Foglight 6.3.0 - Security and Compliance Guide

FIPS-compliant mode for Foglight Agent Manager

Foglight Agent Manager uses the Java Cryptographic Extension and Bouncy Castle Java FIPS library for cryptographic operations.

Whether the Agent Manager is FIPS-compliant is determined by the Foglight Management Server from which the Agent Manager installer is downloaded. That is to say if the Agent Manager installer is downloaded from an FIPS-compliant Foglight Management Server, the Agent Manager will be configured to be FIPS-compliant automatically, and vice versa.

You can check the value of the property fips.approved.mode.enabled in <fglam_home>/state/default/config/client.config file to see in which mode this Agent Manager is running. If the property is True, it means this Agent Manager is FIPS-compliant, and vice versa. In case the property is not found, it means this Agent Manager is not FIPS-compliant as well.

CAUTION: Do NOT change the value of fips.approved.mode.enabled property, otherwise the Agent Manager won’t work with the Foglight Management Server if their FIPS-compliant modes are inconsistent.

CAUTION: As AIX is not listed on the Bouncy Castle FIPS support list, Foglight Agent Manager makes no statement as to the correct operation of the module or the security strengths of the generated keys if Agent Manager runs in AIX operating system.

When FIPS-compliant mode is enabled:

NOTE: Foglight Agent Manager running in FIPS-compliant mode only ensures that the cryptography used by Agent Manager meets the standard. However, to check if the agents running in Agent Manager are FIPS-compliant, refer to the relevant cartridge release notes.

Disclaimer

Quest Software Inc. has made every effort to ensure that the information provided in this document is accurate. However, Quest makes no representation about the content and suitability of this information for any purpose. This information may be modified by Quest at any time. Nothing contained herein shall be construed as a warranty, express or implied, regarding the operation of Quest Software Inc. products.

Usage feedback

The Foglight® Management Server can collect usage data about your environment and send it to Quest Software Inc. to improve support response. This data helps Quest Software Inc. identify potential bottlenecks, and improve the overall Management Server performance and server versions going forward.

The collected usage data contains information about the visited dashboards. It also includes the unique ID of the Management Server and its version information. It does not identify any users or provide additional information about their actions in the user interface.

By default, this feature may be enabled. To turn it off, click Disable on the Communication dashboard. This dashboard is accessible from the navigation panel in the Foglight browser interface, under Administration > Support > Support Notifications > Automatic Communication with Quest.

Appendix: FISMA compliance

The Federal Information Security Management Act (FISMA) was passed by the U.S. Congress and signed by the president as part of the Electronic Government Act of 2002. It requires “each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information system that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source”.

NOTE: For additional details about FISMA, see http://csrc.nist.gov/sec-cert.

A major component of FISMA implementation is the publication by the National Institute of Standards and Technology (NIST), entitled “Recommended Security Controls for Federal Information Systems”, listed as NIST Special Publication 800-53 (for additional information about this document, see http://csrc.nist.gov/publications/PubsSPs.html#800-53). This document presents 17 general security categories that can be used to evaluate an information security to measure its level of compliance with FISMA. For this reason, this appendix offers the 17 categories listed in 800-53 and describes how Foglight® addresses them.