webMethods Integration Server embeds the Entrust Authority Security Toolkit for Java 8 and BouncyCastle library, which has obtained FIPS 140-2 validation. FIPS (Federal Information Processing Standards) provides standards for information processing for use within the Federal government. The policy for Version 8 is available at the following:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1839

Many government and financial organizations require that their software be FIPS 140-2 compliant, which follows the current standards and guidelines for cryptographic information processing.

Running Integration Server in FIPS 140-2-compliant mode ensures that it only uses FIPS compliant algorithms in the FIPS compliant modes. You can enable FIPS mode by setting the following extended setting on the Integration Server:

watt.security.fips.mode=true

Refer to Server Configuration Parameters for a detailed description of this server configuration parameter. Also, refer to Working with Extended Configuration Settings for instructions on viewing and updating extended settings for the Integration Server.

Refer to the Entrust Cryptographic Module Security Policy document and the Security Policy for the Legion of the Bouncy Castle Inc., FIPS Java API Module document for other security requirements such as secure design, implementation, and operation of a cryptographic module.

FIPS mode encryption is only applicable to HTTPS or FTPS communications and S/MIME encryption/signing. FIPS Entrust encryption/signing is used for HTTPS or FTPS and FIPS BouncyCastle encryption/signing is used for S/MIME communications.