Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Is my application "FIPS 140-2" compliant?

0

Hello,

I run Tomcat on an Amazon EC2 instance. It is Tomcat 8, and I installed it from the standard yum repository that Amazon provides. The machine is a few years old so it might not be a current Amazon Linux release. The version of Java appears to be "OpenJDK 1.8.0_382" and my SSL certificate is issued by "RapidSSL TLS RSA CA G1".

I'm not a security expert. My boss asked me if our system is FIPS 140-2 compliant. I don't really know what that means or how I would go about making this determination. Is it the certificate that determines this, or is it the encryption libraries in Java, or something else? Does it matter what the client is using to connect?

Thanks, Frank

Temas
CálculoDesarrollo Java
Etiquetas
Amazon EC2CriptografíaDesarrollo Java
Idioma
English
Frank
preguntada hace 4 meses305 visualizaciones
1 Respuesta
0

Hi,

You have here a list of AWS services that are FIPS-compliant: https://aws.amazon.com/compliance/fips/

As you will see EC2 and its close services (Image Builder, etc.) are FIPS compliant. But, be careful: the compliance of your final global system strongly depends on the way the you configure the AWS services that you use and also how you configure your additional software (Tomcat, etc.)

Have a look at this ppt to understand more about a FIPS certification journey: https://d1.awsstatic.com/events/Summits/awsreinforce2023/DAP323_AWS-LC-FIPS-certification-journey-and-how-its-used-on-AWS.pdf

Best,

Didier

profile pictureAWS
EXPERTO
Didier_Durand
respondido hace 4 meses
profile picture
EXPERTO
Sedat Salman
revisado hace 4 meses
profile picture
EXPERTO
Gary Mclean
revisado hace 4 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante