This documentation supports the 18.08 version of Remedy Deployment.

To view the latest version, select the version from the Product version menu.

Remedy Deployment 18.08 ... Installing Installing the platform components Installing BMC Remedy AR System Performing the BMC Remedy AR System installation Installing BMC Remedy Encryption Security

FIPS encryption options

To be used by U.S. Federal government agencies, software must comply with Federal Information Processing Standard (FIPS) 200. According to FIPS 200, information that needs cryptographic protection must be handled by software that complies with FIPS 140-2.

The following products include a FIPS encryption option:

  • BMC Remedy Encryption Performance Security — When this option is activated, AR System encrypts network traffic by using AES CBC with a 128-bit key for data encryption and a 1024-bit modulus for the RSA key exchange, and SHA-1 for message authentication.

  • BMC Remedy Encryption Premium Security — When this option is activated, AR System encrypts network traffic by using AES CBC with a 256-bit key for data encryption and a 2048-bit modulus for the RSA key exchange, and SHA-1 for message authentication.
     

    Note

    The built-in BMC Remedy Encryption Standard Security product does not include a FIPS option.

To activate FIPS encryption, see  Activating FIPS compliance  in BMC Remedy AR System documentation.
 

Note

BMC Remedy AR System, Atrium Single Sign On integration is FIPS compliant. For more information, see  Configuring an external Tomcat instance for FIPS-140 and Configuring FIPS-140 mode  in BMC Atrium Single Sign-On documentation.

FIPS-compliant AREA and ARDBC LDAP plug-ins

When you install the AR System server, the FIPS-certified Network Security Services (NSS) 3.11.4 libraries from Mozilla are added to the following LDAP plug-ins:

  • AR System External Authentication (AREA)
  • AR System Database Connectivity (ARDBC)

To comply with FIPS 140-2, the plug-ins must use Secure Sockets Layer (SSL) to connect to the LDAP server.
 

Important

These libraries provide the capability to comply with FIPS 140-2. To make your LDAP environment actually compliant with FIPS 140-2, you must further configure your LDAP server. For more information, see the Federal government FIPS 200 and 140-2 guidelines and your LDAP server documentation.

FIPS 140-2 certification

The following FIPS-certified libraries provide the cryptography used by the Performance and Premium FIPS encryption options:

  • Network Security Services (NSS) 3.11.4
  • OpenSSL FIPS 1.2
  • RSA Crypto-J 4.0 FIPS-140
Was this page helpful? Yes No Submitting... Thank you
Last modified by Himanshu Raul on Dec 10, 2019
installation encryption_security fips

Comments

Installing encryption on non-BMC Remedy applications
Installing BMC Remedy AR System using silent mode
© Copyright 1991-2018 BMC Software, Inc. © Copyright 1991-2018 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2020 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.