SysMaint: Activate or Deactivate FIPS

Document created by RSA Information Design and Development on Jul 29, 2016Last modified by Susan Ewald on Nov 1, 2016
Version 2Show Document
  • View in full screen mode

Caution: Federal Information Processing Standards (FIPS) is available in Security Analytics v10.5.0.1 and later. FIPS is not available in  Security Analytics v10.5.

This topic tells you how to activate and deactivate Federal Information Processing Standards (FIPS).

The method you use to activate or deactivate FIPS depends on the type of security library used by your Security Analytics services. Your Security Analytics services can use either the OpenSSL or BSAFE security library.

Event Stream Analysis (ESA), Malware Analysis, Reporting Engine, Security Analytics Host, and Incident ManagementBSAFE
Broker, Concentrator, Decoder, Log Decoder, Warehouse Connector, IPDB Extractor, Log Collector (Local and Remote Collectors), Archiver, and WorkbenchOpenSSL

Important Notes on FIPS

  • When you run the FIPS Enable/Disable script on the Security Analytics host, it enables/disables all the services using BSAFE security library running on the Security Analytics host and all the connected hosts that use BSAFE security library.
  • If FIPS is enabled, you must complete the following steps before you add an SFTP destination using SSH key-based access after the SSH keys are configured as described in the Warehouse Connector Configuration Guide.
  1. SSH to the Warehouse Connector host.
  2. Submit the following commands:
    cd /root/.ssh/
    mv id_dsa id_dsa.old
    openssl pkcs8 -topk8 -v2 des3 -in id_dsa.old -out id_dsa
    You are prompted for the old and new passphrase.
  3. Enter the old and new passphrase.
  4. Submit the following commands:
    chmod 600 id_dsa
You are here: Reporting: Activate or Deactivate FIPS