Table of Contents
Advertisement
118
Chapter 4
Configure for FIPS 140-2 Compliance.
compliant prior to installation, the installation process will not let you deselect the Configure for
FIPS 140-2 Compliance option. If you no do not want the installed applications to be FIPS 140-2
compliant, you must manually set a Windows System cryptography setting to disabled:
1. From the Windows Control panel, select:
Administrative Tools > Local Security Policy > Local Policies (located in the left panel) > Security
Options (located in the left panel) > System cryptography: Use FIPS compliant algorithms... (located
in the right panel)
2. Double-click the
For new installations, the SHA-1 hash function algorithm is used regardless of whether or not
Configure for FIPS 140-2 Compliance is enabled; for upgrade installations, the following
rules apply:
If FIPS 140-2 is enabled, all existing user information from the previous version is upgraded
in the following steps:
– The original, encrypted user passwords are archived to a setup log file.
– New user passwords are randomly assigned and saved to a setup
log file. The log file is located at: C:\Program Files\Common
Files\IBM\SPSS\DataCollection\6\\Installer\NewPassword.logInterviewer Server
Administration administrators can supply users these new, temporary passwords in a manner
that is in accordance with their business practices.
– The MustChangePasswordAtNextLogin setting is enabled, which forces users to change
their passwords at next login.
When upgrading on a server that is currently not configured for FIPS 140-2, you are presented
with the option to reset user passwords:
– If you choose to reset user passwords, the SHA-1 hash function algorithm is employed.
– If you choose to not reset user passwords, the server will continue to use the MD5 hash
function algorithm.
Keep the following points in mind when modifying an existing installation:
– When changing Configure for FIPS 140-2 Compliance from enabled to disabled, the
SHA-1 hash function algorithm will continue to be employed.
– When changing Configure for FIPS 140-2 Compliance from disabled to enabled, the
parameters outlined in the first bullet point are employed.
Refer to the
(http://csrc.nist.gov/groups/STM/cmvp/standards.html#02)
regarding FIPS 140-2.
Notes: When FIPS 140-2 is configured for IBM SPSS Data Collection products, the applications
adhere to the password protection security protocols that are defined on the Interviewer Server.
For example, if the Interviewer Server is configured for MD5 security, the client-side applications
will also use MD5 security for password protection, regardless of whether or not the
FIPS 140-2 Compliance
System cryptography: Use FIPS compliant algorithms...
National Institute of Standards and Technology
setting was selected during installation.
If your system is already configured to be FIPS 140-2
website for more information
policy and select
Disabled
Configure for
.
Hide quick links:
Advertisement
Table of Contents
