Federal Information Processing Standards (FIPS)
This topic introduces the Federal Information Processing Standards (FIPS) Cryptomodule Validation Program of the US National Institute of Standards and Technology and the cryptographic functions which can be used on SSL or TLS channels.
IBM Crypto for Ccryptographic module. The certificate for this module has been moved to the Historical status. Customers should view the IBM Crypto for C certificate and be aware of any advice provided by NIST. A replacement FIPS 140-3 module is currently in progress and its status can be viewed by searching for it in the NIST CMVP modules in process list.
- Windows
- UNIX and Linux
- z/OS®
The FIPS 140-2 compliance of an IBM MQ SSL or TLS connection on UNIX, Linux, and Windows systems is found here Federal Information Processing Standards (FIPS) for UNIX, Linux, and Windows.
![[z/OS]](ngzos.gif)
The FIPS 140-2 compliance of an IBM MQ SSL or TLS connection on z/OS is found here Federal Information Processing Standards (FIPS) for z/OS.
If cryptographic hardware is present, the cryptographic modules used by IBM MQ can be configured to be those provided by the hardware manufacturer. If this is done, the configuration is only FIPS-compliant if those cryptographic modules are FIPS-certified.
Over time, the Federal Information Processing Standards are updated to reflect new attacks against encryption algorithms and protocols. For example, some CipherSpecs may cease to be FIPS certified. When such changes occur, IBM MQ is also updated to implement the latest standard. As a result, you might see changes in behavior after applying maintenance.