FIPS compliance with WebSphere Portal

---

Federal Information Processing Standards (FIPS) are standards and guidelines issued by the National Institute of Standards and Technology (NIST) for federal computer systems. FIPS are developed when there are compelling federal government requirements for standards, such as for security and interoperability, but acceptable industry standards or solutions do not exist.

WebSphere Portal provides support for FIPS 140-2 through WebSphere Application Server V5.0.2. WebSphere Application Server integrates cryptographic modules including Java Secure Socket Extension (JSSE) and Java Cryptography Extension (JCE), which are undergoing FIPS 140-2 certification. Throughout the documentation and the product, the IBM JSSE and JCE modules undergoing FIPS certification are referred to as IBMJSSEFIPS and IBMJCEFIPS, which distinguishes the FIPS modules from the IBM JSSE and IBM JCE modules. For more information on the FIPS certification process and to check the status of the IBM submission, see the Cryptographic Module Validation Program FIPS 140-1 and FIPS 140-2 Pre-validation List.

Follow these general steps to ensure that your portal complies with FIPS 140-2:

1. Install WebSphere Portal

2. Enable WebSphere Application Server security

3. Set up TLS for the internal HTTP Server in WebSphere Application Server. Refer to the "Configuring Federal Information Processing Standard Java Secure Socket Extension files" topic in the WebSphere Application Server Information Center for detailed instructions.

4. Optional: If your LDAP server supports TLS with FIPS enabled:

   1. Set up LDAP over SSL

   2. Enable TLS FIPS on the LDAP server. Refer to the product documentation for your LDAP server for detailed instructions.

5. Optional: Configure your HTTP server to support TLS with FIPS enabled. Refer to the HTTP server documentation for detailed instructions.

 

Limitations

There are some restrictions in the level of support that WebSphere Portal provides for FIPS:

• Lotus Instant Messaging and Web Conferencing and Lotus Team Workplace currently do not support FIPS 140-2.

• By default, Microsoft Internet Explorer V5.5 might not have TLS enabled. To enable TLS, open the Internet Explorer browser and click Tools>Internet Options. On the Advanced tab, select the Use TLS 1.0 checkbox.

• Netscape V4.7.x and earlier versions might not support TLS.

• IBM Directory Server V4.1 and earlier versions do not support TLS.

• IBMJSSEFIPS is not supported on the HP-UX platform.

• use Transport Layer Security (TLS) and not Secure Sockets Layer (SSL) because FIPS-approved JSSE files are not backwards-compatible and SSL is not FIPS-approved. If the server uses TLS, a client using SSL cannot communicate with the server. So, use FIPS-approved JSSE providers if your servers and clients are using WebSphere Application Server V5.0.2 or later as this version supports FIPS.

 

See also

• Cryptographic Module Validation Program FIPS 140-1 and FIPS 140-2 Pre-validation List

• WebSphere Application Server product documentation

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.