Is this page helpful?

Appendix A: Hardened & Minimal Containers#

Canonical Hardened Containers#

NVIDIA AI software utilizes secure OCI containers, validated against Ubuntu DISA-STIG baselines with FIPS 140-3 cryptographic libraries. Canonical, a key partner, publishes STIG hardening guides and auditing datastreams for Ubuntu LTS, which is widely approved in federal and defense sectors. These hardened containers, built by Ubuntu maintainers, run on STIG-hardened Ubuntu hosts for full-stack security compliance. Canonical’s Ubuntu Security Guide automates hardening and auditing. Since 2016, Canonical has provided FIPS validated cryptographic modules for Ubuntu, crucial for FedRAMP deployments. Six-hourly container rebuilds ensure continuous security patching and maintenance for FedRAMP requirements.

Distroless Minimal Containers#

NVIDIA also utilizes minimal distroless Open Container Initiative (OCI) containers for some components of NVIDIA AI software, such as GPU Operator and its operands. Distroless images provide a significantly reduced attack surface for dependencies, package managers, and unnecessary components. The containers reinforce supply chain protections and while maintaining continuous security patching ready for regulated environments.

Red Hat UBI-STIG Images#

The NVIDIA GPU Operator is built on distroless minimal container images but requires OS specific NVIDIA GPU Driver images. In addition to the Canonical hardened NVIDIA GPU Driver image, NVIDIA supports a Red Hat hardened NVIDIA GPU Driver image leveraging Red Hat’s UBI-STIG image.