WAS v8.5 > Reference > Developer best practicesFederal Information Processing Standard support
Federal Information Processing Standards (FIPS) are standards and guidelines issued by the United States National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS can be enabled for WebSphere Application Server.
FIPS are developed when there are compelling federal government requirements for standards, such as for security and interoperability, but acceptable industry standards or solutions do not exist. Government agencies and financial institutions use these standards to ensure the products conform to specified security requirements. For more information on these standards, see the National Institute of Standards and Technology.
WAS integrates cryptographic modules including JSSE and Java Cryptography Extension (JCE), which have undergone FIPS 140-2 certification.
In this release of WAS, support is provided for the FIPS 140-2, SP800-131 and Suite B security standards. Read the "WAS security standards configurations" topic for more information.
To enable FIPS for WAS, see Configure Federal Information Processing Standard Java Secure Socket Extension files.
See Secure transports with JSSE and JCE programming interfaces for more information on the impact the Federal Information Processing Standard has on WAS.
We can use the following IBM products with WAS and maintain a FIPS level of security compliance:
- The DB2 Universal Databaseā¢ uses FIPS 140-2 approved cryptographic providers.
- IBM Tivoli Directory Server
- The IBM Tivoli Directory Server provides the Use FIPS certified implementation option, which enables the directory server to use the FIPS-certified encryption algorithms. For more information, see "Setting the level of encryption" within the IBM Tivoli Directory Server Administration Guide.
- WAS - Edge Component
- The caching proxy contains a directive for enabling FIPS. For more information, see the Caching Proxy Administration Guide.
We can find more information about the Federal Information processing Standards (FIPS) on the Support website including recommended updates for WAS.
Related concepts:
WAS security standards configurations
Reference:
API documentation
Related information:
Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
Internet Security Group: Cryptography