Federal Information Processing Standard compliance
The federal government requires all its cryptographic providers
FIPS 140 certified. This standard is also adopted
in a growing private sector community. The certification of cryptographic
capabilities by a third party in accordance with government standards
are increased value in this security-conscious world.
If you export private keys to a
PKCS#12 file, ensure that the file with the key is wrapped by
using a FIPS-approved method before the file leaves the computer.
IBM® Security Guardium® Key Lifecycle Manager itself does not provide
cryptographic capabilities and therefore does not require or obtain,
certification. However, IBM Security Guardium Key Lifecycle Manager takes
advantage of the cryptographic capabilities of the IBM JVM in
Java™ Cryptographic Extension component. The capabilities allow
the selection and use of the
IBMJCEPlusFIPS cryptographic provider, which has a
FIPS 140-2 level 1 certification.
For more information about the
IBMJCEPlusFIPS provider and its selection and
use, see the IBM Security information for Java documentation ( https://www.ibm.com/docs/en/sdk-java-technology/8?topic=guide-ibmjcefips-provider).
See the documentation from specific hardware and software cryptographic providers for information
about whether their products are
FIPS 140-2 certified.
oncauses IBM Security Guardium Key Lifecycle Manager to use the
IBMJCEPlusFIPSprovider for all cryptographic functions.