Federal Information Processing Standards (FIPS)
This topic introduces the Federal Information Processing Standards (FIPS) Cryptomodule Validation Program of the US National Institute of Standards and Technology and the cryptographic functions which can be used on TLS channels.
This information applies to the following platforms:- Windows
- UNIX and Linux
- z/OSĀ®
The FIPS 140-2 compliance of a IBM MQ TLS connection on UNIX, Linux, and Windows is found here Federal Information Processing Standards (FIPS) for UNIX, Linux, and Windows.
The FIPS 140-2 compliance of a IBM MQ TLS connection on z/OS is found here Federal Information Processing Standards (FIPS) for z/OS.
If cryptographic hardware is present, the cryptographic modules used by IBM MQ can be configured to be those provided by the hardware manufacturer. If this is done, the configuration is only FIPS-compliant if those cryptographic modules are FIPS-certified.
Over time, the Federal Information Processing Standards are updated to reflect new attacks against encryption algorithms and protocols. For example, some CipherSpecs may cease to be FIPS certified. When such changes occur, IBM MQ is also updated to implement the latest standard. As a result, you might see changes in behavior after applying maintenance.