The two settings in CA DataMinder machine policy that control data encryption are Communications Encryption and Encrypt Stored Data?. Find these settings in the Security folder of the machine policy.
When CA DataMinder runs in Advanced Encryption Mode, Encrypt Stored Data? must be set to True (this is its default value), while Communications Encryption is not used. Consequently, you do not normally need to change these settings after deploying CA DataMinder.
This setting covers encryption for network communications. It specifies the level of network encryption (none, low, medium, or high) for data sent between CA DataMinder machines. However, CA DataMinder ignores this setting when it runs in Advanced Encryption Mode. This is because network encryption using TLS is an integral part of Advanced Encryption Mode and cannot be disabled. Instead, the infrastructure logs an entry in the CA DataMinder Activity Log file indicating that it is running in this mode.
This setting covers stored data encryption. The machine policy setting specifies whether to encrypt Binary Large Object files (blobs) containing captured data. This setting remains active and must be set to True (the default) when CA DataMinder runs in Advanced Encryption Mode. This is because FIPS 140-2 states that all sensitive data must be encrypted with an approved algorithm.
Important! CA DataMinder administrators must therefore ensure that this setting is never set to False!
Note: If Encrypt Stored Data is inadvertently set to False, you will need to reset it to True across all machines in your CA DataMinder enterprise. To do this, you will need to edit this setting in the CMS machine policy, the common gateway policy and the common client policy. All gateway servers inherit the common gateway policy, and all client machines inherit the common client policy. For details about editing machine policies, see the online help for the CA DataMinder Administration console.
|
Copyright © 2014 CA.
All rights reserved.
|
|