FIPS encryption options

To be used by U.S. Federal government agencies, software must comply with Federal Information Processing Standard (FIPS) 200. According to FIPS 200, information that needs cryptographic protection must be handled by software that complies with FIPS 140-2.

The following products include a FIPS encryption option:

• BMC Remedy Encryption Performance Security — When this option is activated, AR System encrypts network traffic by using AES CBC with a 128-bit key for data encryption and a 1024-bit modulus for the RSA key exchange, and SHA-1 for message authentication.

• BMC Remedy Encryption Premium Security — When this option is activated, AR System encrypts network traffic by using AES CBC with a 256-bit key for data encryption and a 2048-bit modulus for the RSA key exchange, and SHA-1 for message authentication.
   

  Note

  The built-in BMC Remedy Encryption Standard Security product does not include a FIPS option.

To activate FIPS encryption, see Activating FIPS compliance in BMC Remedy AR System documentation.
 

FIPS-compliant AREA and ARDBC LDAP plug-ins

When you install the AR System server, the FIPS-certified Network Security Services (NSS) 3.11.4 libraries from Mozilla are added to the following LDAP plug-ins:

• AR System External Authentication (AREA)
• AR System Database Connectivity (ARDBC)

To comply with FIPS 140-2, the plug-ins must use Secure Sockets Layer (SSL) to connect to the LDAP server.
 

FIPS 140-2 certification

The following FIPS-certified libraries provide the cryptography used by the Performance and Premium FIPS encryption options:

• Network Security Services (NSS) 3.11.4
• OpenSSL FIPS 1.2
• RSA Crypto-J 4.0 FIPS-140