Selecting FIPS 140-2 as the Encryption Suite may require other areas of OnBase to be configured in a way that aligns with the FIPS 140-2 standard. If FIPS 140-2 is selected as the Encryption Suite in the Cryptography Settings, the following additional considerations apply to the implementation of the FIPS 140-2 standard.
For details on how this standard is enforced in OnBase, see the FIPS 140-2 Implementation Guide available from your first line of support.
- Version Compatibility
-
The Version Compatibility setting in the Cryptography Settings dialog box must be set to Version 18 or newer.
- Encrypted Disk Groups
-
Encrypted Disk Groups must be set to use AES-CFB encryption in order to align with the FIPS 140-2 standard. You are not prompted to make this change when you configure the Cryptography Settings for FIPS 140-2. For details on configuring Encrypted Disk Groups, see the Platter Management module reference guide.
Note:AES-CFB is not available as an encryption option for Encrypted Disk Groups until the Encryption Suite has been saved as FIPS 140-2 in the Cryptography Settings dialog box.
- Password Policy
-
You should require all users to update their passwords after configuring FIPS 140-2 as the Encryption Suite to ensure that passwords are encrypted using the FIPS 140-2 standard. When passwords are changed, the new encryption algorithm is used. For details on resetting user passwords, see the System Administration module reference guide.