Communications and storage of sensitive data will be subject to enhanced encryption based on Federal Information Processing Standards (FIPS) 140-2.
FIPS 140-2 is a U.S government computer security standard that is used to accredit cryptographic modules. The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules that include both hardware and software components. The protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module.
The following table shows the supported platforms that are currently FIPS 140-2 compliant.
FIPS 140-2 Compliant
The following Encryption Algorithms are used
Network Router communication traffic between Prognosis servers will always be encrypted, by default using the legacy AES256-CTR-SHA256 encryption algorithm (non FIPS).
In all environments, the following approach is recommended:
Upgrade all servers to version 11.8 to ensure the highest level of encryption is available.
Leave the default encryption enabled on all servers unless there are specific needs in the environment. For example, if there are old versions on some Monitoring Servers, or there is a very high data throughput.
In high-security environments, the following additional actions are recommended:
If required, consider enabling FIPS mode encryption where the entire deployment consists of MS Windows servers.
The following pages provide details and instructions on configuring and using the encryption feature.
|For details see the following sections:|