FIPS 140-2 compliance

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the National Institute of Standards and Technology for use in computer systems by non-military American government agencies and government contractors. You can configure CDP Private Cloud Base to use FIPS-compliant cryptography. Before you do so, understand CFM support for a FIPS-compliant environment.

Note the following about FIPS compliance in CFM:
  • CFM is compatible with a FIPS 140-2 compliant environment.
  • CFM can run on an OS with FIPS turned on and can use FIPS-compliant crypto libraries.
  • By default, the KeyStore and TrustStore are in Java KeyStore (JKS) format. This format is not FIPS compliant.
  • By default, NiFi dataflows are not FIPS compliant. You must specifically design a dataflow to be FIPS compliant.
  • You can encrypt NiFi sensitive properties, such as the password for a database connection pool service, with a secret key generated by the FIPS 140-2 approved PBKDF2 algorithm. For information on how to do this, see Encrypting NiFi sensitive properties with FIPS 140-2 approved algorithm.

For the National Institute of Standards and Technology publication, see FIPS 140-2 Security Requirements for Cryptographic Modules.