The FIPS operational mode can have an effect on the following CA ControlMinder Windows features:
Feature |
Non-FIPS Mode |
FIPS Mode |
---|---|---|
PMD update file encryption |
Default symmetric key encryption (two-way) |
CAPKI AES symmetric key encryption |
Password history (non-bidirectional) |
Saved as CAPKI SHA-1. Password validation with CAPKI SHA-1 and fall through to crypt |
Saved as CAPKI SHA-1. Password validation with CAPKI SHA-1 only |
Password history (bidirectional) |
Default symmetric key encryption. Password validation with default symmetric key encryption |
CAPKI AES symmetric key encryption. Password validation with CAPKI AES only. |
sechkey key change, password history |
Default symmetric key encryption to decrypt and encrypt password history |
CAPKI AES symmetric key encryption to decrypt and encrypt password history |
sechkey key change, policy model |
Default symmetric key encryption to decrypt and encrypt policy model update files |
CAPKI AES symmetric key encryption to decrypt and encrypt policy model update files |
Trusted Programs |
CAPKI SHA-1 and MD5 |
CAPKI SHA-1 only |
Mainframe password synchronization |
Enabled |
Disabled |
iRecorder |
Enabled |
Disabled |
TNG integartion |
Enabled |
Disabled |
Advanced policy management policy distribution |
CAPKI SHA-1 signature, and for backwards compatibility, CA ControlMinder internal SHA-1 signature |
CAPKI SHA-1 signature only |
Report Agent |
Enabled |
Disabled |
SAM Agent |
Enabled |
Disabled |
DMS |
Enabled |
UNAB endpoint management disabled |
Note: Where a feature is disabled as a result of the FIPS operational mode, the relevant program prints an error message and exits, or writes the error message to the system log if a non interactive process occurred. For example: Report Agent or SAM Agent.
You should also consider the following:
Copyright © 2013 CA Technologies.
All rights reserved.
|
|