Collectively, FIPS (Federal Information Processing Standard) refers to U.S. government standards regulations, where in particular, FIPS 140 governs the use of encryption and cryptographic services used by hardware and software. To meet FIPS 140 accreditation, cryptographic modules undergo a thorough certification process by NIST (National Institute of Standards and Technology) to ensure that all cryptographic algorithms adhere to the government security guidelines. The current version of FIPS 140 is version 2, widely known as FIPS 140-2.

One of the features introduced in NiagaraAX 3.8 is a FIPS 140-2 compliant mode for stations. When running in “FIPS mode”, stations only use cryptographic algorithms supplied by a FIPS-certified cryptographic module.

NiagaraAX’s FIPS feature employs the JCA (Java Cryptography Architecture), which allows cryptographic algorithms to be requested without relying directly on a specific security provider. Instead, requests for specific algorithms go through an ordered list of installed providers, selecting the algorithm from the first provider with an implementation. Additional security providers may be installed as needed; similarly, undesired providers may be removed.

In AX-3.8, all NiagaraAX requests for cryptographic algorithms go through the JCA.

In order to upgrade legacy (pre-AX-3.8) stations, and because of certain required Java core functions, a small number of non-FIPS approved algorithms are still available. These are listed in this document’s Developers notes on FIPS subsection, Disallowed algorithms. NiagaraAX developers should note that although these algorithms are accessible through JCA calls, their use is not allowed in a FIPS environment—unless (for example) used to upgrade legacy systems.