FIPS overview
Federal Information Processing Standards (FIPS) are standards and guidelines issued by the National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS are developed when there are compelling federal government requirements for standards, such as for security and interoperability, but acceptable industry standards or solutions do not exist. Government agencies and financial institutions use these standards to ensure that the products conform to specified security requirements.
HCL Workload Automation uses cryptographic modules that are compliant with the Federal Information Processing Standard FIPS-140-2. Certificates used internally are encrypted using FIPS-approved cryptography algorithms. FIPS-approved modules can optionally be used for the transmission of data.
To satisfy the FIPS 140-2 requirement, you must use IBM Global Security Kit (GSKit) version 7d run time dynamic libraries instead of OpenSSL. GSKit uses IBM Crypto for C version 1.4.5 which is FIPS 140-2 level 1 certified by the certificate number 755. See http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm. IBM Java JSSE FIPS 140-2 Cryptographic is another module used by HCL Workload Automation. It has the certificate number 409.
If you are currently using SSL for secure connections across the network, to ensure FIPS compliance, you must use GSKit for secure connections instead of OpenSSL Toolkit. GSKit is automatically installed with HCL Workload Automation. It is based on dynamic libraries and offers several utilities for certificate management.
To comply with FIPS, all components of HCL Workload Automation must be FIPS-compliant. You must use Dynamic Workload Console or the HCL Workload Automation command line as the interface to HCL Workload Automation. Additionally, you must use DB2 as your HCL Workload Automation database.
If FIPS compliance is not of concern to your organization, you can continue to use SSL for secure connections across your network.
Components of HCL Workload Automation not FIPS-compliant cannot communicate with components of HCL Workload Automation FIPS-compliant.
- To create FIPS certificates, see Using FIPS certificates.
- To configure SSL for FIPS-compliance, see Configuring SSL to be FIPS-compliant.
- To configure your DB2 database for FIPS-compliance, see Configuring DB2 for FIPS.