The Policy Server uses certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries. FIPS is a US government computer security standard used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). The libraries provide a FIPS mode of operation when a SiteMinder environment only uses FIPS-compliant algorithms to encrypt sensitive data.
You can install the Policy Server in one of the following FIPS modes of operation.
Note: The FIPS mode a Policy Server operates in is system-specific. For more information, see the SiteMinder r12.0 SP2 Platform Support Matrix on the Technical Support site.
In FIPS-migration mode, the r12.0 SP2 Policy Server continues to use existing SiteMinder encryption algorithms as you migrate the r12.0 SP2 environment to use only FIPS-compliant algorithms.
Install the Policy Server in FIPS-migration mode if you are in the process of configuring the existing environment to use only FIPS-compliant algorithms.
Install the Policy Server in FIPS-only mode if the existing environment is upgraded to r12.0 SP2 and is configured to use only FIPS-compliant algorithms.
Important! An r12.0 SP2 environment that is running in FIPS-only mode cannot operate with, or be backward compatible to, earlier versions of SiteMinder. This includes all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. Re-link all such software with the r12.0 SP2 versions of the respective SDKs to achieve the required support for Full FIPS mode.
Note: For more information about migrating an environment to use only FIPS-compliant algorithms, see the SiteMinder Upgrade Guide.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |