Federal Information Processing Standard compliance

The federal government requires all its cryptographic providers to be FIPS 140 certified. This standard is also adopted in a growing private sector community. The certification of cryptographic capabilities by a third party in accordance with government standards are increased value in this security-conscious world.

If you export private keys to a PKCS#12 file, ensure that the file with the key is wrapped by using a FIPS-approved method before the file leaves the computer.

IBM® Security Guardium® Key Lifecycle Manager itself does not provide cryptographic capabilities and therefore does not require or obtain, FIPS 140-2 certification. However, IBM Security Guardium Key Lifecycle Manager takes advantage of the cryptographic capabilities of the IBM JVM in the IBM Java™ Cryptographic Extension component. The capabilities allow the selection and use of the IBMJCEPlusFIPS cryptographic provider, which has a FIPS 140-2 level 1 certification.

For more information about the IBMJCEPlusFIPS provider and its selection and use, see the IBM Security information for Java documentation ( https://www.ibm.com/docs/en/sdk-java-technology/8?topic=guide-ibmjcefips-provider).

See the documentation from specific hardware and software cryptographic providers for information about whether their products are FIPS 140-2 certified.

Note: Setting the fips configuration property to on causes IBM Security Guardium Key Lifecycle Manager to use the IBMJCEPlusFIPS provider for all cryptographic functions.