Technical Articles
FIPS 140–2 Compliance for Caché Database Encryption
[Home]  
InterSystems: The power behind what matters   
Class Reference   
Search:    

On specific platforms, Caché supports FIPS 140–2 compliant cryptography for database encryption. (FIPS 140–2 refers to Federal Information Processing Standard Publication 140-2, which is available at http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf. )
Supported Platforms
Caché supports FIPS 140–2 compliant cryptography for database encryption on Red Hat Enterprise Linux 6.6 (or later minor version) and Red Hat Enterprise Linux 7.1 (or later minor version) for x86-64.
Red Hat has a certificate of validation for the OpenSSL libcrypto.so library delivered with RHEL 6 and 7; see http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2441. Also see https://www.redhat.com/en/technologies/industries/government/standards.
Enabling FIPS Support
To enable Caché support for FIPS 140–2 compliant cryptography for database encryption, do the following:
  1. Download and install the openssl package from the RedHat repository (rhel-6-server-rpms or rhel-7-server-rpms, depending on which version of Red Hat Enterprise Linux for x86-64 you are using).
  2. Enable FIPS mode for the operating system. For information, see one of the following:
    Be sure to reboot and to check that FIPS mode is enabled.
  3. Check the directory /usr/lib64 for the following symbolic links. If these do not exist, create them:
  4. In Caché, specify the FIPSMode CPF parameter as True (1). To do so:
    1. Open the Management Portal.
    2. Here you will see a row for FIPSMode.
    3. Specify the value for FIPSMode as True and save your change.
  5. Restart Caché.
  6. Enable and configure encrypted databases as outlined in Using Encrypted Databases in the chapter Managed Key Encryption in Caché Security Administration Guide.
Startup Behavior and cconsole.log
When Caché is started: