FIPS Compliance in Unified Assurance
Learn about Federal Information Processing Standards (FIPS) standards and how Oracle Communications Unified Assurance operates in a FIPS 140-2 compliant environment.
About FIPS
FIPS standards are U.S. government computer security standards used to validate cryptographic modules that include both software and hardware components. FIPS standards are designed to protect the sensitive data and systems used by U.S. government agencies, contractors, and vendors by ensuring that access to the data is secured and data is encrypted and decrypted appropriately.
About FIPS 140-2 Compliance in Unified Assurance
Oracle Linux 8 contains a set of cryptographic libraries, services, and user-level cryptographic applications that are validated at FIPS 140-2 level 1. When you install Unified Assurance on a FIPS-enabled Oracle Linux 8 system, the application layers, databases, and third party tools all run in a hardened mode that conforms to FIPS security standards.
In FIPS mode, all Unified Assurance cryptography is routed through the Oracle Linux 8 OpenSSL Cryptographic Module. The module contains shared libraries and hash-based message authentication code (HMAC) files, and ensures that data being stored and passed between the application in the user space and the system's kernel space is properly secured and encrypted.
See "FIPS 140-2 Compliance in Oracle Linux 8" in Oracle Linux 8 Enhancing System Security for information about how Oracle Linux 8 supports FIPS 140-2 compliance and how to configure a system in FIPS mode.
For more details about Oracle products with FIPS certifications, including security policy documents that outline approved security functions, see the FIPS certifications page of the Oracle Software Security Assurance website: