Supporting FIPS 140-2

With the recent release of Caché and Ensemble 2017.1, InterSystems customers can now create configurations where the data-at-rest cryptographic library used is compliant with FIPS 140-2.

Caché and Ensemble now provides you with the option to enable FIPS mode on RedHat 6.6, 7.1 on x86-64. This means is, that InterSystems products will no longer use the supplied crypto libraries that come with the kit, but will use the FIPS validated libraries provided by the Operating Systems vendor.

To configure your system, RedHat must operating in FIPS mode. This can be done be following the steps provided by RedHat. This process should also create symbolic links to the two libraries that will now be used: libssl.so.1.0.1e and libcrypto.so.1.0.1e.

In the /usr/lib64 directory:

            libssl.so should point to libssl.so.1.0.1e

            libcrypto.so should point to libcrypto.so.1.0.1e

Once you have done this you only need to enable FIPS mode in Caché or Ensemble. During startup, the instance will check if all the required components are in place to successfully perform Data-at-Rest encryption. Data –at-Rest encryption includes Database encryption, Journal files and Write-Image-Journal files.

For more detailed information on how to use Caché or Ensemble in FIPS compliant mode, please consult our product documentation:

http://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=AFIPS