Previous Topic: Before You Switch the FIPS ModeNext Topic: How to Switch to FIPS-Preferred Mode

Client Automation Security FeaturesFIPS-Compliant CryptographyHow to Switch to FIPS-Only Mode

How to Switch to FIPS-Only Mode

Switching the Client Automation infrastructure to FIPS-only mode allows the use of only FIPS-compliant cryptography. After you switch to the FIPS-only mode, the components cannot communicate with r12 components.

Note: We recommend that you use the FIPS-preferred mode until you are ready to use only FIPS-compliant cryptography.

The following process describes the steps for switching your Client Automation infrastructure to FIPS-only mode:

Note: The steps pertaining to an enterprise manager apply only if you have a Client Automation enterprise manager in your environment.

  1. Verify that all the DSM components have been upgraded to Release 12.9.
  2. Update all OS and boot images to FIPS-compliant format. For more information about updating images, see the OS Installation Management Administration Guide.
  3. Run the conversion utility on the enterprise manager. The utility converts global OSIM configuration policies to FIPS‑compliant format, and distributes managed values and parameter definitions to all the domain managers.
  4. Check the Event Log on the enterprise manager to verify that the policy has been successfully replicated to all the domain managers.
  5. Run the conversion utility on the domain managers. The utility converts local OSIM configuration policies and distributes managed values to all the components in Client Automation infrastructure.
  6. Modify the default configuration policy on the enterprise manager to switch to FIPS-only mode.

    Note: Changing the FIPS mode through custom configuration policies is not recommended.

  7. Check the Event Log on the enterprise manager to verify that the policy has been successfully replicated to all the domain managers.
  8. If you do not have an enterprise manager, modify the default configuration policy on the domain managers to switch to the FIPS-only mode.

Note: You must restart CAF for the FIPS mode to take effect.

More information:

Supported FIPS Modes

Run the Conversion Utility

Modify the Configuration Policy to Change the FIPS Mode