Federal information processing standard (FIPS 140-2) compliance in IBM BigFix Remote Control

The US Federal information processing standard 140-2 (FIPS 140-2) is a cryptographic function validation program that defines security standards for cryptographic modules that are used in IT software. In FIPS 140-2 mode, IBM® BigFix® Remote Control uses the FIPS 140-2 approved cryptographic providers; IBMJCEFIPS (certificate #1081), IBMJSSEFIPS (certificate 409), and OpenSSL FIPS Object Module (certificate #1747). The certificate for IBMJCEFIPS (certificate #1081) is held on the NIST website at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2009.htm#1081. The certificate for IBMJSSEFIPS (certificate 409) is held on the NIST website at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2004.htm#409. The certificate for OpenSSL FIPS Object Module (certificate #1747) is held on the NIST website at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747. To enable FIPS for IBM BigFix Remote Control you must configure all components, the server, controller, and target.

IBM BigFix Remote Control version 9.x.x uses:

IBM Java™ JCE FIPS 140-2 Cryptographic Module version 1.3.1 Tested as meeting Level 1 with Windows™ XP Professional SP2 operating system that uses IBM JVM 1.6 (single-user mode) FIPS-approved algorithms:

AES (Cert. #805);
DSA (Cert. #297);
HMAC (Cert. #445);
RNG (Cert. #463);
RSA (Cert. #387);
SHS (Cert. #803);
Triple-DES (Cert. #687).

IBM Java JSSE FIPS 140-2 Cryptographic Module version 1.1 Tested as meeting Level 1 with

Windows 2000 Professional SP3 operating system (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 operating system (JVM 1.4.1)
Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1)
AIX® 5.2 (JVM 1.3.1 and 1.4.1)
SuSE Linux™ Enterprise Server 8 (JVM 1.4.1_05)
Red Hat Linux Advanced Server 2.1(JVM 1.4.1_05)
IBM OS/400® V5R2M0 (JVM 1.4.1)
z/OSV1R4 (JVM 1.4.1)

FIPS-approved algorithms:

SHA-1 (Cert. #148);
Triple-DES (Cert. #163);
AES (Cert. #53);
DSA (Cert. #83);
RSA (PKCS#1, vendor affirmed);
HMAC-SHA-1 (Cert. #148, vendor affirmed);

OpenSSL FIPS Object Module version 2.0.2 Tested as meeting Level 1 with

Android
- Android 2.2 (gcc Compiler Version 4.4.0);
- Android 2.2 running on Qualcom QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0);
- Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0);
- Android 3.0 (gcc Compiler Version 4.4.0);
- Android 4.0 (gcc Compiler Version 4.4.3);
- Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3);
- Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6);
- Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6);
- Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6);
- Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6) (single-user mode).
Microsoft™ Windows 7
- Microsoft Windows 7 (32-bit) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00);
- Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00);
- Microsoft Windows 7 running on Intel™ Core i5-2430M (64-bit) with AES-NI (Microsoft® C/C++ Optimizing Compiler Version 16.00 for x64);
Microsoft Windows 2008
- Microsoft Windows 2008 running on Intel Xeon™ E3-1220v2 (32-bit under vSphere) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00 for 80x86);
- Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (Microsoft C/C++ Optimizing Compiler Version 16.00 for x64);
uCLinux 0.9.29 (gcc Compiler Version 4.2.1);
Fedora 14 running on Intel Core i5 with AES-NI (gcc Compiler Version 4.5.1);
HP-UX 11i (32 bit) (HP C/aC++ B3910B); HP-UX 11i (64 bit) (HP C/aC++ B3910B);
Ubuntu 10.04
- Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3);
- Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3);
- Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit) (gcc Compiler Version 4.1.3);
Linux
- Linux 2.6 (gcc Compiler Version 4.3.2);
- Linux 2.6.27 (gcc Compiler Version 4.2.4);
- Linux 2.6.32 (gcc Compiler Version 4.3.2);
- Linux 2.6.33 (gcc Compiler Version 4.1.0);
- Linux 2.6 (gcc Compiler Version 4.1.0);
VxWorks 6.8 (gcc Compiler Version 4.1.2);
Oracle Solaris
- Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3);
- Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3);
- Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2);
- Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2);
- Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (32 bit) (gcc Compiler Version 4.5.2);
- Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (64 bit) (gcc Compiler Version 4.5.2);
- Oracle Solaris 11 (32 bit) (Sun C Version 5.12); Oracle Solaris 11 (64 bit) (Sun C Version 5.12);
Oracle Linux
- Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2);
- Oracle Linux 5 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.1.2);
- Oracle Linux 6 (gcc Compiler Version 4.4.6);
- Oracle Linux 6 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.4.6);
CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5); CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5);
Apple iOS 5.1 (gcc Compiler Version 4.2.1);
Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM); Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM);
DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13);
NetBSD 5.1 (gcc Compiler Version 4.1.3);
RHEL 6
- RHEL 6 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (gcc Compiler Version 4.4.6);
- RHEL 6 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (gcc Complier Version 4.4.6);

FIPS-approved algorithms:

AES (Certs. #1884, #2116, and #2234);
DRBG (Certs. #157, #229, and #264);
DSA (Certs. #589, #661, and #693);
HMAC (Certs. #1126, #1288, and #1363);
RNG (Certs. #985, #1087, and #1119);
RSA (Certs. #960, #1086, and #1145);
SHS (Certs. #1655, #1840, and #1923);
Triple-DES (Certs. #1223, #1346, and #1398);
ECDSA (Certs. #264, #270, #315, #347 and #378);
CVL (Certs. #10, #12, #24, #36 and #49).