Encryption Management Server Client log shows FIPS integrity checks disabled

book

Article ID: 198734

calendar_today

Updated On:

Products

Encryption Desktop Powered by PGP Technology Encryption Management Server Powered by PGP Technology Encryption Management Server

Issue/Introduction

In the Encryption Management Server administration console under Reporting / Logs / Client log you see this entry:

FIPS integrity checks disabled

Cause

FIPS 140-2 operational and integrity checks are disabled in the Encryption Desktop client policy.

Environment

  • Symantec Encryption Desktop 10.4 and above.
  • Symantec Encryption Management Server 3.4 and above.

Resolution

Providing the clients are running Encryption Desktop 10.4 and above, this log entry can be ignored because FIPS 140-2 operational and integrity checks are always enabled, whether or not they are enabled in policy. If you enable FIPS 140-2 operational and integrity checks in policy, the only change that occurs is that the log entry does not appear. See article 163582 on how to enable the FIPS 140-2 operational and integrity checks in policy.

In Encryption Desktop releases prior to 10.4, FIPS 140-2 operational and integrity checks did need to be explicitly enabled in policy. Note, however, that Encryption Desktop releases prior to 10.4 are end of support life.