Administer > System security > FIPS mode

FIPS mode

FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within U.S. non-military government agencies and by U.S. government contractors and vendors who work with the agencies.

FIPS 140-2, “Security Requirements for Cryptographic Modules,” was issued by the U.S. National Institute of Standards and Technology (NIST) in May, 2001. The standard specifies the security requirements for cryptographic modules utilized within a security system that protects sensitive or valuable data.

For FIPS 140-2 compliance, Service Manager (SM) supports the implementation of FIPS validated AES-256 data encryption, TLS connections and Lightweight Single Sign-On (LW-SSO), and FIPS compliant random number generation algorithms.

Note Prior to version 9.50, Service Manager supported only FIPS 140-2 compliant data encryption. For backward compatibility, the legacy FIPS mode configuration is still supported. For details about the legacy FIPS mode configuration, see Configure legacy FIPS mode in Service Manager.

The following table describes two operation modes of the Service Manager server and clients.

Operation mode Description Notes

FIPS mode

(FIPS 140-2 compliant mode)

Supports FIPS 140-2 compliant cryptographic functions.

Both OpenJDK JRE and Oracle JRE are supported for Service Manager. However, Service Manager does not support enabling FIPS mode with OpenJDK. If you want to enable FIPS mode for Service Manager, use Oracle JRE or IBM JRE with Service Manager.

Non-FIPS mode

(Non-FIPS 140-2 compliant mode)

Utilizes existing cryptography without the 3rd-party FIPS 140-2 validated cryptographic modules.  

In FIPS mode, Service Manager supports the same authentication methods as in non-FIPS mode. See the following table.

Authentication mechanism Windows Client Web Client Mobility Client SRC
Password-based mechanism (local and LDAP) Yes Yes Yes Yes
Trusted Sign-On (TSO) Yes Yes Yes Yes
LW-SSO No Yes Yes Yes
X.509 certificate authentication (CAC) No Yes No Yes
SAML SSO No Yes Yes Yes
Chat Server No Yes No No
Chat Service No Yes No No