Cúram can be used in a secure server environment (e.g. FIPS-compliant) and is dependent on the requirements and capabilities of that environment (e.g. Websphere FIPS configuration). However there are a few specific areas where Cúram-specific or related operation or configuration is required:
- When using the DB-to-JMS feature, which is enabled via the curam.batchlauncher.dbtojms.notification.ssl property, described in the Cúram Batch Processing Guide
- When using the Word Integration Control, used for the FILE_EDIT widget, documented in the Cúram Web Client Reference Manual, which has two aspects to consider:
- When needing to use it with a browser in a TLS v1.2 environment, which is discussed in the "User Machine Configuration" topic of the Cúram Web Client Reference Manual.
- The SP800-131a-compliant version of the supporting jar file can be used as long as your browser JVM supports SHA2, regardless of whether the server environment supports SP800-131a. To digitally sign the Word Integration jar for SP800-131a compliance you must build your environment using the enable-sha-2-signed-jars property (e.g. -Denable-sha-2-signed-jars=true) when invoking the Cúram build targets (e.g. server, client, websphereEAR).