WebSphere Application Server security standards configurations

WebSphere® Application Server can be configured to work with various security standards, which are typically used to meet security requirements required by the government.

WebSphere Application Server integrates cryptographic modules, which include Java Secure Socket Extension (JSSE) and Java Cryptography Extension (JCE). Most of the requirements in the standards are handled in the JSSE and JCE, which must undergo the certification process to meet government standards. WebSphere Application Server must be configured to run with the JSSE and JCE enabled for a particular standard.

Security standards that are required by the government include the following:

Properties used to enable the Security Standards

The IBM® virtual machine for Java (JVM) runs in a given security mode based on system properties. WebSphere Application Server sets these system properties based on security configuration settings. The security configuration can be set up through the administrative console or through scripting admin tasks. If an application sets these properties directly it can affect WebSphere Application Server SSL communication.

Table 2. JVM system properties to enable the security standard.

A list of JVM system properties and valid values to enable the security standard

Security standard System property to enable Valid values
FIPS 140-2 com.ibm.jsse2.usefipsprovider true or false
SP800-131 com.ibm.jsse2.sp800-131 transition or strict
Suite B com.ibm.jsse2.suiteB 128 or 192

WebSphere Application Server configuration clears out all of these properties if they are set, then sets them to how the security configuration is specified. WebSphere Application Server enables the security standard based on the custom properties set in the security configuration.

WebSphere Application Server security custom properties to enable the security standard

Table 3. WebSphere Application Server security custom properties to enable the security standard.

A list of WebSphere Application Server security custom properties and the JVM system properties to enable the security standard.

Security standard Security custom properties JVM system property
FIPS 140-2

com.ibm.security.useFips=true
com.ibm.websphere.security.FIPSLevel=FIPS140-2

com.ibm.jsse2.usefipsprovider=true
SP800-131- transition

com.ibm.security.useFips=true
com.ibm.websphere.security.FIPSLevel=transition

com.ibm.jsse2.sp800-131=transition
SP800-131 – strict

com.ibm.security.useFips=true
com.ibm.websphere.security.FIPSLevel=SP800-131

com.ibm.jsse2.sp800-131=strict
Suite B 128

com.ibm.security.useFips=true
com.ibm.websphere.security.suiteB=128

com.ibm.jsse2.suiteB=128
Suite B 192

com.ibm.security.useFips=true
com.ibm.websphere.security.suiteB=192

com.ibm.jsse2.suiteB=192



Related tasks
Configuring WebSphere Application Server for the Suite B security standard
Configuring WebSphere Application Server for SP800-131 standard strict mode
Transitioning WebSphere Application Server to the SP800-131 security standard
Configuring Federal Information Processing Standard Java Secure Socket Extension files
Related reference
FIPSCommands command group for the AdminTask object
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jan 30, 2014 9:17:32 AM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-iseries&topic=csec_security_standards
File name: csec_security_standards.html