FIPS 140-2 compliance
Federal Information Processing Standards (FIPS) are publicly announced standards developed by the National Institute of Standards and Technology for use in computer systems by non-military American government agencies and government contractors. You can configure CDP Private Cloud Base to use FIPS-compliant cryptography.
To install and configure a CDP cluster that is FIPS-compliant, see Installing and Configuring CDP with FIPS. In combination with AutoTLS, the cluster will use BouncyCastle FIPS Keystore (BCFKS) across all the components.
- CFM is compatible with a FIPS 140-2 compliant environment.
- CFM can run on an OS with FIPS turned on and can use FIPS-compliant crypto libraries.
- By default, the KeyStore and TrustStore are in Java KeyStore (JKS) format. This format is not FIPS compliant.
- By default, NiFi dataflows are not FIPS compliant. You must specifically design a dataflow to be FIPS compliant.
- You can encrypt NiFi sensitive properties, such as the password for a database connection pool service, with a secret key generated by the FIPS 140-2 approved PBKDF2 algorithm. For information on how to do this, see Encrypting NiFi sensitive properties with FIPS 140-2 approved algorithm.
For the National Institute of Standards and Technology publication, see FIPS 140-2 Security Requirements for Cryptographic Modules.