Compliance with HIPAA or FIPS Regulation

TIBCO MFT Platform Server for IBM i enforces HIPAA or FIPS 140 regulations as the security policy on initiated and responding data transfers. HIPAA and FIPS 140 are government standards to certify cryptographic modules that are used to protect information and communications in electronic commerce within a security system.

The secure system protects sensitive but unclassified information.
  • If you set the security regulation to HIPAA, all files must be transferred by using SSL with the Blowfish Long or AES encryption, which uses 128-bit or greater key length.
  • If you set the security regulation to FIPS 140, all files must be transferred by using TLS with the AES encryption type, which uses 256-bit key length.

If the encryption type you specified to comply with the HIPAA or FIPS 140 security policy for data transfer is not valid, the encryption type is overridden and a message is displayed to inform you that a valid encryption type is used for data transfer. For example, if you use DES encryption for data transfers using HIPPA or FIPS 140 security policy, because DES is not a valid encryption algorithm for HIPAA and FIPS 140, DES encryption is overridden and a message is displayed to inform you that the encryption algorithm is changed to Blowfish Long or Rijndael (AES).