Skip to Content

FIPS compliance in Jitterbit App Builder

The National Institue of Standards and Technology (NIST) defines the Federal Information Processing Standards (FIPS).

FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce.

App Builder is a .NET application. The following page states Microsoft's position on FIPS-compliance with regards to .NET:

https://docs.microsoft.com/en-us/dotnet/standard/security/fips-compliance

In the context of App Builder, FIPS-compliance restricts the use of cryptograpy to:

  • FIPS-validated cryptographic libraries.
  • FIPS-approved cryptographic algorithms and key sizes.

Cryptography includes:

  • Random number generation
  • Hashing
  • Encryption
  • Digital Signatures
  • Certificate storage and encoding

Configuration

App Builder does not require any special configuration to enable FIPS-compliance.

App Builder itself does not implement any cryptographic algorithms. App Builder delegates all cryptographic operations to the host operating system. If the host operating system is properly configured, App Builder will use FIPS-validated implementations.

App Builder generates security tokens using only FIPS-approved algorithms. Where possible, App Builder asserts that third-party security tokens, such as digital signatures, use only FIPS-approved algorithms.

Enabling FIPS on Windows

On Windows, the Use FIPS-compliant algorithms for encryption, hashing, and signing system policy enables FIPS-mode.

Enabling FIPS on Linux

Linux has no equivalent to the Windows FIPS system policy. Enabling FIPS on Linux varies by distribution and is outside the scope of this document. The following links provide a starting point for several distributions:

Ultimately, .NET delegates to OpenSSL. Therefore, a FIPS-validated implementation of OpenSSL must be installed. Furthermore, OpenSSL must be configured to run in FIPS-mode by, e.g., setting the OPENSSL_FIPS environment variable.

Uses of cryptography

App Builder uses cryptography in various subsystems, including: