Please add FIPs support for ZENworks Configuration Management, as the following situation can happen with FIPs enabled: https://www.novell.com/support/kb/doc.php?id=7016055.
by: Steven J. | over a year ago | Supportability
Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.
Votes
4
Please add FIPs support for ZENworks Configuration Management
by: Steven J. | over a year ago | Supportability
Comments
This was being reviewed as a possible fix according to https://www.novell.com/support/kb/doc.php?id=7006539, which stated the following.
The Zen Agent's .NET classes currently in used by ZCM 10.x agent uses non-fips-140-compliant encryption classes to download content to managed devices. FIPS-140 requires .NET 3.5 APIs which is being reviewed as a possibility for ZCM 11.
I work for a government agency, so FIPS-140 com pliancy is critical and required as we have access to many federal systems.
Why does ZENworks even look at the FIPS policy registry key if it uses it's own cryptographic algorithms and not a Windows cryptographic algorithm? I see no technical reason why ZENworks could not run with the FIPS Windows policy in effect. The policy itself does not enforce all applications to use FIPS, but does limit some of the Windows cryptographic components used, which should not affect ZENworks. The solution for TID 7016055 should be for ZENworks to not check that registry key at all. If ZENworks were to be FIPS compliant in the future, then ZENworks would need to watch the registry key and utilize a FIPS compliant Windows cryptographic algorithm.