Secure Configuration Manager components use secure TLS/SSL communication. Secure Configuration Manager also supports Federal Information Processing Standard (FIPS 140-2) communication between the product components. FIPS 140-2 standards regulate the implementation and communication of cryptographic software. Users working under FIPS guidelines must operate using Secure Configuration Manager within a secure FIPS-enabled environment.
Secure Configuration Manager features FIPS-migration mode functionality, which allows Core Services to communicate with Windows or UNIX security agent computers that are either in or out of FIPS mode. During agent registration, Core Services queries the agent operating system registry to determine whether FIPS communication is enabled. If the agent is already in FIPS mode, Core Services establishes a secure FIPS connection with the agent.
If you use a standalone AutoSync client, you must enable the client to communicate with Core Services. For more information about configuring the AutoSync client, see Connecting the AutoSync Client to Core Services in a FIPS-Enabled Environment.
Enable FIPS communication on every computer hosting a Secure Configuration Manager console, including the Core Services computer.
To enable FIPS on the console operating system:
Open the Local Security Policy application in Administrative Tools.
Under Security Settings, expand Local Policies.
Click Security Options.
Open the policy for System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
Click Enabled, and then click Apply.
Click OK.
This section provides instructions for configuring Core Services to operate in FIPS-migration mode for FIPS communication with other Secure Configuration Manager components. For more information about the security agents communicating in FIPS mode, see the guides for each security agent.
NOTE:If Core Services does not appear to be communicating with an agent in FIPS mode, refer to the core.log file in the \Core Services folder of the Secure Configuration Manager installation folder to verify that Core Services is in FIPS mode.
To enable FIPS communication on the Core Services computer:
Start the Core Services Configuration Utility in the NetIQ Secure Configuration Manager program folder.
On the Network tab of the Core Services Configuration Utility, enable FIPS mode by setting Enable FIPS Support to true.
Click OK to save the changes and close the utility.
Restart the NetIQ Core Services service.