MULE –FIPS 140-2 Compliance Support

2

Overview

As of Mule 3.5.0, Mule ESB can be configured to run in a FIPS 140-2

certified environment. Note that Mule does not run in FIPS security mode

by default. There are two requirements:

Have a certified cryptography module installed in your Java environment

Adjust Mule ESB settings to run in FIPS security mode

3

Assumptions

This document assumes that you are familiar with FIPS 140-2, the US government security standard that requires that compliant parties use only cryptographic security modules that have been certified by NIST. This document also assumes that you have selected and obtained a certified security module.

4

Setting Up a FIPS 140-2 Java Environment

Mule relies on the Java runtime to provide a FIPS-compliant security module, which is why the first requirement is to have a FIPS 140-2 Java environment properly set up. If you are setting up your system for FIPS compliance for the first time and you have not already configured a certified security provider, you must first select and obtain one, then set up your Java environment following the instructions specific to your selected provider.

5

Details for this process vary according to your selected security provider Please refer to the documentation for your security provider for complete instructions.

Example Setup Instructions Using RSA’s BSAFE JCE Provider

6

The following example demonstrates how to install and configure RSA’s BSAFE JCE provider.

Install the required jar files into the $JAVA_HOME/lib/ext folder, as shown.

7

Register the security provider in the security properties in the $JAVA_HOME/lib/security folder. Open the java.security file to add your provider’s class as the first item in the list of providers already present. In the example shown below, this is com.rsa.jsafe.provider.JsafeJCE

8

Running Mule in FIPS Security Mode

Next, set up your Mule instances to work in a FIPS 140-2-compliant environment by updating the configuration of the wrapper that launches the Mule application server.

Open your wrapper.conf file (located in $MULE_HOME/conf folder).

Uncomment the line that sets Mule to work in FIPS security mode, as shown. Be sure to replace the <n> with the next sequential number in your wrapper.conf file.

Save.

Thank You