2.4 Understanding FIPS 140-2 Implementation

NetIQ security products support Federal Information Processing Standard (FIPS) 140-2 communication among the product components. You can configure the UNIX Agent manager, Security Agent for UNIX, and the NetIQ security products (Sentinel, Change Guardian, and Secure Configuration Manager) to enable all communications to FIPS 140-2 validated cryptographic modules. When you configure them to use only these communication algorithms, the servers cannot fully communicate with any Agent that does not use these algorithms.

The Security Agent for UNIX uses OpenSSL libraries for its internal encryption and other functions. OpenSSL is a FIPS 140-2 validated cryptographic provider. The purpose of doing so is to ensure that the Agent is in FIPS mode and is compliant with United States federal purchasing policies and standards.

UNIX Agent Manager uses Mozilla NSS libraries and Java SSL libraries for creating the listener on port 2222 and OpenSSL libraries for communicating with Agents. For UNIX Agent Manager, we ship our own copies of the Mozilla NSS libraries. Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) have a different set of NSS packages. The NSS cryptographic module provided by RHEL and SLES are FIPS 140-2 validated.