DoloresLopez
commented
5 years ago @jtmulvey Is this just for JAVA? If it is, how about any of the other runtimes?
Open jtmulvey opened 5 years ago
DoloresLopez
commented
5 years ago @jtmulvey Is this just for JAVA? If it is, how about any of the other runtimes?
jtmulvey
commented
5 years ago @DeloresLopez No, actually there is a RHEL Kernel option to run containers in FIPS120-2 mode. We need to set the fips=1 kernel option as documented here. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations#sec-Enabling-FIPS-Mode. Will create a child issue to do this and link it back to this Epic.
Kabanero and Appsody components will need to be FIPS 140-2 compliant in order for US government/federal agencies to use it. All the components we develop that are part of collections admin and eventing for the pipeline will need to be supported under a FIPS 140 compliant runtime. For the Java components this means running on the IBM Java SE 8 JDK -as it's the only realistic FIPS 140-2 compliant JDK.
When the Java security team completes the support for FIPS in the openJ9 implementation we will have this support.