How can we confirm if FIPS is enabled in PAM

book

Article ID: 131310

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



PAM Admin activated FIPS in PAM by:
  • Logging in PAM UI -> "Configuration" -> Power and than clicked on the button "Activate FIPS Mode" 
They rebooted and now don't see the button.  However they don't know how to confirm is FIPS was activated.

Environment

PAM 3.x

Resolution

You can confirm if FIPS is activated by:
  • Logging in PAM UI 
  • Select "Configuration"
  • Select "Security"
  • Select "Cryptography"

Here if the Cryptographic Provider is:

  • OpenSSL -> than FIPS hasn't been activated
  • CA Technologies C-Security Kernel -> than FIPS has been activated

Additional Information

Note: once you activate FIPS, you cannot turn it off!


Also if you don't see the button  "Activate FIPS Mode" and the Cryptographic Provider is:

  • OpenSSL 

Than you didn't install PAM FIPS version.