Java, Semeru Runtimes and Runtimes for Business

Continuing our strong tradition supporting the security needs of our customers, we are proud to announce that the IBM® SDK, Java™ Technology Edition, V8 and IBM® Semeru Runtimes (for Java 11, 17, 21 and onward) now include FIPS 140-3 cryptography certified by the U.S. National Institute of Standards and Technology (NIST) [1] that’s ready for production Java workload deployments.

IBM first made FIPS 140-3 cryptography available as a technology preview more than a year ago, and our users responded with helpful feedback on usage and configuration so that we could improve usability. With NIST certification, we are now able to make this capability generally available for production deployments on most platforms (with more to come).

The critical importance of FIPS 140 certified cryptography is underscored by David Jenkins, IBM Distinguished Engineer and CTO Federal Compliance:

“May 12, 2022 per E.O. 14028 re-enforced the requirement for FIPS Validated encryption and brought significant attention across agencies. FIPS Validated Encryption is one of the top security requirements that U.S. Federal Agencies ask about. Having FIPS 140-3 as a bundled capability in IBM SDK for Java 8 and IBM Semeru Runtimes for Java 11+ swings the door wide open and removes a blocker that prevented agencies from adopting our software.”

With this announcement, our users now have an all-in-one solution for FIPS 140-3 cryptography when running their production Java workloads. Some of the key features of the IBM FIPS 140-3 cryptography solution are:

• Single download (per platform) to run Java workloads and configure FIPS 140-3 cryptography

• Available in both IBM® Semeru Runtime™ Open Edition and Certified Edition

• Includes a broad set of FIPS 140-3 certified cryptography algorithms and ciphers

• With security profiles, cryptography use can be controlled at a fine granularity so that developers and administrators can build greater confidence in the compliance posture of their Java workloads

• Built with a NIST certified [1] high performance FIPS 140-3 native cryptographic library, IBM® Crypto for C, which is based on OpenSSL and available in open source as OpenCryptographyKitC [2].

• Commercial support available (but completely optional) with IBM® Runtimes for Business [3]

To learn more about how you can configure FIPS 140-3:

• IBM® SDK, Java™ Technology Edition, V8 (starting with 8.0.8.30):

• Download the latest releases at Java Information Manager (IBM Only Access) and IBM Support Pages

• Read about the IBMJCEPlusFIPS FIPS 140-3 JCE provider at https://ibm.biz/IBMSDK8FIPS

• IBM® Semeru Runtimes for Java 11+ (starting with 11.0.24.0, 17.0.12.0 and 21.0.4.0):

• Download the latest Open and Certified Edition releases at https://ibm.biz/GetSemeru

• Read about the open source OpenJCEPlusFIPS FIPS 140-3 JCE provider at https://ibm.biz/SemeruFIPS

With bundled NIST certified FIPS 140-3 cryptography, IBM® SDK, Java™ Technology Edition, V8 and IBM® Semeru Runtimes become your best Java runtime option to run production Java workloads securely, efficiently, and with stability, whether your workloads run on premises or in the cloud and whether you’re a small, medium, large, or huge business.

[1] https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4755

[2] https://github.com/IBM/OpenCryptographyKitC

[3] https://www.ibm.com/products/runtimes-for-business

#releaseannouncement #java #semeruruntimes #fips #fips140-3