CA SiteMinder® Federation Standalone uses certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries. These libraries provide a FIPS mode of operation when an environment uses only FIPS-compliant Advanced Encryption Standard (AES) algorithms to encrypt sensitive data.
You can install the product in one of the following FIPS modes of operation:
FIPS_COMPAT (compatibility) mode is the default FIPS mode of operation during installation. In FIPS_COMPAT mode, the system continues to support the current set of non-FIPS algorithms as well as the supported FIPS-compliant algorithms.
FIPS_COMPAT mode is compatible with previous versions of the product. This compatibility enables environments with a version earlier than 12.52 to interoperate with 12.52. FIPS_COMPAT is also suitable for any clients who are satisfied with the degree of security available in the current product implementation.
If your organization does not require the use of FIPS, install the product in FIPS_COMPAT mode. No further configuration is required.
In FIPS_ONLY mode, the environment uses only FIPS-compliant algorithms to encrypt sensitive data.
Install the product in FIPS_ONLY mode for new installations where you want to use only FIPS-compliant algorithms.
An appendix in this guide lists the specific encryption and decryption algorithms that the system uses when operating in different FIPS modes.
Important! An 12.52 installation running in FIPS_ONLY mode cannot interoperate with, or be backward compatible to, earlier versions of the product, including any previous versions of APIs exposed by the product. Re-link all such software with the 12.52 versions of the respective SDKs to achieve the required support for full FIPS_ONLY mode.
|
Copyright © 2013 CA.
All rights reserved.
|
|