Enabling FIPS and (NIST) SP800-131a
IBM® WebSphere® Portal tolerates IBM WebSphere Application Server support of Federal Information Processing Standards (FIPS) and National Institute of Standards and Technology (NIST) SP800-131a. You can configure WebSphere Application Server to activate FIPS 140-2 compliant security modules. When you enable FIPS, you can use only FIPS to securely encrypt data. For this reason, you must also configure FIPS for systems that require secure transactions, which can include HTTP servers and LDAP servers.
Before you begin
- You must install WebSphere Portal before enabling FIPS.
- If your portal environment includes an HTTP server or LDAP server or any other components that use secure connections, consult the related links section to determine the level of support for FIPS 140-2 and SP800-131a. However, your environment does not need to include an HTTP server or LDAP server. You can enable FIPS on an out-of-box WebSphere Portal installation. Likewise, you do not have to enable FIPS for systems that do not require secure transactions. For example, if your LDAP server is accessed via the LDAP protocol, rather than the secure LDAPS protocol, you do not need to enable FIPS for that LDAP server.
About this task
- HTTP servers
- See Securing applications at the transport level for Web services in the WebSphere Application Server Information Center for instructions. Configure your HTTP server to support TLS with FIPS enabled. Refer to the appropriate documentation for instructions.
- LDAP servers
- Refer to the appropriate documentation to configure your LDAP
over SSL and to enable FIPS. Remember: Enable FIPS for your LDAP server only if it requires a secure connection. If you do not use an LDAP server or you do not connect to your LDAP server over a secure connection, you do not need to enable FIPS for an LDAP server.