Previous Topic: Features Affected (UNIX)Next Topic: Feature Support Limitations


Features Affected (Windows)

The FIPS operational mode can have an effect on the following CA ControlMinder Windows features:

Feature

Non-FIPS Mode

FIPS Mode

PMD update file encryption

Default symmetric key encryption (two-way)

CAPKI AES symmetric key encryption

Password history (non-bidirectional)

Saved as CAPKI SHA-1.

Password validation with CAPKI SHA-1 and fall through to crypt

Saved as CAPKI SHA-1.

Password validation with CAPKI SHA-1 only

Password history (bidirectional)

Default symmetric key encryption.

Password validation with default symmetric key encryption

CAPKI AES symmetric key encryption.

Password validation with CAPKI AES only.

sechkey key change, password history

Default symmetric key encryption to decrypt and encrypt password history

CAPKI AES symmetric key encryption to decrypt and encrypt password history

sechkey key change, policy model

Default symmetric key encryption to decrypt and encrypt policy model update files

CAPKI AES symmetric key encryption to decrypt and encrypt policy model update files

Trusted Programs

CAPKI SHA-1 and MD5

CAPKI SHA-1 only

Mainframe password synchronization

Enabled

Disabled

iRecorder

Enabled

Disabled

TNG integartion

Enabled

Disabled

Advanced policy management policy distribution

CAPKI SHA-1 signature, and for backwards compatibility, CA ControlMinder internal SHA-1 signature

CAPKI SHA-1 signature only

Report Agent

Enabled

Disabled

SAM Agent

Enabled

Disabled

DMS

Enabled

UNAB endpoint management disabled

Note: Where a feature is disabled as a result of the FIPS operational mode, the relevant program prints an error message and exits, or writes the error message to the system log if a non interactive process occurred. For example: Report Agent or SAM Agent.

You should also consider the following: