Also ganz erschließt sich das für mich noch nicht. Es ist zu lesen, dass FIPS 140-2 zum 21.9.2026 auf die „Historical List“ geschoben wird. Aber was heißt das nun für die Datenbank? Ich muss bei einer Migration auf 26ai wirklich aufpassen, wenn ich TDE verweden:
If you use Transparent Data Encryption (TDE), then you must migrate your source database to AES encryption before starting your upgrade to Oracle AI Database. In Oracle AI Database, when you use Transparent Data Encryption (TDE) configured for the Federal Information Processing Standard (FIPS), only Advanced Encryption Standard (AES) ciphers AES-128, AES-192, and AES-256 are allowed. If your source Oracle Database is configured for the FIPS mode, and it is using any other algorithms to encrypt a column or a tablespace, then the column and tablespace must be rekeyed using AES before upgrade.
If you upgrade your source database and it is using desupported algorithms for encryption, then the upgraded database will either fail to start up, or encrypted tablespaces will not be available, because the database cannot decrypt tablespace keys. In that case, Oracle recommends that you downgrade your database, upgrade your encryption keys to the supported AES ciphers, and then restart the upgrade.
Quelle: Migrate from Non-AES Algorithms in FIPS Before Upgrade
Aber wird es auch zurück portiert?
The National Institute of Standards and Technology (NIST) will move FIPS 140-2 to the historical list on 21 September 2026. Oracle is transitioning from FIPS 140-2 to FIPS 140-3 validated cryptographic modules for Oracle AI Database 26ai and Oracle Database 19c. FIPS 140-3 desupports the 3DES (Triple Data Encryption Standard) encryption algorithms. In compliance with this change to the updated standard, Oracle Database is desupporting the use of 3DES for Oracle Database 19c when databases are configured to run in FIPS 140-3 compliant mode. Support for 3DES in FIPS -complaint databases is scheduled for removal in 2026 with Oracle Database 19c Release Update 19.32. Oracle AI Database 26ai already desupports 3DES for use when the database is configured for FIPS 140-3.Quelle: hDesupport of 3DES Encryption Algorithm for Databases in FIPS-Compliant Mode
Wichtig ist halt, dass in den Köpfen des IT Managment ankommt, das es etwas zuu tun gibt.