux infrastructure that will not pass a single one," Nelson said.

He said CIQ's aim was to bring the required elements together into a single offering. "CIQ built one stack so customers do not have to. The OS ships validated, hardening takes effect at build time, and audit evidence exists before the assessor requests it," Nelson said.

Related stories
Anthropic shifts enterprise billing to token-based pricing
Companies change incentive plans faster, report finds
Temenos forum spotlights AI & banking modernisation
AI drives surge in complex software pricing models
spektr raises USD $20 million to expand AI compliance

Top stories

OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Mastercard & Lobster.cash team up for AI agent payments