Federation Manager Guide › Federation Manager Introduction › FIPS 140-2 Support Offerred by Federation Manager

FIPS 140-2 Support Offerred by Federation Manager

Federation Manager uses certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries. These libraries provide a FIPS mode of operation when an environment uses only FIPS-compliant Advanced Encryption Standard (AES) algorithms to encrypt sensitive data.

You can install Federation Manager in one of the following FIPS modes of operation:

• FIPS_COMPAT

  FIPS_COMPAT (compatibility) mode is the default FIPS mode of operation during installation. In FIPS_COMPAT mode, Federation Manager continues to support the current set of non-FIPS algorithms as well as the supported FIPS-compliant algorithms.

  FIPS_COMPAT mode is compatible with previous versions Federation Manager. This compatibility enables environments with a version of Federation Manager earlier than r12.1 to interoperate with r12.1. FIPS_COMPAT is also suitable for any clients who are satisfied with the degree of security available in the current Federation Manager implementation.

  If your organization does not require the use of FIPS, install Federation Manager in FIPS_COMPAT mode. No further configuration is required.

• FIPS_ONLY

  In FIPS_ONLY mode, the environment uses only FIPS-compliant algorithms to encrypt sensitive data.

  Install Federation Manager in FIPS_ONLY mode for new installations where you want to use only FIPS-compliant algorithms.

An appendix in this guide lists the specific encryption and decryption algorithms that Federation Manager uses when operating in different FIPS modes.

Important! An r12.1 installation that is running in FIPS_ONLY mode cannot interoperate with, or be backward compatible to, earlier versions of Federation Manager, including any previous versions of APIs that Federation Manager exposes. You must re-link all such software with the r12.1 versions of the respective SDKs to achieve the required support for full FIPS_ONLY mode.

Note: The FIPS mode Federation Manager can operate in is system-specific. For more information, see the Federation Manager Platform Support Matrix on the Technical Support site.