We are looking to disable FIPS (from on to off) mode in EEM. However, before we do this, we would like to know what impact this will have on CA Process Automation. Does anything need to be reconfigured in CA Process Automation when FIPS is disabled in the EEM used by CA Process Automation?
Release : 4.3
Component : Process Automation
As it relates to ITPAM (Client) and EEM (Server), FIPS connections comes down to what kind of SSL connection will be negotiated between the Client and Server (SSL/TLS version, ciphers/algorithms). Once ITPAM is configured to use FIPS while connecting to EEM, it establishes SSL settings to use for the connection that are considered more secure than non FIPS (for example: stronger algorithms).
The SSL settings can still be used even after changing EEM from FIPS on to FIPS off. As long as the configuration, on the EEM Server side, are not changed in a way that interrupts clients trying to connect using those settings then it is no problem.
So, technically, after changing EEM from FIPS yes to FIPS no you can: