The Certificate Management module ensures that OpenSSL is always initialized in the FIPS mode if the FIPS Enabled flag is configured for the operating system. Certificate generation uses RSA 2048 or later and SHA1 or later algorithms.
The Secure Storage module stores sensitive information such as user credentials and database connection strings. CCS uses the FIPS-certified crypto provider that is available in .Net framework 4.0 (AesCryptoServiceProvider) to secure the sensitive information that is stored in secure storage.
For more details on FIPS-compliance claim of AesCryptoServiceProvider, visit the following link:
Symantec has ensured that all cryptographic algorithms that are used in CCS are approved as per FIPS 140-2 guidelines.
For more details on FIPS 140-2 approved algorithms, visit the following link:
Apart from the mentioned CCS modules, the product has been fully tested in FIPS-enabled environment, which is done by enabling FIPS Enabled flag through Group/Local Security Policy. Symantec has ensured that the third party components do not violate any of FIPS 140-2 guidelines. Since CCS Reporting and Analytics is a .Net application, Symantec has relied on the FIPS Enabled flag of Windows Local/Global Security Policy for FIPS compliance.
For more details on effects of enabling FIPS key on .Net applications, visit the following link:
Imported Document ID: HOWTO76388
Subscribing will provide email updates when this Article is updated. Login is required.