1. System Overview
  2. What's New in Oracle Exadata Database Machine
  3. New Features for Oracle Exadata System Software Release 12.x
  4. What's New in Oracle Exadata Database Machine 12c Release 1 (12.1.2.1.0)
  5. Federal Information Processing Standards (FIPS) 140-2 Compliant Smart Scan

9.6.20 Federal Information Processing Standards (FIPS) 140-2 Compliant Smart Scan

The U.S. Federal Information Processing Standard (FIPS) 140-2 specifies security requirements for cryptographic modules. To support customers with FIPS 140-2 requirements, Oracle Exadata version 12.1.2.1.0 can be configured to use FIPS 140-2 validated cryptographic modules. These modules provide cryptographic services such as Oracle Database password hashing and verification, network encryption (SSL/TLS and native encryption), as well as data at rest encryption (Transparent Data Encryption).

When Transparent Data Encryption is used and Oracle Database is configured for FIPS 140 mode, Oracle Exadata Smart Scan offloads will automatically leverage the same FIPS 140 validated modules for encryption and decryption operations of encrypted columns and encrypted tablespaces.

Starting with Oracle Database release 12.1.0.2.0, the database parameter DBFIPS_140 controls the FIPS 140 cryptographic processing mode inside the Oracle Database and Exadata Storage Server.

For example, you can use the following SQL command to enable FIPS 140 mode:

SQL> ALTER SYSTEM SET DBFIPS_140=TRUE SCOPE=BOTH;

The following hardware components are now FIPS compliant with the firmware updates in the specified releases:

  • Oracle Server X5-2 and later systems are designed to be FIPS 140–2 compliant

  • Oracle Sun Server X4-8 with ILOM release 3.2.4

  • Sun Server X4-2 and X4-2L with SW1.2.0 and ILOM release 3.2.4.20/22

  • Sun Server X3-2 and X3-2L with SW1.4.0 and ILOM release 3.2.4.26/28

  • Sun Server X2-2 with SW1.8.0 and ILOM release 3.2.7.30.a

  • Cisco Catalyst 4948E-F Ethernet Switch

FIPS compliance for V1, X2-* and database node X3-8 generations of Exadata Database Machine Servers is not planned.

Minimum software: Oracle Database release 12.1.0.2.0 BP3, Oracle Database release 11.2.0.4 with MES Bundle on Top of Quarterly Database Patch For Exadata (APR2014 - 11.2.0.4.6), Oracle Exadata Storage Server Software release 12.1.2.1.0, ILOM 3.2.4.

See Also:

Oracle Database Security Guide for additional information about FIPS

Parent topic: What's New in Oracle Exadata Database Machine 12c Release 1 (12.1.2.1.0)