Federal Information Processing Standards (FIPS)

This topic introduces the Federal Information Processing Standards (FIPS) Cryptomodule Validation Program of the US National Institute of Standards and Technology and the cryptographic functions which can be used on TLS channels.

• UNIX, Linux, and Windows
• z/OS

For more information about the FIPS 140-2 compliance of a IBM MQ TLS connection on UNIX, Linux, and Windows, see Federal Information Processing Standards (FIPS) for UNIX, Linux, and Windows.

For more information about the FIPS 140-2 compliance of a IBM MQ TLS connection on z/OS, see Federal Information Processing Standards (FIPS) for z/OS.

If cryptographic hardware is present, the cryptographic modules used by IBM MQ can be configured to be those provided by the hardware manufacturer. If this is done, the configuration is only FIPS-compliant if those cryptographic modules are FIPS-certified.

Over time, the Federal Information Processing Standards are updated to reflect new attacks against encryption algorithms and protocols. For example, some CipherSpecs may cease to be FIPS certified. When such changes occur, IBM MQ is also updated to implement the latest standard. As a result, you might see changes in behavior after applying maintenance.

• Federal Information Processing Standards (FIPS) for UNIX, Linux, and Windows
  When cryptography is required on an SSL/TLS channel on Windows, UNIX and Linux systems, IBM MQ uses a cryptography package called IBM Crypto for C (ICC). On the Windows, UNIX and Linux platforms, the ICC software has passed the Federal Information Processing Standards (FIPS) Cryptomodule Validation Program of the US National Institute of Standards and Technology, at level 140-2.
• Federal Information Processing Standards (FIPS) for z/OS
  When cryptography is required on an SSL/TLS channel on z/OS, IBM MQ uses a service called System SSL. The objective of System SSL is to provide the capability to execute securely in a mode designed to adhere to the Federal Information Processing Standards (FIPS) Cryptomodule Validation Program of the US National Institute of Standards and Technology, at level 140-2.

Parent topic: TLS security protocols in IBM MQ

Related concepts

• Specify that only FIPS-certified CipherSpecs are used at run time on the MQI client
• Use runmqckm, runmqakm, and strmqikm to manage digital certificates

Related reference

• Federal Information Processing Standards

Related information

• Enable TLS in IBM MQ classes for Java
• TLS properties of JMS objects
• Use Transport Layer Security (TLS) with IBM MQ classes for JMS