As revealed in this years IBM Connect – ID109 IBM® Notes® and Domino® – Security Strategy – Domino R9 is now FIPS 140-2 compliant

About time too !!

The presentation can be downloaded from here

http://www.socialbizug.org/communities/service/html/communityview?communityUuid=0b366f56-cdf9-43d0-a5d3-4b2b96d86598#fullpageWidgetId=W3467cdf91608_40f1_b9fd_d0d2dcf37b05&file=b40036cc-ea99-4f44-9a60-6c3a93016816

From – http://en.wikipedia.org/wiki/FIPS_140
The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules. As of December 2006, the current version of the standard is FIPS 140-2, issued on 25 May 2001

FIPS-140 – what’s that then and who cares?

The bottom line is that the US government wants to be able to encrypt their networks and the FIPS compliance structure was created to ensure that all parts of the government could do business with the same encryption rules – still sounds like a good idea. The Notes/Domino architecture was years ahead of its time in realizing this corporate need !

I worked as a contractor to the DoD some years ago and they shut down their entire Notes R6.5 Intranet (13 years in the making) because it was not FIPS compliant. They moved to SharePoint (which for the record was not FIPS complaint but got “grandfathered in”….) and ended up with significantly less functionality. Some were happy about some were incensed, but it happened and the reason was justifiable (to them at least).

This means that FIPS compliance can no longer be a convenient excuse as to why Notes should be dropped in favor of another technology and it also brings it back to the table as a viable option for deployment in a  secure environment.