The FIPS operational mode can have an effect on the following CA ControlMinder UNIX features:
Feature |
Non-FIPS Mode |
FIPS Mode |
---|---|---|
PMD update file encryption |
Default symmetric key encryption (two-way) |
Disabled |
Trusted Programs |
CAPKI SHA-1 and MD5 |
CAPKI SHA-1 only |
Bidirectional password encryption |
Default symmetric key encryption |
Disabled |
Unidirectional password encryption |
Operating system's crypt/bigcrypt method |
Operating system's crypt/bigcrypt method |
PMD TNG command |
Default symmetric key encryption |
Disabled |
CA ControlMinder TNG daemon |
Default symmetric key encryption |
Disabled |
LDAP password encryption usage (sebuildla -u -n) |
Default symmetric key encryption |
Disabled |
LDAP password encryption generation (seldapcred) |
Default symmetric key encryption |
Disabled |
TCP communication |
Default symmetric key encryption (two-way) or CAPKI sockets over SSL V2, SSL V3, or TLS V1 |
CAPKI sockets over TLS V1 |
seversion utility |
CAPKI SHA-1 |
CAPKI SHA-1 |
Trusted Programs (watchdog and seretrust) |
CAPKI SHA-1 |
CAPKI SHA-1 |
Advanced policy management policy distribution |
CAPKI SHA-1 signature, and for backwards compatibility, CA ControlMinder internal SHA-1 signature |
CAPKI SHA-1 signature only |
selogrd encryption |
Default symmetric key encryption and MD5 |
Disabled |
sechkey key change |
Default symmetric key encryption |
Disabled |
iRecorder log file signature |
MD5 encryption |
Disabled |
Report Agent |
Enabled |
Disabled |
SAM Agent |
Enabled |
Disabled |
DMS |
Enabled |
UNAB endpoints management disabled |
Note: Where a feature is disabled as a result of the FIPS operational mode, the relevant program prints an error message and exits, or writes the error message to the system log if a non interactive process occurred. For example: Report Agent or SAM Agent.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|