My Oracle Support Banner

How To Setup Federal Information Processing Standard (FIPS) standard for 140-2 Using FIPS.ORA On Single Instance and On RAC ( Real Application Cluster) (Doc ID 2250070.1)

Last updated on SEPTEMBER 03, 2018

Applies to:

Oracle Database - Enterprise Edition - Version 11.1.0.6 to 12.2.0.1 [Release 11.1 to 12.2]
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Information in this document applies to any platform.

Goal

This article demonstrates how to enable Federal Information Processing Standard (FIPS) standard for 140-2 through FIPS.ORA in Single Instance and In RAC ( Real Application Cluster )

 

You can refer following documentation links for references.

 

1) Oracle database 11G Release 1 

 

2) Oracle database 11G Release 2

 

3) Oracle database 12C Release 1

 

4) Oracle database 12C Release 2 

 

More about FIPS ?

The FIPS 140-2 cryptographic libraries are designed to protect data at rest and in transit over the network.

You can configure Oracle Database for the Federal Information Processing Standard (FIPS), for the current standard, 140-2. FIPS is a U.S. government standard that defines security requirements for cryptographic modules.

Oracle Database uses these cryptographic libraries for Secure Sockets Layer (SSL), Transparent Data Encryption (TDE), and DBMS_CRYPTO PL/SQL package.

To verify the current status of the certification, you can find information at the Computer Security Resource Center ( CSRC ) Web site address from the National Institute of Standards and Technology:

http://csrc.nist.gov/groups/STM/cmvp/validation.html

 

Requirements to configure the FIPS on Database Side

 

1) The DBFI0PS_140 initialization parameter should be set to TRUE ; This is a static parameter and hence requires the restart of the database.

                     DBFI0PS_140=TRUE

2)

          For example, to set SSLFIPS_140 to TRUE:

                       SSLFIPS_140=TRUE

Note: The SSLFIPS_140 parameter replaces the SQLNET.SSLFIPS_140 parameter used in Oracle Database 10g release 2 (10.2). You must set the parameter in the fips.ora file, and not the sqlnet.ora file.

 

3) SSL Cipher Suites ; we will use SSL_RSA_WITH_3DES_EDE_CBC_SHA in our example following suites for FIPS 140-2 are available.

 

 4) listener is configured using SSL i.e. TCP/IP with SSL (TCPS) protocol 

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.