Advancing security with FIPS 140-3 compliance
FIPS is a U.S. government security standard that defines security requirements for cryptographic modules used to protect sensitive information. FIPS 140-3 is the latest version of the U.S. and Canadian government security standard that defines security requirements for cryptographic modules in IT and telecommunications products. Its purpose is to ensure that products handling sensitive data via cryptography are secure and reliable. Federal agencies must use FIPS 140-3 validated modules. It is also widely adopted by defence contractors and financial institutions.
The introduction of FIPS 140-3 compliance ensures a robust and secure automation solution. This significant enhancement enables organizations, particularly those in regulated industries and federal sectors, to leverage HCL Workload Automation while adhering to stringent U.S. government security standards for cryptographic modules.
HCL Workload Automation now natively supports FIPS 140-3 by restricting cryptographic algorithms to the permitted subset, ensuring that data protection mechanisms align with these rigorous specifications, while carefully managing necessary, FIPS-permitted exceptions during transition.
- FIPS activation
- Configures the environment for FIPS 140-3 operation. This includes verifying compatibility (for example with Windows users) and converting any existing passwords stored with the older TripleDES algorithm to the FIPS-approved AES encryption standard. It then activates FIPS flags across essential configuration files and restarts the affected components. The activation process can accommodate transitional phases for algorithms like TripleDES, as permitted, before full conversion.
- FIPS deactivation
- Reverts the FIPS-specific settings in the aforementioned configuration files and restarts the components, should FIPS mode need to be disabled.
- Enhanced Security Standards
- Operate your environment in alignment with rigorous, federally mandated cryptographic standards.
- Simplified Regulatory Adherence
- Enable organizations in government, finance, healthcare, and other regulated sectors to confidently deploy HCL Workload Automation.
- Dedicated Compliance Management
- Utilize the secure script for straightforward and centralized control over FIPS activation and deactivation.
- Robust Data Protection
- Ensure sensitive data, particularly passwords, are protected using FIPS-validated encryption algorithms like AES.
- Flexible and Controlled Migration
- Benefit from a clear process for enabling FIPS in new or existing environments, with guidance for migrating older FIPS-configured setups.
With FIPS 140-3 compliance, HCL Workload Automation provides an even more secure and trustworthy platform, empowering you to meet demanding security requirements while automating your critical business processes.
To ensure FIPS compliance, all HCL Workload Automation components must be at
version 10.2.5 or later, certificates must employ at least a robust 2K RSA key and use
encryption algorithms different from MD5-RSA and
SHA1-RSA. FIPS is supported on all supported
operating systems with the exception of IBM i operating systems.
FIPS mode is primarily for meeting specific government security standards. If your organization does not need to enable it, the product continues to deliver robust security without it. If your organization does not requires adhering to FIPS, you can install or upgrade as usual and FIPS will not be enabled in your environment.
When you perform a fresh installation, FIPS is disabled by default: you can enable it by setting the enablefips parameter to true when running the installation commands. When you upgrade from a previous version, HCL Workload Automation checks your current FIPS settings and applies the same settings in the upgraded environment. Before you start the upgrade, ensure your certificates meet FIPS 140-3 standards. FIPS is supported on all supported operating systems with the exception of IBM i operating systems.
For more information about FIPS, see Enabling and disabling FIPS.