Previous Topic: Install Java Components for FIPS on JBoss/Windows Servers

Next Topic: Permissions

Configuration GuideSecurity and PermissionsHow To Enable FIPS 140-2 EncryptionConfigure FIPS Encryption

Configure FIPS Encryption

By default, CA GovernanceMinder does not use FIPS-compliant encryption. You enable FIPS-compliant algorithms and key handling to implement FIPS encryption.

Note: You need administrator-level rights in the CA GovernanceMinder Portal to perform this procedure.

To configure FIPS encryption

  1. Click Administration, Settings from the main menu of the CA GovernanceMinder portal.

    The Settings menu appears.

  2. Click Common Properties Settings.
  3. Modify the following parameters to enable and configure FIPS-compliant encryption:
    pbe.fips.enabled

    Specifies if CA GovernanceMinder uses FIPS-compliant encryption algorithms.

    • True—Use FIPS-compliant encryption.
    • False—Use non-compliant encryption.
    passphrase.getter.class

    Defines the Java class that is used to retrieve the encryption key.

    pbe.provider

    Defines the provider of the FIPS-compliant algorithms. Leave this property blank to use the RSA JSafeJCE algorithms that CA provides. If you specify another provider, copy that algorithm set to all computers running the CA GovernanceMinder server.

    Note: To save changes to a property, select Database Property from the Type drop-down list, and click Save.

  4. Restart the CA GovernanceMinder server or server cluster.