Compliance with HIPAA or FIPS Regulation

TIBCO MFT Platform Server for z/OS enforces HIPAA or FIPS 140 regulations as the security policy on initiated and responding data transfers.

HIPAA and FIPS 140 are government standards to certify cryptographic modules that are used to protect information and communications in electronic commerce within a security system. The secure system protects sensitive but unclassified information.

• If you set the security regulation to HIPAA, all files must be transferred by using SSL with the AES or Blowfish Long encryption type, which uses 128-bit or greater key length.
• If you set the security regulation to FIPS 140, all files must be transferred by using SSL with the AES encryption type, which uses 256-bit key length.

If the encryption type you specified to comply with the HIPAA or FIPS 140 security policy for data transfer is not valid, the encryption type is overridden and a message is displayed to inform you that a valid encryption type is used for data transfer. For example, if you use DES encryption for data transfers using HIPPA or FIPS 140 security policy, because DES is not a valid encryption algorithm for HIPAA and FIPS 140, DES encryption is overridden and a message is displayed to inform you that the encryption algorithm is changed to Blowfish Long or Rijndael (AES).

Platform Server SSL/TLS Support

Platform Server supports two different modes of SSL/TLS communication:

• TLS Mode: Platform Server initiates a TLS connection with the target Platform Server. Certificates are passed between the Client and Server and the certificates are validated. A Symmetric encryption key is transmitted between the client and the server. The SSL Connection is then terminated. Data is encrypted using the Symmetric key passed in the TLS Session. Sequence numbers and a message digest are added to each packet of data transmitted and are validated by the recipient. TLS mode is supported for all versions of Platform Server, Internet Server and Command Center.

• TLS Tunnel Mode: Platform Server initiates a TLS connection with the target Platform Server. Certificates are passed between the Client and Server and the certificates are validated. Transfer data is sent over the TLS session. All data is encrypted using the cipher selected during TLS Negotiation. Message digests and sequence numbers are added by the internal TLS protocol. TLS mode is supported for Platform Server V8 and above and for Internet Server and Command Center V8.1 and above. If you are using Platform Server to communicate over public lines, we suggest using TLS Tunnel mode.