Federal Information Processing Standard compliance
The federal government requires all its cryptographic providers
to be FIPS 140
certified. This standard is also adopted
in a growing private sector community. The certification of cryptographic
capabilities by a third party in accordance with government standards
are increased value in this security-conscious world.
If you export private keys to a
PKCS#12
file, ensure that the file with the key is wrapped by
using a FIPS-approved method before the file leaves the computer.
IBM® Security Guardium® Key Lifecycle Manager itself does not provide
cryptographic capabilities and therefore does not require or obtain, FIPS 140-2
certification. However, IBM Security Guardium Key Lifecycle Manager takes
advantage of the cryptographic capabilities of the IBM JVM in
the IBM
Java™ Cryptographic Extension component. The capabilities allow
the selection and use of the IBMJCEPlusFIPS
cryptographic provider, which has a
FIPS 140-2
level 1 certification.
For more information about the IBMJCEPlusFIPS
provider and its selection and
use, see the IBM Security information for Java documentation ( https://www.ibm.com/docs/en/sdk-java-technology/8?topic=guide-ibmjcefips-provider).
See the documentation from specific hardware and software cryptographic providers for information
about whether their products are FIPS 140-2
certified.
on
causes IBM Security Guardium Key Lifecycle Manager to use the
IBMJCEPlusFIPS
provider for all cryptographic functions.