Enabling FIPS compliance over HCL Workload Automation for Z server SSL secured connection
Federal Information Processing Standard Security Requirements for Cryptographic Modules, referred to as FIPS 140-2, is a standard published by the National Institute of Standards and Technology (NIST). Organizations can require compliance to the FIPS 140-2 standard to provide protection for sensitive or valuable data to cryptographic-based security systems.
System SSL was designed to meet the Federal Information Processing Standard - FIPS 140-2 Level 1 criteria.
System SSL can run in either "FIPS mode" or "non-FIPS mode". By default, System SSL runs in "non-FIPS" mode.
HCL Workload Automation for Z uses the System SSL configuration. To run HCL Workload Automation for Z in "FIPS mode", you must enable FIPS compliance over System SSL connections.
- Ensure that FIPS-compliance over a SSL connection is enabled on the controller, as described in https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.gska100/fipss.htm.
- On the controller, set ENABLEFIPS to YES in the HTTPOPTS initialization statement.
- On the z-centric agent, ensure that the FIPS-compliance is enabled, as described in Configuring SSL to be FIPS-compliant.
- On the z-centric agent ensure that:
- SSL is configured, as described in Customizing the SSL connection with the Z controller when using your certificates (USS)
- In the ita.ini file, the
ssl_port
is set andfips_enable = 1
.