Using the FIPS 140-2 approved provider for cryptography
The US Federal Information Processing Standard 140-2 (FIPS 140-2) is a cryptographic function validation program that defines security standards for cryptographic modules used in IT software. CICS Explorer® can use the FIPS 140-2 approved cryptographic provider, such as IBMJCEFIPS or IBMJCEPlusFIPS, for cryptography.
About this task
Note:
The FIPS 140-2 cryptographic module certification for IBMJCEFIPS expired on 21 August 2021 and will not be renewed. You are recommend to use the IBMJCEPlusFIPS JCE cryptographic provider to achieve FIPS 140-2 compliance of applications in future. For more information, see IBMJCEFIPS provider.
Use the IBMJCEPlusFIPS provider in CICS Explorer in two steps:
- Enable FIPS mode by specifying corresponding system properties. Note that in CICS Explorer, you need to specify system properties at the bottom of the zosexplorer.ini file,
after the
-vmargs
line. Also, system properties must be set by using a-D
prefix, for example,-Dcom.ibm.jsse2.usefipsprovider=true
. - Add the IBMJCEPlusFIPS provider to the java.security file.
Procedure
For detailed instructions on how to enable FIPS mode and add the IBMJCEPlusFIPS provider
to the cryptographic provider list, see Running IBMJSSE2 in FIPS mode.