Federal Information Processing Standards

 

+

Search Tips   |   Advanced Search

 

Federal Information Processing Standards (FIPS) are standards and guidelines issued by the United States National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS are developed when there are compelling federal government requirements for standards, such as for security and interoperability, but acceptable industry standards or solutions do not exist.

WebSphere Portal tolerates WAS's support of FIPS 140-2. WAS integrates FIPS 140-2 certified cryptographic modules such as...

• Java Secure Socket Extension (JSSE)
• Java Cryptography Extension (JCE)

FIPS 140-2 certified JSSE and JCE modules are referred to as...

• IBMJSSEFIPS
• IBMJCEFIPS

...which distinguishes the FIPS-certified modules from the prior, non-certified IBM JSSE and IBM JCE modules.

The FIPS 140-2 compliant toleration means that WebSphere Portal will continue to work after WAS is configured to activate FIPS 140-2 compliant security modules. The WebSphere Portal product has no self-contained cryptographic support and as a result is unaware of the module differences.

Functions in WebSphere Portal that use encryption include:

• SSL connections inbound from clients (but this is basically the WAS and HTTP Server support for SSL connections, and is transparent to WebSphere Portal)

• Internal connections between WebSphere Portal administrative functions and WAS administrative services (invoked, for example, when deploying a portlet which must create a Web application in WAS)

It is assumed, though not required, that all the connections listed above will be carried over SSL using FIPS-compliant encryption. Without FIPS 140-2 support connections may not be encrypted. And there is no requirement that every connection be SSL, even with FIPS-enabled cryptography over TLS, but again your connection may not be encrypted.

FIPS 140-2 enablement requires HTTP Server and LDAP server versions that provide support for FIPS 140-2. Consult the documentation for your HTTP server and LDAP server to determine your level of support.

The following steps are a summary of how to activate SSL and FIPS in WebSphere Portal:

1. Install WebSphere Portal.

2. Set up Transport Layer Security (TLS) for the internal HTTP server in WAS

3. Install your LDAP server.

4. Configure either your stand-alone LDAP server over SSL or your federated LDAP server(s) over SSL.

5. If your LDAP server supports FIPS. to enable it.

6. Optional

   Configure your HTTP server to support TLS with FIPS enabled; refer to the HTTP server documentation.

 

Limitations

• Lotus Sametime currently does not support FIPS 140-2.

• By default, Microsoft Internet Explorer might not have TLS enabled. To enable TLS, open the Internet Explorer browser and click Tools > Internet Options. On the Advanced tab, select the Use TLS 1.0 check box.

• The IBM Tivoli Directory Server provides the Use FIPS certified implementation option, which enables the directory server the FIPS-certified encryption algorithms uses.

• IBMJSSEFIPS is not supported on the HP-UX platform.

• You can only use FIPS-certified JSSE providers if your servers and clients are using WAS.

 

Parent topic

Security and authentication considerations