FIPS mode and encryption

This gateway complies with Federal Information Processing Standard 140-2 (FIPS 140-2). It can be run in FIPS mode on any currently supported version of Tivoli Netcool/OMNIbus.

You can use encryption algorithms to secure string value entries made in the properties file, including passwords.

Gateways that use the nco_g_java and jnetcool frameworks, for example the Gateway for ServiceNow and the Java Gateway for JDBC 2, use the AES_FIPS algorithm to secure string values.

For gateways that use the libngjava framework, for example the JDBC Gateway and the XML Gateway, you can specify whether the gateway uses the AES_FIPS or the AES algorithm to secure string values. For these gateways, use the generic Tivoli Netcool/OMNIbus ConfigCryptoAlg property to specify which encryption algorithm to use.

Note: For all gateways, use the generic Tivoli Netcool/OMNIbus ConfigKeyFile property to specify the encryption key file.

For more information about running the gateway in FIPS mode, and encrypting properties and passwords, see Running the ObjectServer in secure mode, Running the proxy server in secure mode, and Encrypting plain text passwords in routing definitions in the IBM Tivoli Netcool/OMNIbus Administration Guide.

Also see, Configuring FIPS 140-2 support for the server components in the IBM Tivoli Netcool/OMNIbus Installation and Deployment Guide.

Also see SSL and FIPS 140-2 support in the IBM Tivoli Netcool/OMNIbus Event Integration Facility Reference.

Also see Appendix C. WAAPI security in the IBM Tivoli Netcool/OMNIbus Web GUI Administration API (WAAPI) User's Guide.

Also see Configuring the JRE for FIPS 140-2.

Note: If you run the gateway in FIPS mode, you must either use no encryption, or if you do use encryption, you must use nco_aes_crypt with the cipher (-c) option AES_FIPS. For example:

$NCHOME/omnibus/bin/nco_aes_crypt -c AES_FIPS -k key_file string_value