Client Automation supports FIPS-compliant cryptography in two modes—FIPS-preferred and FIPS-only. The two modes are applicable for storage and verification of passwords, and the communication of all sensitive data between components of CA products, and between CA products and third-party products.
Refers to the mode that provides backward-compatibility with the previous releases of Client Automation. In this mode, the Release 12.9 components use FIPS‑compliant cryptography while communicating to another Release 12.9 component. However, when they communicate with the components of previous releases, they may use security functions that are not FIPS-compliant to support backward-compatibility. While FIPS-preferred is the default mode for new installations, it is the only supported mode for upgrades.
Note: After you have upgraded all the DSM components in your environment, you can switch to FIPS-only mode.
Refers to the mode that uses only the FIPS-compliant techniques for cryptography. Use this option for new Client Automation installations. This mode is not backward-compatible with the previous releases of Client Automation.
Note: After you switch to FIPS-only mode, the components cannot use legacy cryptography. You can switch back to FIPS-preferred mode if necessary.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|