立即与支持人员聊天
与支持团队交流

Change Auditor 7.3 - FIPS Compliance User Guide

Prerequisites

The following prerequisites are necessary to set up an environment for FIPS Mode.
Windows Server 2012
Enable the following group policies on all Change Auditor components (agent, coordinator, windows client, web client, and workstation agent):
System Cryptography: Use FIPS compliance algorithms for encryption, hashing and signing. Ensure the “AES128_HMAC_SHA1” and “AES256_HMAC_SHA1” values are selected.
Network Security: Configure encryption types allowed for Kerberos.

Installation and Operation

To ensure FIPS compliance for your Change Auditor deployment, all Change Auditor components must be v7.0.2 or later.
Environments with existing Change Auditor deployments:
All components (clients, coordinators, and agents) must be upgraded to v7.0.2 or later. Begin by upgrading all coordinators and clients. Once this is complete, upgrade all agents either remotely using the client or manually using the agent x64 installer.
New environments:
Installing Change Auditor v7.0.2 or later automatically enforces all FIPS Mode requirements. No updates are required.
Supported subsystems

FIPS compliant practices are implemented in Change Auditor wherever possible. The following subsystems guarantee FIPS compliant communications:
Active Directory
AD Queries
AD LDS
Windows File Server
SharePoint
SQL
Exchange
Logon Activity

All other subsystems are not considered completely FIPS compliant due to limitations related to handling and passing of data through communications with external products.

Webhooks and FIPS compliance

With the introduction of webhooks and event subscriptions in Change Auditor 7.0, you can configure Change Auditor to send event data to external sources. As the receiver of the data is customized and defined by each individual customer, you are responsible to verify the FIPS Compliance of the event data receiver. This includes generic webhook subscriptions created with Change Auditor PowerShell commands and subscriptions created in the Windows client for supported SIEM tools such as Splunk, ArcSight and QRadar.

In addition, when configuring subscriptions, you must use TLS enabled communication between Change Auditor and the event receivers to ensure FIPS compliance.

For Splunk and generic webhook subscriptions, the URL specified for the receiver of events must begin with HTTPS.
For ArcSight and QRadar subscriptions, the TLSEnabled flag must be set to True.

 

Our brand, our vision. Together.

Our logo reflects our story: innovation, community and support. An important part of this story begins with the letter Q. It is a perfect circle, representing our commitment to technological precision and strength. The space in the Q itself symbolizes our need to add the missing piece — you — to the community, to the new Quest.

Contacting Quest

For sales or other inquiries, visit www.quest.com/contact.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级