The FIPS operational mode can have an effect on the following CA ControlMinder Windows features:
|
Feature |
Non-FIPS Mode |
FIPS Mode |
|---|---|---|
|
PMD update file encryption |
Default symmetric key encryption (two-way) |
CAPKI AES symmetric key encryption |
|
Password history (non-bidirectional) |
Saved as CAPKI SHA-1. Password validation with CAPKI SHA-1 and fall through to crypt |
Saved as CAPKI SHA-1. Password validation with CAPKI SHA-1 only |
|
Password history (bidirectional) |
Default symmetric key encryption. Password validation with default symmetric key encryption |
CAPKI AES symmetric key encryption. Password validation with CAPKI AES only. |
|
sechkey key change, password history |
Default symmetric key encryption to decrypt and encrypt password history |
CAPKI AES symmetric key encryption to decrypt and encrypt password history |
|
sechkey key change, policy model |
Default symmetric key encryption to decrypt and encrypt policy model update files |
CAPKI AES symmetric key encryption to decrypt and encrypt policy model update files |
|
Trusted Programs |
CAPKI SHA-1 and MD5 |
CAPKI SHA-1 only |
|
Mainframe password synchronization |
Enabled |
Disabled |
|
iRecorder |
Enabled |
Disabled |
|
TNG integartion |
Enabled |
Disabled |
|
Advanced policy management policy distribution |
CAPKI SHA-1 signature, and for backwards compatibility, CA ControlMinder internal SHA-1 signature |
CAPKI SHA-1 signature only |
|
Report Agent |
Enabled |
Disabled |
|
SAM Agent |
Enabled |
Disabled |
|
DMS |
Enabled |
UNAB endpoint management disabled |
Note: Where a feature is disabled as a result of the FIPS operational mode, the relevant program prints an error message and exits, or writes the error message to the system log if a non interactive process occurred. For example: Report Agent or SAM Agent.
You should also consider the following:
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|