The FIPS operational mode can have an effect on the following CA ControlMinder UNIX features:
|
Feature |
Non-FIPS Mode |
FIPS Mode |
|---|---|---|
|
PMD update file encryption |
Default symmetric key encryption (two-way) |
Disabled |
|
Trusted Programs |
CAPKI SHA-1 and MD5 |
CAPKI SHA-1 only |
|
Bidirectional password encryption |
Default symmetric key encryption |
Disabled |
|
Unidirectional password encryption |
Operating system's crypt/bigcrypt method |
Operating system's crypt/bigcrypt method |
|
PMD TNG command |
Default symmetric key encryption |
Disabled |
|
CA ControlMinder TNG daemon |
Default symmetric key encryption |
Disabled |
|
LDAP password encryption usage (sebuildla -u -n) |
Default symmetric key encryption |
Disabled |
|
LDAP password encryption generation (seldapcred) |
Default symmetric key encryption |
Disabled |
|
TCP communication |
Default symmetric key encryption (two-way) or CAPKI sockets over SSL V2, SSL V3, or TLS V1 |
CAPKI sockets over TLS V1 |
|
seversion utility |
CAPKI SHA-1 |
CAPKI SHA-1 |
|
Trusted Programs (watchdog and seretrust) |
CAPKI SHA-1 |
CAPKI SHA-1 |
|
Advanced policy management policy distribution |
CAPKI SHA-1 signature, and for backwards compatibility, CA ControlMinder internal SHA-1 signature |
CAPKI SHA-1 signature only |
|
selogrd encryption |
Default symmetric key encryption and MD5 |
Disabled |
|
sechkey key change |
Default symmetric key encryption |
Disabled |
|
iRecorder log file signature |
MD5 encryption |
Disabled |
|
Report Agent |
Enabled |
Disabled |
|
SAM Agent |
Enabled |
Disabled |
|
DMS |
Enabled |
UNAB endpoints management disabled |
Note: Where a feature is disabled as a result of the FIPS operational mode, the relevant program prints an error message and exits, or writes the error message to the system log if a non interactive process occurred. For example: Report Agent or SAM Agent.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|