Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Is my application "FIPS 140-2" compliant?

0

Hello,

I run Tomcat on an Amazon EC2 instance. It is Tomcat 8, and I installed it from the standard yum repository that Amazon provides. The machine is a few years old so it might not be a current Amazon Linux release. The version of Java appears to be "OpenJDK 1.8.0_382" and my SSL certificate is issued by "RapidSSL TLS RSA CA G1".

I'm not a security expert. My boss asked me if our system is FIPS 140-2 compliant. I don't really know what that means or how I would go about making this determination. Is it the certificate that determines this, or is it the encryption libraries in Java, or something else? Does it matter what the client is using to connect?

Thanks, Frank

Argomenti
ComputazionaliSviluppo Java
Tag
Amazon EC2CrittografiaSviluppo Java
Lingua
English
Frank
posta 4 mesi fa306 visualizzazioni
1 Risposta
0

Hi,

You have here a list of AWS services that are FIPS-compliant: https://aws.amazon.com/compliance/fips/

As you will see EC2 and its close services (Image Builder, etc.) are FIPS compliant. But, be careful: the compliance of your final global system strongly depends on the way the you configure the AWS services that you use and also how you configure your additional software (Tomcat, etc.)

Have a look at this ppt to understand more about a FIPS certification journey: https://d1.awsstatic.com/events/Summits/awsreinforce2023/DAP323_AWS-LC-FIPS-certification-journey-and-how-its-used-on-AWS.pdf

Best,

Didier

profile pictureAWS
ESPERTO
Didier_Durand
con risposta 4 mesi fa
profile picture
ESPERTO
Sedat Salman
verificato 4 mesi fa
profile picture
ESPERTO
Gary Mclean
verificato 4 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente