Henry Coggill

Henry Coggill

13 posts

Henry is a security expert with 20 years of experience in the industry. He has reverse-engineered malware, pen-tested networks and applications, researched vulnerabilities, coded network devices, designed cryptographic modules and set corporate policies. At Canonical, Henry is Product Manager for security certifications and hardening, and is an ISC2 Certified Information Systems Security Professional.


Henry Coggill
6 June 2025

What is CMMC compliance?

Article Hardening

CMMC version 2.0 came into effect on December 26, 2023, and is designed to ensure adherence to rigorous cybersecurity policies and practices within the public sector and amongst wider industry partners.

Henry Coggill
6 June 2025


Henry Coggill
20 March 2025

Hardening automation for CIS benchmarks now available for Ubuntu 24.04 LTS

Article Hardening

We’re pleased to release Ubuntu Security Guide profiles for CIS benchmarks.

Henry Coggill
20 March 2025


Henry Coggill
14 March 2025

What is System Hardening? Essential Checklists from OS to Applications

Article CIS Benchmarks

Hardening a system aims to decrease its exposure to make it difficult to hack, and to lessen the potential collateral damage in the event of a compromise.

Henry Coggill
14 March 2025


Henry Coggill
5 February 2025

FIPS 140-3 certified modules now available for Ubuntu 22.04 LTS

Article FIPS

New deployments should take advantage of the new FIPS 140-3 certified modules available with Ubuntu 22.04 LTS.

Henry Coggill
5 February 2025


Henry Coggill
4 February 2025

The role of FIPS 140-3 in the latest FedRAMP guidance

Article FIPS

Good news in the US federal compliance space. The latest FedRAMP policy relaxes past restrictions that prevented organizations from applying critical security updates.

Henry Coggill
4 February 2025


Henry Coggill
2 August 2024

How Canonical enables PCI-DSS compliance

Article Security

Anyone who deals with online payments will have heard of PCI-DSS. The Payment Card Industry Data Security Standard is a comprehensive security control framework that is designed to keep payment card data safe from hackers and misuse. Merchants who accept debit or credit card payments (and service providers who process...

Henry Coggill
2 August 2024


Henry Coggill
24 June 2024

Meet DISA-STIG compliance requirements for Ubuntu 22.04 LTS with USG

Article DISA STIG

DISA, the Defense Information Systems Agency, recently published their Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS in April 2024. We’re pleased to now release the Ubuntu Security Guide profile to enable customers to automatically harden and audit their Ubuntu 22.04 LTS systems for the STIG. What...

Henry Coggill
24 June 2024


Henry Coggill
12 June 2024

NIST CMVP Interim Validation & Jammy FIPS

Article FIPS

If you need FIPS-validated cryptographic modules for your deployments, you may be aware that these have been turbulent times in the FIPS world. We have seen the introduction of the new FIPS 140-3 standard, with the older 140-2 being phased out (all existing certificates will expire by September 2026 at the latest). The...

Henry Coggill
12 June 2024


Henry Coggill
18 April 2024

DISA publishes STIG for Ubuntu 22.04 LTS

Article DISA STIG

Introduction DISA, the Defense Information Systems Agency, has published their Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS. The STIG is free for the public to download from the DOD Cyber Exchange. Canonical has been working with DISA since we published Ubuntu 22.04 LTS to draft this STIG, and we...

Henry Coggill
18 April 2024


Henry Coggill
7 December 2023

Ubuntu 22.04 FIPS 140-3 modules available for preview

Article FIPS

Canonical has been working with our testing lab partner, atsec information security, to prepare the cryptographic modules in Ubuntu 22.04 LTS (Jammy Jellyfish) for certification with NIST under the new FIPS 140-3 standard. The modules passed all of atsec’s algorithm validation tests and are in the queue awaiting NIST’s...

Henry Coggill
7 December 2023


Henry Coggill
3 November 2023

Meet Cyber Essentials requirements with Ubuntu Pro

Article Hardening

Cyber Essentials is an increasingly important security standard within the UK that allows organisations to demonstrate to their customers that they operate their business in a secure and trustworthy manner. Achieving the Cyber Essentials certification helps businesses win new customers and  stand out amongst their...

Henry Coggill
3 November 2023


Henry Coggill
29 June 2023

Managing security vulnerabilities and compliance for U.S. Government with Ubuntu Pro

Article Hardening

Maintaining a compliant IT ecosystem is a major undertaking, as each regulation brings a host of specialized requirements. And dealing with the never-ending stream of security vulnerabilities that require patching only adds to this task.

Henry Coggill
29 June 2023


Henry Coggill
8 February 2023

Is open-source as secure as proprietary software?

Article Hardening

Are the security issues we are seeing related to the use of open-source software? Does proprietary software have any more inherent safety or security benefits? In this article we will explore these issues and give you some more insights into the nature of these software development paradigms.

Henry Coggill
8 February 2023