The US Federal Information Processing Standard 140-2 (FIPS 140-2)
is a cryptographic function validation program that defines security
standards for cryptographic modules that are used in IT software.
In FIPS 140-2 mode, IBM® Endpoint
Manager for Remote Control uses
the FIPS 140-2 approved cryptographic providers; IBMJCEFIPS (certificate
#1081), IBMJSSEFIPS (certificate 409), and OpenSSL FIPS Object Module
(certificate #1747). The certificate for IBMJCEFIPS (certificate #1081)
is held on the NIST website at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2009.htm#1081.
The certificate for IBMJSSEFIPS (certificate 409) is held on the NIST
website at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2004.htm#409.
The certificate for OpenSSL FIPS Object Module (certificate #1747)
is held on the NIST website at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747.
To enable FIPS for IBM Endpoint
Manager for Remote Control you
must configure all components, the server, controller, and target.
IBM Endpoint
Manager for Remote Control version
9.x.x uses:
IBM Java™ JCE FIPS 140-2 Cryptographic Module version
1.3.1 Tested as meeting Level 1 with Windows XP
Professional SP2 operating system using IBM JVM
1.6 (single-user mode) FIPS-approved algorithms:
- AES (Cert. #805);
- DSA (Cert. #297);
- HMAC (Cert. #445);
- RNG (Cert. #463);
- RSA (Cert. #387);
- SHS (Cert. #803);
- Triple-DES (Cert. #687).
IBM Java JSSE FIPS 140-2 Cryptographic Module version
1.1 Tested as meeting Level 1 with
- Windows 2000 Professional
SP3 operating system (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 operating
system (JVM 1.4.1)
- Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1)
- AIX® 5.2 (JVM 1.3.1 and 1.4.1)
- SuSE Linux Enterprise Server
8 (JVM 1.4.1_05)
- Red Hat Linux Advanced
Server 2.1(JVM 1.4.1_05)
- IBM OS/400® V5R2M0 (JVM 1.4.1)
- z/OSV1R4 (JVM 1.4.1)
FIPS-approved algorithms:
- SHA-1 (Cert. #148);
- Triple-DES (Cert. #163);
- AES (Cert. #53);
- DSA (Cert. #83);
- RSA (PKCS#1, vendor affirmed);
- HMAC-SHA-1 (Cert. #148, vendor affirmed);
OpenSSL FIPS Object Module version 2.0.2 Tested as meeting Level
1 with
- Android 2.2 (gcc Compiler Version 4.4.0); Android 2.2 running
on Qualcom QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0);
Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version
4.1.0); Android 3.0 (gcc Compiler Version 4.4.0); Android 4.0 (gcc
Compiler Version 4.4.3); Android 4.0 running on TI OMAP 3 (ARMv7)
with NEON (gcc Compiler Version 4.4.3); Android 4.1 running on TI
DM3730 (ARMv7) (gcc Compiler Version 4.6); Android 4.1 running on
TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6); Android 4.2
running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6); Android
4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version
4.6) (single-user mode).
- Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler
Version 16.00); Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version
16.00); Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with AES-NI (Microsoft ® C/C++ Optimizing
Compiler Version 16.00 for x64);
- Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (32-bit under vSphere)
(Microsoft 32-bit C/C++
Optimizing Compiler Version 16.00 for 80x86); Microsoft Windows 2008
running on Intel Xeon E3-1220v2
(64-bit under vSphere) (Microsoft C/C++
Optimizing Compiler Version 16.00 for x64);
- uCLinux 0.9.29 (gcc Compiler Version 4.2.1);
- Fedora 14 running on Intel Core
i5 with AES-NI (gcc Compiler Version 4.5.1);
- HP-UX 11i (32 bit) (HP C/aC++ B3910B); HP-UX 11i (64 bit) (HP
C/aC++ B3910B);
- Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3); Ubuntu 10.04
(64 bit) (gcc Compiler Version 4.1.3); Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit)
(gcc Compiler Version 4.1.3);
- Linux 2.6 (gcc Compiler
Version 4.3.2); Linux 2.6.27
(gcc Compiler Version 4.2.4); Linux 2.6.32
(gcc Compiler Version 4.3.2); Linux 2.6.33
(gcc Compiler Version 4.1.0); Linux 2.6
(gcc Compiler Version 4.1.0);
- VxWorks 6.8 (gcc Compiler Version 4.1.2);
- Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3); Oracle
Solaris 10 (64 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 11(32
bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 (64 bit) (gcc
Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (32 bit) (gcc
Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (64 bit) (gcc
Compiler Version 4.5.2); Oracle Solaris 11 (32 bit) (Sun C Version
5.12); Oracle Solaris 11 (64 bit) (Sun C Version 5.12);
- Oracle Linux 5 (64 bit)
(gcc Compiler Version 4.1.2); Oracle Linux 5
running on Intel Xeon 5675
with AES-NI (gcc Compiler Version 4.1.2); Oracle Linux 6 (gcc Compiler Version 4.4.6); Oracle Linux 6 running on Intel Xeon 5675 with AES-NI (gcc Compiler
Version 4.4.6);
- CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5); CascadeOS
6.1 (64 bit) (gcc Compiler Version 4.4.5);
- Apple iOS 5.1 (gcc Compiler Version 4.2.1);
- Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version
15.00 for ARM); Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version
13.10 for ARM);
- DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13);
- NetBSD 5.1 (gcc Compiler Version 4.1.3);
- RHEL 6 running on Intel
Xeon E3-1220v2 (32-bit under vSphere) (gcc Compiler Version 4.4.6);
RHEL 6 running on Intel Xeon E3-1220v2
(64-bit under vSphere) (gcc Complier Version 4.4.6);
FIPS-approved algorithms:
- AES (Certs. #1884, #2116, and #2234);
- DRBG (Certs. #157, #229, and #264);
- DSA (Certs. #589, #661, and #693);
- HMAC (Certs. #1126, #1288, and #1363);
- RNG (Certs. #985, #1087, and #1119);
- RSA (Certs. #960, #1086, and #1145);
- SHS (Certs. #1655, #1840, and #1923);
- Triple-DES (Certs. #1223, #1346, and #1398);
- ECDSA (Certs. #264, #270, #315, #347 and #378);
- CVL (Certs. #10, #12, #24, #36 and #49).