IBM Support

IBM StreamSets Data Collector FIPS Support

How To


Summary

This document describes how to use IBM StreamSets Data Collector (6.3.0 onwards) in a FIPS enabled environment.

Objective

What is FIPS Java?

FIPS Java is a Java Runtime Environment (JRE) that has been validated to meet the Federal Information Processing Standard (FIPS) 140-2 requirements. FIPS 140-2 is a United States government standard for cryptographic modules, which ensures that the cryptographic algorithms and protocols used in the JRE are secure and compliant with federal regulations.

What does FIPS Java do?

FIPS Java provides a secure environment for running Java applications that require cryptographic operations, such as encryption, decryption, and digital signatures. It ensures that all cryptographic operations are performed using FIPS-approved algorithms and protocols, which are considered to be secure and trustworthy.

Key features of FIPS Java

  • FIPS 140-2 Compliance: FIPS Java is validated to meet the FIPS 140-2 requirements, ensuring that all cryptographic operations are secure and compliant with U.S. federal regulations.

  • Secure Cryptographic Algorithms: FIPS Java uses FIPS-approved cryptographic algorithms, such as AES, RSA, and SHA, to ensure secure data encryption and decryption.

  • Secure Key Management: FIPS Java provides secure key management features, including key generation, storage, and distribution.

  • Secure Random Number Generation: FIPS Java provides a secure random number generator to ensure that random numbers are generated securely and unpredictably.

Does IBM StreamSets Data Collector support running on FIPS Java?

The core IBM StreamSets Data Collector libraries are FIPS compliant.

However, stages that connect to external systems include libraries from the vendor for the external system. These libraries may not be FIPS compliant.

Running IBM StreamSets Data Collector in FIPS Java

To run in FIPS Java, the Data Collector administrator must provide a specific JAVA_OPT when starting the engine. There are two options available:

  • Use the following setting to allow IBM StreamSets Data Collector to choose the best available algorithm from a FIPS compliant list:

    • -Drandom.algorithm=default

  • Use the following setting to specify a particular algorithm, such as PKCS11:

    • -Drandom.algorithm=<algorithm>

For details about configuring Java options, see the IBM StreamSets documentation.

Key Takeaway

While the core IBM StreamSets Data Collector libraries provide a solid foundation for FIPS compliance, the FIPS compliance of individual stages that connect to external systems can vary.

For the external system stages that you use, check with the vendor about the FIPS compliance of their Java libraries.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSM7CU","label":"IBM StreamSets Data Collector"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"and future releases;6.3.x"}]

Document Information

Modified date:
22 July 2025

UID

ibm17239957

Page Feedback