From c70891efdd961a5d88e6a9d121622f68d502fe4c Mon Sep 17 00:00:00 2001 From: Adam Locke Date: Thu, 8 Sep 2022 15:41:47 -0400 Subject: [PATCH 1/2] [DOCS] Update FIPS verbiage for the bundled JVM --- x-pack/docs/en/security/fips-140-compliance.asciidoc | 10 ++++++---- x-pack/docs/en/security/fips-java17.asciidoc | 3 ++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/x-pack/docs/en/security/fips-140-compliance.asciidoc b/x-pack/docs/en/security/fips-140-compliance.asciidoc index c34e9e8e92cfd..ca09baa2c337b 100644 --- a/x-pack/docs/en/security/fips-140-compliance.asciidoc +++ b/x-pack/docs/en/security/fips-140-compliance.asciidoc @@ -8,14 +8,16 @@ government computer security standard used to approve cryptographic modules. {es} offers a FIPS 140-2 compliant mode and as such can run in a FIPS 140-2 configured JVM. -IMPORTANT: The JVM bundled with {es} is not configured for FIPS 140-2. You must -either configure the bundled JVM to run with a FIPS 140-2 certified Java -Security Provider or use an external JVM configured for FIPS 140-2. +IMPORTANT: The JVM bundled with {es} is not configured for FIPS 140-2. You must +configure an external JDK with a FIPS 140-2 certified Java Security Provider. +Refer to the {es} +[JVM support matrix](https://www.elastic.co/support/matrix#matrix_jvm) for +supported JVM configurations. After configuring your JVM for FIPS 140-2, you can run {es} in FIPS 140-2 mode by setting the `xpack.security.fips_mode.enabled` to `true` in `elasticsearch.yml`. -For {es}, adherence to FIPS 140-2 is ensured by +For {es}, adherence to FIPS 140-2 is ensured by: - Using FIPS approved / NIST recommended cryptographic algorithms. - Delegating the implementation of these cryptographic algorithms to a NIST diff --git a/x-pack/docs/en/security/fips-java17.asciidoc b/x-pack/docs/en/security/fips-java17.asciidoc index 0cfb8f1a7f0c6..8369f6d0b24b0 100644 --- a/x-pack/docs/en/security/fips-java17.asciidoc +++ b/x-pack/docs/en/security/fips-java17.asciidoc @@ -5,5 +5,6 @@ If you run in FIPS 140-2 mode, you will either need to request an exception from your security organization to upgrade to {es} {version}, or remain on {es} 7.x until Java 17 is certified. ifeval::["{release-state}"=="released"] -Alternatively, consider using {ess} in the FedRAMP-certified GovCloud region. +Alternatively, consider using {ess} in the +[FedRAMP-certified GovCloud region](https://www.elastic.co/industries/public-sector/fedramp). endif::[] \ No newline at end of file From 59da7c6e5e81ae547e35a0e76ec821a70336eb4f Mon Sep 17 00:00:00 2001 From: Adam Locke Date: Thu, 8 Sep 2022 16:12:06 -0400 Subject: [PATCH 2/2] Fix links (this isn't Markdown) --- x-pack/docs/en/security/fips-140-compliance.asciidoc | 2 +- x-pack/docs/en/security/fips-java17.asciidoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/docs/en/security/fips-140-compliance.asciidoc b/x-pack/docs/en/security/fips-140-compliance.asciidoc index ca09baa2c337b..785c720dba407 100644 --- a/x-pack/docs/en/security/fips-140-compliance.asciidoc +++ b/x-pack/docs/en/security/fips-140-compliance.asciidoc @@ -11,7 +11,7 @@ configured JVM. IMPORTANT: The JVM bundled with {es} is not configured for FIPS 140-2. You must configure an external JDK with a FIPS 140-2 certified Java Security Provider. Refer to the {es} -[JVM support matrix](https://www.elastic.co/support/matrix#matrix_jvm) for +https://www.elastic.co/support/matrix#matrix_jvm[JVM support matrix] for supported JVM configurations. After configuring your JVM for FIPS 140-2, you can run {es} in FIPS 140-2 mode by diff --git a/x-pack/docs/en/security/fips-java17.asciidoc b/x-pack/docs/en/security/fips-java17.asciidoc index 8369f6d0b24b0..ee1c9bf15eba0 100644 --- a/x-pack/docs/en/security/fips-java17.asciidoc +++ b/x-pack/docs/en/security/fips-java17.asciidoc @@ -6,5 +6,5 @@ an exception from your security organization to upgrade to {es} {version}, or remain on {es} 7.x until Java 17 is certified. ifeval::["{release-state}"=="released"] Alternatively, consider using {ess} in the -[FedRAMP-certified GovCloud region](https://www.elastic.co/industries/public-sector/fedramp). +https://www.elastic.co/industries/public-sector/fedramp[FedRAMP-certified GovCloud region]. endif::[] \ No newline at end of file