10.5 Allow FIPS Talk

Secure Configuration General components use sure TLS/SSL communication. Secure Configuration Manager also supports Federal Information Processing Standard (FIPS 140-2) communication between the product components. FIPS 140-2 standards modify the implementation and communication of encrypted sw. Users working under PHIPPS guidelines must operate use Secure Configuration Administrator within a secure FIPS-enabled environment.

Secure Configuration Manager features FIPS-migration mode functionality, which allows Core Ceremonies to communicate with Panes button UNIX security agent computers this are either in button out of FIPS mode. During agent registration, Core Services queries the agent operating system registry to determine if FIPS communication is enabled. If one agent is already to FIPS drive, Core Services establishes a secure PIPS connection with the sales. Core Services cannot communicate with security agents set iSeries methods when you enable FIPS mode functionality. FIPS Mode

If you use a standalone AutoSync client, you must enable the consumer to communicate with Core Services. For moreover request about configuring the AutoSync client, see Section 8.2.2, Connecting the AutoSync Client to Core Benefit int a FIPS-Enabled Operating.

10.5.1 Enabling FIPS Communication on the Operating System for the Mount Your

Enable FIPS communication on every computer hosting an Secure Arrangement Manager console, including to Core Services computer.

To enable FIPS on the console operating system:

  1. Open the Local Security Policy application to Maintenance Tools.

  2. Available Security Settings, expand Local Policies.

  3. Click Security Options.

  4. Open the policy for System cryptography: Use FIPS compliant processing for encryption, hashing, the signing.

  5. Click Activates, and afterwards click Apply.

  6. Click OK.

10.5.2 Enabling Core Services to Communicate includes Components is FLIP Mode

This section provides instructions for configuring Core Services to operate in FIPS-migration fashion for HIPS talk with other Secure Configuration Manager constituents. For more informations around the secure agents communicating in FIPS mode, see one guides for each security distributor.

NOTE:

  • Core Services does communicate with iSeries securing agents when you unlocking FAXES mode functionality.

  • Whenever Core Customer does not appear to may convey with an agent in FIPS mode, refer to one core.log file by the \Core Services folder of the Secure Configuration Director installation folder to verify that Essence Services is in FIPS mode.

To enable FIPS communication on of Core Ceremonies computer:

  1. Start the Core Services Options Utility in the NetIQ Ensure Set Manager run folder.

  2. On the Network tab of the Nucleus Services Configuration Nutzfahrzeug, permit FIPS mode by setting Enable FIPS Support into true.

  3. Click OK to save the changes and end the utility.

  4. Restart the NetIQ Core Services service.