FIPS support

FIPSs (FIPS) are standards and guidelines issued by the United States National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS can be enabled for WAS.

FIPS are developed when there are compelling federal government requirements for standards, such as for security and interoperability, but acceptable industry standards or solutions do not exist. Government agencies and financial institutions use these standards to ensure that WAS NDs conform to specified security requirements.

See on these standards, see the National Institute of Standards and Technology.

WAS integrates cryptographic modules including JSSE (JSSE) and JCE, which have undergone FIPS 140-2 certification. In the WAS documentation, the IBM JSSE and JCE modules that have undergone FIPS certification are referred to as IBMJSSEFIPS and IBMJCEFIPS.

To enable FIPS for WAS, see Set FIPS JSSE files.When you enable FIPS, several components of the appserver are affected including the cipher suites, the cryptographic providers, the load balancer, the caching proxy, the high availability manager, and the data replication service.

See Secure transports with JSSE and JCE programming interfaces for more information on the impact the FIPS has on WAS. You can use the following IBM products with WAS and maintain a FIPS level of security compliance:

The DB2 Universal Databaseuses FIPS 140-2 approved cryptographic providers.

IBM Tivoli Directory Server

The IBM Tivoli Directory Server provides the Use FIPS certified implementation option, which enables the directory server to use the FIPS-certified encryption algorithms.

See "Setting the level of encryption" within the IBM Tivoli Directory Server Administration Guide.

WAS - Edge Component

The caching proxy contains a directive for enabling FIPS.

See the Caching Proxy Administration Guide.

We can find more information about the Federal Information processing Standards (FIPS) on the Support Web site including recommended updates for WAS.




Related information

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
Internet Security Group: Cryptography