The Policy Server uses certified Federal Information Processing Standard (FIPS) 1402 compliant cryptographic libraries. FIPS is a US government computer security standard used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). These libraries provide a FIPS mode of operation when a SiteMinder environment only uses FIPScompliant algorithms to encrypt sensitive data. A SiteMinder environment can operate in one of the following FIPS modes of operation:
By default, a SiteMinder environment upgraded to r12.0 SP2 is operating in FIPScompatibility mode. In FIPScompatibility mode, the environment uses algorithms existing in previous versions of SiteMinder to encrypt sensitive data and is compatible with previous versions SiteMinder. If your organization does not require the use of FIPScompliant algorithms, the Policy Server can operate in FIPScompatibility mode without further configuration.
Migrating your environment to use only FIPScompliant algorithms is comprised of two stages.
Important! An environment that is running in FIPSonly mode cannot interoperate with and is not backward compatible to earlier versions of SiteMinder. This includes all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. Relink all such software with the r12.0 SP2 versions of the respective SDKs to achieve the required support for FIPSonly mode.
Note: More information on the FIPS Certified Module and the algorithms being used; the data that is being protected; and the SiteMinder Cryptographic Boundary exists in the Policy Server Administration Guide.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |