Updating to FIPS 140 security standards

Federal Information Processing Standards (FIPS) are standards and guidelines that are issued by the National Institute of Standards and Technology (NIST) for federal government computer systems. Federal Information Processing Standards publication 140-2 (FIPS 140-2) covers the security standards that are required for cryptographic modules.

When in FIPS 140-2 mode, the application, through IBM WebSphere Application Server, uses the FIPS 140-2 approved cryptographic providers: IBMJCEFIPS (certificate 376) and IBMJSSEFIPS (certificate 409) for cryptography. The certificates are listed on the NIST website.

To enable FIPS 140-2 mode in WebSphere Application Server, follow the instructions in Configuring Federal Information Processing Standard Java Secure Socket Extension files, found within the WebSphere Application Server documentation.

Application is now running on a WebSphere Application Server in FIPS 140-2 mode.