FIPS 140-2 compliance

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the National Institute of Standards and Technology for use in computer systems by non-military American government agencies and government contractors. You can configure CDP Private Cloud Base to use FIPS-compliant cryptography.

To install and configure a CDP cluster that is FIPS-compliant, see Installing and Configuring CDP with FIPS. In combination with AutoTLS, the cluster will use BouncyCastle FIPS Keystore (BCFKS) across all the components.

Note the following points about FIPS compliance in CFM:
  • CFM is compatible with a FIPS 140-2 compliant environment.
  • CFM can run on an OS with FIPS turned on and can use FIPS-compliant crypto libraries.
  • By default, the KeyStore and TrustStore are in Java KeyStore (JKS) format. This format is not FIPS compliant.
  • By default, NiFi dataflows are not FIPS compliant. You must specifically design a dataflow to be FIPS compliant.
  • You can encrypt NiFi sensitive properties, such as the password for a database connection pool service, with a secret key generated by the FIPS 140-2 approved PBKDF2 algorithm. For information on how to do this, see Encrypting NiFi sensitive properties with FIPS 140-2 approved algorithm.

For the National Institute of Standards and Technology publication, see FIPS 140-2 Security Requirements for Cryptographic Modules.