FIPS 140-2 Support › Cryptographic Module Validated to FIPS 140-2

Cryptographic Module Validated to FIPS 140-2

CA Process Automation uses an embedded cryptographic module validated to FIPS 140-2 with these specifications:

• Cert#: 1048
• Vendor: RSA, The Security Division of EMC
• Cryptographic Module: RSA BSAFE® Crypto-J JCE Provider Module (Software Version: 4.0)
• Module Type: Software
• Validation Dates: 10/27/2008; 01/26/2009; 09/07/2010
• Level/Description: Overall Level 1
• FIPS-approved algorithm: RSA (Cert. #311)

For details, use a search engine to find the RSA BSAFE Crypto-J JCE Provider Module Security Policy. This policy lists the platforms on which the algorithms are compliant, including platforms from Microsoft, Linux, Oracle (Solaris), HP, and IBM. This document also includes details on Crypto-J FIPS-approved algorithms.

In FIPS-only mode, CA EEM uses the following algorithms:

• SHA1, SHA256, SHA384—For managing client-server communication.
• SHA512—For storing user passwords.

  Note: CA EEM applies SHA512 to the password digest only if you update the password digest. Until you update, CA EEM accepts the existing password in the password digest.

• SHA256—For managing application certificates.
• TLS v1.0—For communication with external LDAP directories if the LDAP connection is over TLS.