|
|
|
The Policy Server uses certified Federal Information Processing Standard (FIPS) 140–2 compliant cryptographic libraries. FIPS is a US government computer security standard used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). These libraries provide a FIPS mode of operation when a SOA Security Manager environment only uses FIPS–compliant algorithms to encrypt sensitive data. A SOA Security Manager environment can operate in one of the following FIPS modes of operation:
By default, a SOA Security Manager environment upgraded to r12.1 SP3 is operating in FIPS–compatibility mode. In FIPS–compatibility mode, the environment uses algorithms existing in previous versions of SOA Security Manager to encrypt sensitive data and is compatible with previous versions SOA Security Manager. If your organization does not require the use of FIPS–compliant algorithms, the Policy Server can operate in FIPS–compatibility mode without further configuration.
Migrating your environment to use only FIPS–compliant algorithms is comprised of two stages.
Important! An environment that is running in FIPS–only mode cannot interoperate with and is not backward compatible to earlier versions of SOA Security Manager. This includes all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. Re–link all such software with the r12.1 SP3 versions of the respective SDKs to achieve the required support for FIPS–only mode.
Note: More information on the FIPS Certified Module and the algorithms being used; the data that is being protected; and the SOA Security Manager Cryptographic Boundary exists in the Policy Server Administration Guide.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |