|
|
|
The Policy Server uses certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries. FIPS is a US government computer security standard used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). The libraries provide a FIPS mode of operation when a SOA Security Manager environment only uses FIPS-compliant algorithms to encrypt sensitive data.
You can install the Policy Server in one of the following FIPS modes of operation.
Note: The FIPS mode a Policy Server operates in is system-specific. For more information, see the SOA Security Manager r12.1 SP3 Platform Support Matrix on the Technical Support site.
In FIPS-migration mode, the r12.1 SP3 Policy Server continues to use existing SOA Security Manager encryption algorithms as you migrate the r12.1 SP3 environment to use only FIPS-compliant algorithms.
Install the Policy Server in FIPS-migration mode if you are in the process of configuring the existing environment to use only FIPS-compliant algorithms.
Install the Policy Server in FIPS-only mode if the existing environment is upgraded to r12.1 SP3 and is configured to use only FIPS-compliant algorithms.
Important! An r12.1 SP3 environment that is running in FIPS-only mode cannot operate with, or be backward compatible to, earlier versions of SOA Security Manager. This includes all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. Re-link all such software with the r12.1 SP3 versions of the respective SDKs to achieve the required support for Full FIPS mode.
Note: For more information about migrating an environment to use only FIPS-compliant algorithms, see the Upgrade Guide.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |