Federal Information Processing Standard 140-2

Federal Information Processing Standards (FIPS) are standards and guidelines that are issued by the National Institute of Standards and Technology (NIST) for federal government computer systems.

Government agencies and financial institutions use Federal Information Processing Standard (FIPS) to ensure that the products conform to specified security requirements. For more information about these standards, see the NIST website.

FIPS 140-2 is the standard that defines the security requirements for cryptographic modules that are used within a system that handles sensitive but unclassified information. Compliance with the FIPS 140-2 standard has two aspects that affect BigFix Inventory: the algorithms that are used to manage sensitive data must be FIPS-approved and a FIPS-approved implementation must be used when data is transmitted with the SSL/TLS.

BigFix Inventory uses the FIPS 140-2 approved cryptographic providers for cryptography:
  • IBMJCEFIPS (certificate 376)
  • IBMJSSEFIPS (certificate 409)
  • IBM Crypto for C (ICC) (certificate 384)
The certificates are listed on the NIST web site.