Previous Topic: Cryptographic Security FunctionsNext Topic: FIPS-Compliance of Components External to CA ITCM

FIPS 140-2 ComplianceComponent-Specific Cryptographic Use

Component-Specific Cryptographic Use

This section lists the component-specific cryptographic usage when CA ITCM is operating in the FIPS-only mode:

Inter-node Communications [Session Messaging]

The session messaging component uses the TLS v1.0 protocol for inter-node communications. The chosen cipher suite will be selected by negotiation between the communicating nodes.

In some instances, the session messaging component uses the Key Transport Recipient Information structure as specified in the Cryptographic Message Syntax version 3 (CMS3) as specified in RFC3369.

Stream-based Networking

The stream-based networking component utilizes the TLS v1.0 protocol for inter-node communications. The chosen cipher suite will be selected by negotiation between the communicating nodes.

Remote Control – Local Address Book

The remote control Local Address Book entries are protected by the 3TDES algorithm in CBC mode with randomized IV.

Desktop Migration Manager [DMM]

DMM uses the TLS v1.0 protocol for communication and the AES algorithm with 192 bit keys in CBC mode with randomized IV.

ENC

As the ENC functionality provided in CA ITCM is currently Windows only, it is tightly integrated with the Microsoft SCHANNEL provider; the Microsoft Certificate Store, and therefore the underlying Microsoft Cryptographic provider (RSAENH). For more information about the FIPS status of the Microsoft cryptographic providers, see FIPS-certified Windows Operating Environments.

OSIM and Software Delivery

OSIM and software delivery use symmetric encryption provided by the AES algorithm in CBC mode with randomized IV and structured using the Cryptographic Message Syntax version 3 (CMS3) as specified in RFC3369.

Common Object Manager, Common Engine, SMS Extractor

The Common Object Manager, Common Engine, and SMS Extractor components use the 3TDES algorithm in CBC mode with randomized IV.

Platform Virtualization – ESX Module

The ESX module uses the TLS v1.0 protocol for communication with remote VMware ESX nodes.

DTS

The DTS programs use symmetric encryption provided by either the AES or 3TDES algorithms, with varying key sizes, but all using CBC mode with randomized IVs.

CCS

CA ITCM can make use of CA Common Services, which can optionally be installed. For a detailed description of the FIPS compliance level of CA Common Services, review "Appendix B FIPS 140-2 Encryption" of the CA NSM Administration Guide provided in the CA Bookshelf.