Security product, Sentinel supports Federal Information Processing Standard (FIPS) 140-2 communication among the product components. You can configure the UAM, Security Agent for UNIX, and Sentinel to enable all communications to FIPS 140-2 validated cryptographic modules. When you configure them to use only these communication algorithms, the servers cannot fully communicate with any Agent that does not use these algorithms.
IMPORTANT:
If UAM is in FIPS mode, you cannot deploy Security Agents for UNIX in FIPS or non-FIPS modes.
If both, UAM and the target operating system are not in FIPS modes, deployment of Security Agent for UNIX in FIPS mode succeeds.
If the target operating system is in FIPS mode, UAM cannot deploy Security Agent for UNIX in FIPS or non-FIPS modes.
If UAM is in non-FIPS mode, you cannot convert it to FIPS mode, during an upgrade.
The Security Agent for UNIX uses OpenSSL libraries for its internal encryption and other functions. OpenSSL is a FIPS 140-2 validated cryptographic provider. The purpose of doing so is to ensure that the Agent is in FIPS mode and is compliant with United States federal purchasing policies and standards.
UAM uses Mozilla NSS libraries and Java SSL libraries for creating the listener on port 2222 and OpenSSL libraries for communicating with Agents. For UAM, we ship our own copies of the Mozilla NSS libraries. Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) have a different set of NSS packages. The NSS cryptographic module provided by RHEL and SLES are FIPS 140-2 validated.
IMPORTANT:If you deploy the Agent in FIPS mode, you must deploy the security products in FIPS mode. If not, you can deploy all the components in non-FIPS mode.
The following are different ways in which you can implement FIPS 140-2:
NOTE:If you have converted the Agent to FIPS mode, you cannot revert to non-FIPS mode.
|
Tasks |
For more information, seeā¦ |
|---|---|
|
Remote installation: To enable the Agent in FIPS 140-2 mode during remote installation |
The following components provide FIPS 140-2 support:
Sentinel Server 7.4 and later
Sentinel Security Agent for UNIX 7.5 and later
UAM 7.5 and later
Sentinel Agent Manager Connector 2011.1r5 and later