This documentation supports the 19.02 version of Remedy Action Request System.

To view the latest version, select the version from the Product version menu.

Activating FIPS compliance

If BMC Remedy Encryption Performance Security or BMC Remedy Encryption Premium Security 19.02 is installed on a server, use the FIPS Enabled option in the Encryption tab (see Encryption tab) in conjunction with the Security Policy setting to switch compliance with Federal Information Processing Standard (FIPS) 140-2 on or off:

FIPS Enabled option

Security Policy value

Is server FIPS compliant?

Description

Selected

Required

Yes

  • Only FIPS-compatible clients can communicate with the server
  • Clients communicating with the server can communicate only with other FIPS-compliant servers.

Selected

Disabled

No

Clients communicating with the server cannot communicate with FIPS-compliant servers.

Cleared

Optional, Required, or Disabled

No

Clients communicating with the server cannot communicate with FIPS-compliant servers.

For an overview of FIPS, see FIPS encryption options Open link in BMC Remedy ITSM Deployment documentation.

Note

For Java-based clients such as BMC Remedy Developer Studio and the mid tier, the first server that a client connects to determines whether the client is restricted to interacting with FIPS-compliant or noncompliant servers. Logging out of the client does not terminate the FIPS restriction. Instead, the client must be restarted.

Transition tips

If you are in the process of converting to a FIPS-compliant environment, consider these tips:

  • Do not select the FIPS Enabled option for a server until all clients that must communicate with that server have the appropriate BMC Remedy Encryption Performance Security or BMC Remedy Encryption Premium Security 19.02 installed.
  • During the transition phase, set the Security Policy to Optional on all servers that have BMC Remedy Encryption Performance Security or BMC Remedy Encryption Premium Security 19.02 installed so that they can communicate with clients that have not yet been upgraded to 19.02.
  • Be aware that when a server's Security Policy is set to Optional and a client cannot support the encryption algorithm (such as AES) required by the server, communication between the server and client is unencrypted.

To activate FIPS compliance

  1. Ensure that one of these products is installed on the appropriate BMC Remedy AR System server and on any clients that will communicate with the server:
    • BMC Remedy Encryption Performance Security 19.02
    • BMC Remedy Encryption Premium Security 19.02

      Note

      You can also activate FIPS compliance while installing these products. See Installing BMC Remedy Encryption Security Open link  in BMC Remedy ITSM Deployment documentation.

  2. Log on to the server.
  3. Open the AR System Administration Console.
  4. Click System > General > Server Information.
  5. In the AR System Administration: Server Information form, click the Encryption tab.
  6. In the New Encryption Settings area, select the FIPS Enabled option.
  7. In the Security Policy list, select Required.
  8. In the Data Key Details area, select an AES algorithm.
    See Configuring the data key.

    Note

    DES and RC4 algorithms are not FIPS compliant.

  9. In the Public Key Details area, select an RSA algorithm.
    See Configuring the public key.
  10. Click Apply.
  11. Restart the server.
    In the AR System server configuration file, servers use one of these encryption configurations when FIPS compliance is on:

    Encryption level

    Centralized configuration file settings

    Performance

    Encrypt-Security-Policy: 1

    Encrypt-Data-Encryption-Algorithm: 8

    Premium

    Encrypt-Security-Policy: 1

    Encrypt-Data-Encryption-Algorithm: 9

  12. Relog on to any clients that are connected to the server.
  13. From AR System Administration: Plugin Server Configuration form update the following settings:
    1. Set integer to 8 (Performance Security) or 9 (Premium Security):
      <dataEncryptionAlg> integer</dataEncryptionAlg>
    2. Ensure that integer is set to 1 (Required).
      <encryptionPolicy> integer</encryptionPolicy>
  14. Save the settings.
  15. Restart the Java plug-in server.

Was this page helpful? Yes No Submitting... Thank you

Comments