Previous Topic: How to Re-Encrypt Existing Sensitive DataNext Topic: How to Configure FIPS-only Mode


Migration Roadmap—Configure FIPS-Only Mode

The following diagram illustrates a sample 12.52 SP1 environment operating in FIPS-migration mode and lists the order in which you configure each component and connection to operate in FIPS-only mode.

The shaded components represent sensitive data that must be re-encrypted using FIPS-approved algorithms. Do not continue with the migration process until you have:

  1. Each Policy Server in the environment is set to operate in FIPS-only mode.
  2. Each CA SiteMinder® Web Agent, including custom Agents, is set to operate in FIPS-only mode.
  3. The existing connection between each Administrative UI and its respective Policy Server is encrypted using algorithms that are not FIPS compliant. Re-register each Administrative UI with its respective Policy Server to encrypt the connection using FIPS-compliant algorithms.
  4. The existing connection between a Report Server and a Policy Server is encrypted using algorithms that are not FIPS compliant. Re-register each Report Server with its respective Policy Server to encrypt the connection using FIPS-compliant algorithms.