Customers frequently ask whether Oracle E-Business Suite is certified with the FIPS standards.
The Federal Information Processing Standards (FIPS) Publication 140-2 defines US Federal standards for cryptographic-based security systems. FIPS Publications are issues by the National Institute of Standards and Technology (NIST).
From our Oracle E-Business Suite Security FAQ (Note 2063486.1)
The cryptographic modules in Oracle E-Business Suite currently cannot be considered FIPS certified. Some elements of the Oracle E-Business Suite Release 12.1.3 technology stack have been FIPS certified; however, some of the cryptographic libraries that are used by Oracle E-Business Suite have not been FIPS certified. Additionally, some of the cryptographic libraries that have been FIPS certified have had patches issued since certification, which technically takes them out of compliance.
Specifically, the cryptographic libraries that Oracle HTTP Server (OHS) uses for SSL/TLS traffic were FIPS certified. However, there have been a variety of security and non-security related patches in that area that technically take it out of compliance, and it has not been recertified since those patches have been issued. Oracle E-Business Suite also makes use of other cryptographic libraries for variety of usages that have not been FIPS certified. Oracle does not currently plan to certify all of the cryptographic libraries currently used by Oracle E-Business Suite.