Services that support FIPS

The Federal Information Processing Standard (FIPS) standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA).

Most IBM Cloud Pak® for Data software can be installed on a Red Hat® OpenShift® Container Platform cluster that is FIPS-enabled.

If you need to run Cloud Pak for Data in a FIPS environment, use the following information to confirm that the services that you plan to install can run when FIPS is enabled.

Important: In previous versions of Cloud Pak for Data, most software could be installed on a FIPS-enabled cluster, however, the software did not meet the FIPS requirements. For example:
  • The software did not use FIPS-certified modules for encryption.
  • Some software implicitly turned off FIPS mode to access modules that were not FIPS-compliant on Red Hat OpenShift Container Platform or on Red Hat Enterprise Linux®.

In Version 4.7, services that are FIPS 140-2 compliant use FIPS-certified modules for encryption and use only modules that are available in FIPS mode. In some situations, this might result in a loss of functionality if the service previously ran on FIPS-enabled clusters without being FIPS 140-2 compliant. For example, some JDBC drivers are not FIPS-compliant, so connections that worked in previous releases of Cloud Pak for Data might not work in Version 4.7. For more information, see Known issues on FIPS-enabled clusters.

Table 1. Services that support FIPS.
Service Runs on FIPS-enabled cluster FIPS 140-2 compliant Additional information
IBM Cloud Pak for Data control plane For known issues and limitations, see Known issues on FIPS-enabled clusters.
Cloud Pak for Data command-line interface No  
Common core services For known issues and limitations, see Known issues on FIPS-enabled clusters.
Scheduling service  
AI Factsheets No  
Anaconda Repository for IBM Cloud Pak for Data No No  
Analytics Engine powered by Apache Spark  
Cognos® Analytics  
Cognos Dashboards No  
Data Privacy No  
Data Refinery  
Data Replication No  
DataStage® For known issues and limitations, see Known issues on FIPS-enabled clusters.
Db2® No FIPS support includes the data replication feature for Db2.
Db2 Big SQL No  
Db2 Data Gate No  
Db2 Data Management Console No  
Db2 Warehouse No FIPS support includes the data replication feature for Db2 Warehouse.
Decision Optimization  
EDB Postgres No No  
Execution Engine for Apache Hadoop No

Execution Engine for Apache Hadoop is not FIPS-compliant.

For known issues and limitations, see Known issues on FIPS-enabled clusters.
IBM® Match 360 with Watson™ For FIPS-140-2 support, extra configuration is required. For more information, see Enabling IBM Match 360 for FIPS compliance.

For known issues and limitations, see Known issues on FIPS-enabled clusters.
Informix® No  
MANTA Automated Data Lineage  
OpenPages® No  
Planning Analytics No  
Product Master No  
RStudio® Server Runtimes No For known issues and limitations, see Known issues on FIPS-enabled clusters.
SPSS® Modeler  
Voice Gateway No No  
Watson Assistant No  
Watson Discovery No  
Watson Knowledge Catalog FIPS support includes the MANTA Automated Data Lineage component, which provides the advanced metadata import feature.

For known issues and limitations, see Known issues on FIPS-enabled clusters.
Watson Knowledge Studio No  
Watson Machine Learning For known issues and limitations, see Known issues on FIPS-enabled clusters.
Watson Machine Learning Accelerator  
Watson OpenScale 4.7.2 or later Watson OpenScale is FIPS 140-2 compliant.
Watson Pipelines No  
Watson Query No  
Watson Speech services No  
Watson Studio For known issues and limitations, see Known issues on FIPS-enabled clusters.
Watson Studio Runtimes For known issues and limitations, see Known issues on FIPS-enabled clusters.
watsonx.data No 4.7.2 or later Starting in Cloud Pak for Data Version 4.7.2, the watsonx.data service can run on a FIPS-enabled cluster.