CA DMM supports FIPS‑compliant cryptography in two modes—FIPS-preferred and FIPS-only. You can select the FIPS mode while installing CA DMM. If you want to change the FIPS mode later, you need to reinstall CA DMM and select the required FIPS mode in the installer.
Specifies that only FIPS-compliant cryptography is allowed. This mode is not backward-compatible and you cannot access password-protected DNA files created using the previous releases of CA DMM.
Specifies that FIPS-compliant cryptography is preferred. This mode is backward-compatible and lets you access password-protected DNA files created using the previous releases of CA DMM. However, if you have a Client Automation installation on the computer, CA DMM will operate in the same FIPS mode as Client Automation. For example, if Client Automation is operating in the FIPS-only mode, CA DMM will also operate in the FIPS-only mode even though you have selected the FIPS-preferred mode. You can configure CA DMM to ignore the FIPS mode of Client Automation using a command line option. For more information, see the Reference Guide.
The default FIPS mode is FIPS-preferred and the mode of operation is decided at run-time based on the following table:
|
CA DMM Installation |
Client Automation is in FIPS‑Only Mode |
Client Automation is in FIPS‑Preferred Mode |
|---|---|---|
|
CA DMM is installed in FIPS-only mode or the /FO option is set through CLI |
Runs in FIPS-only mode |
Runs in FIPS-only mode |
|
CA DMM is installed in FIPS-preferred mode or the /IFM option is set through CLI |
Runs in FIPS‑preferred mode |
Runs in FIPS‑preferred mode |
|
CA DMM is installed in FIPS-preferred mode and did not receive the /IFM option through CLI. |
Runs in the same FIPS mode as Client Automation that is FIPS-only mode |
Runs in the same FIPS mode as Client Automation that is FIPS‑preferred mode |
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|