2.106 DBFIPS_140

DBFIPS_140 enables Transparent Data Encryption (TDE) and DBMS_CRYPTO PL/SQL package program units to run in a mode compliant to the Federal Information Processing Standard (subsequently known as "FIPS mode").

Property	Description
Parameter type	Boolean
Default value	FALSE
Modifiable	No
Modifiable in a PDB	No
Range of values	TRUE | FALSE
Basic	No
Oracle RAC	All instances must use the same value.

Values:

• TRUE

  Set this parameter to TRUE to use TDE and DBMS_CRYPTO in FIPS mode. This means that only FIPS-compliant algorithms may be used.

  This method of configuring FIPS mode is considered a legacy configuration, but it is still supported. Oracle recommends that you instead use the consolidated FIPS_140 parameter in the fips.ora file. See Oracle AI Database Security Guide for more information.

  Note that this parameter can be set to TRUE during a rolling RAC upgrade. However, verify that TDE is using a FIPS-compliant algorithm before making the change. If you are not using a FIPS-compliant algorithm and you set this parameter to TRUE, you will not be able to read the data.

• FALSE

  When this parameter is set to FALSE, all algorithms (FIPS-compliant or not) may be used. This is the default.

See Also:

Oracle AI Database Security Guide for a table that describes the effect of setting the value of DBFIPS_140 to TRUE or FALSE on different platforms