The Policy Server uses certified Federal Information Processing Standard (FIPS) 140–2 compliant cryptographic libraries. FIPS is a US government computer security standard that is used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). These libraries provide a FIPS mode of operation when a CA SiteMinder® environment only uses FIPS–compliant algorithms to encrypt sensitive data. A CA SiteMinder® environment can operate in one of the following FIPS modes of operation:
By default, an environment that is upgraded to 12.52 SP1 is operating in FIPS–compatibility mode. In FIPS–compatibility mode, the environment uses algorithms existing in previous versions of CA SiteMinder® to encrypt sensitive data and is compatible with previous versions CA SiteMinder®. If your organization does not require the use of FIPS–compliant algorithms, the environment can operate in FIPS–compatibility mode without further configuration.
Migrating your environment to use only FIPS–compliant algorithms is comprised of two stages.
Important! An environment that is running in FIPS–only mode cannot interoperate with and is not backward compatible to versions of CA SiteMinder® before 12.x, including:
Re–link all such software with the 12.52 SP1 versions of the respective SDKs to achieve the required support for FIPS–only mode.
Ensure that your environment meets the minimum requirements before migrating the environment to only use FIPS-compliant algorithms. You may want to print the following to use as a checklist:
Note: More information on re-linking custom agents exists in the API Reference Guide for C and the API Reference Guide for Java.
Note: More information on enabling agent key generation exists in the Policy Server Administration Guide.
Copyright © 2014 CA.
All rights reserved.
|
|