Federal Information Processing Standards (FIPS) Compliance for Privacera Services¶
FIPS compliance is supported for fresh installations starting from Privacera Release 9.0.34.1
The Privacera Platform is designed to support compliance with Federal Information Processing Standards (FIPS) 140-2 and 140-3. It utilizes cryptographic modules validated by the NIST Cryptographic Module Validation Program (CMVP) and ensures that all cryptographic operations are performed using FIPS-approved algorithms. The platform architecture meets the stringent security requirements of federal agencies and security-conscious enterprises.
Our commitment to FIPS compliance is reflected in a multi-layered security architecture. All cryptographic functions are executed using FIPS-enabled providers and approved algorithms, including AES (128-, 192-, or 256-bit) for data encryption and PBKDF2 with HMAC-SHA256 for secure password hashing. Service-to-service and client-server communications are protected with enforced TLS 1.2 and TLS 1.3 protocols, mitigating downgrade risks.
Privacera’s FIPS-compliant environment supports standard X.509 certificates with FIPS-approved keys (RSA 2048+ bits, ECDSA) and signature algorithms from the SHA-2 family. It is compatible with standard keystore formats, including PKCS12 and JCEKS.
EKS Support Only
FIPS compliance is currently supported only for deployments on Amazon Elastic Kubernetes Service (EKS)
Supported Applications¶
The following Privacera applications support FIPS-compliant cryptography:
Service Name | FIPS Enabled |
---|---|
Portal | |
Ranger | |
DataServer | |
UserSync | |
Audit Server | |
Audit Fluentd | |
Databricks Unity Catalog (Connector) | |
Snowflake (Connector) | |
Solr | |
Zookeeper | |
Diagnostics Tool | |
Discovery | |
PEG (Encryption) | |
OPS-server | |
All Other Connectors |
Configuration¶
To enable FIPS mode using Privacera Manager, follow these steps:
Step 1: SSH into the Privacera Instance¶
Access the instance where Privacera is installed using SSH.
Step 2: Navigate to the Privacera Manager Directory¶
Run the following command to change to the Privacera Manager directory:
Bash | |
---|---|
Step 3: Copy the Sample FIPS Configuration File to the Custom Configuration Directory¶
Check if the file vars.fips.yml
already exists. If it does, compare and merge any new or updated properties from the sample file:
Bash | |
---|---|
If the file does not exist, copy the sample configuration file: vars.fips.yml
Bash | |
---|---|
Deploying the Service¶
Step 1 - Setup which generates the helm charts. This step usually takes few minutes.
Step 2 - Apply the Privacera Manager helm charts. Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.- Previous: Advanced Configuration