How to prevent usage of TLS v1 or SSL in PIM
Article ID: 189071
Updated On:
Products
CA Privileged Access Manager (PAM)
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager - Server Control (PAMSC)
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
A PCI DSS scan in our environment has detected some weaknesses in our environment.
How to prevent usage of weaker communication protocols?
Environment
Release : 14.0
Component : PAM SERVER CONTROL ENDPOINT WINDOWS
Resolution
fips_only=1
This forces communication based on the LCA protocol, like policyfetcher - DH communication, to use TLSv1.2 over port 5249
Note, any setting for communication_mode in seos.ini is ignored if fips_only=1 is set.
This forces communication based on the LCA protocol, like policyfetcher - DH communication, to use TLSv1.2 over port 5249
Note, any setting for communication_mode in seos.ini is ignored if fips_only=1 is set.
Additional Information
Please see also our documentation
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/release-notes/fips-compliance.html
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/reference/configuration-files/the-seos-ini-initialization-file/crypto.html
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/release-notes/fips-compliance.html
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/reference/configuration-files/the-seos-ini-initialization-file/crypto.html
Feedback
Yes
No
Powered by
