FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0
©SkyhighNetworks
Page19of20
3 GuidanceandSecureOperation
3.1 CryptoOfficerGuidance
3.1.1 SoftwareInstallation
Themoduleisprovideddirectlytosolutiondevelopersandisnotavailablefordirectdownloadtothe
generalpublic.Themoduleanditshostapplicationistobeinstalledonanoperatingsystemspecifiedin
Section2.5oronewhereportabilityismaintained.
InordertoremaininFIPS-approvedmode,thefollowingstepsmustbetakenduringtheinstallation
process:
1. TheJavaCryptographyExtension(JCE)UnlimitedStrengthJurisdictionPolicyFiles7mustbe
installedintheJRE.Instructionsforinstallationarefoundinthedownloadfilelocatedhere:
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
2. ThemodulemustbeconfiguredastheJRE'sdefaultSecurityProviderbymodifyingthe
jre/lib/security/java.securityfileandaddingthefollowinglinetothelistofproviders:
security.provider.1=
com.safelogic.cryptocomply.jce.provider. Provider
3.1.2 AdditionalRulesofOperation
1. Thewritablememoryareasofthemodule(dataandstacksegments)areaccessibleonlybythe
applicationsothattheoperatingsystemisin"singleuser"mode,i.e.onlytheapplicationhas
accesstothatinstanceofthemodule.
2. Theoperatingsystemisresponsibleformultitaskingoperationssothatotherprocessescannot
accesstheaddressspaceoftheprocesscontainingthemodule.
3.2 UserGuidance
3.2.1 GeneralGuidance
Themoduleisnotdistributedasastandalonelibraryandisonlyusedinconjunctionwiththesolution.
TheenduseroftheoperatingsystemisalsoresponsibleforzeroizingCSPsviawipe/securedelete
procedures.
Ifthemodulepowerislostandrestored,thecallingapplicationcanresettheIVtothelastvalueused.