Welcome
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Remote Control Installation Guide
By using Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.
NIST SP800-131A compliance in Remote Control
Remote Control version 10.0.0 components can be configured for NIST SP800-131A compliance.

BigFix Documentation Homepage
BigFix 11 Lifecycle Documentation
Welcome to the BigFix Lifecycle documentation, where you can find information about how to install, maintain, and use BigFix Lifecycle.
BigFix Platform
BigFix Query
Lifecycle overview
BigFix Lifecycle is single-agent, single-console technology that provides near real-time visibility into the state of endpoints.
Lifecycle guides in PDF format
Following is a list of links to the BigFix Lifecycle guides in PDF format:
Software Distribution
Use the BigFix Software Distribution applications to deploy software to endpoints across your network from a single location. Maintain control and visibility into software delivery and installation. Device owners can use the Self Service Application to manage software and other BigFix actions that are deployed to them as offers.
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
- Release notes
  A summary of changed or new features and enhancements included in BigFix Remote Control.
- Remote Control Installation Guide
  By using Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.
  - Audience
  - Versions
  - Terms used in this guide
  - Overview of the Remote Control system
  - Get started
    Now that you understand the terms and components available in Remote Control, you can identify which components you need to install:
  - Install the Remote Control components
    The Remote Control components can be installed in two ways. If you have access to the BigFix® console, use a deployment fixlet to install the components.
  - Utility for extracting the component installation files
    Remote Control provides a utility that you can use to extract the installation files that are required for each component.
  - Enable secure target registration
    To prevent unauthorized targets from registering with the Remote Control server, you can enable the secure registration feature and use tokens to authenticate the target.
  - Install the driver for smart card authentication
    The BigFix® Remote Control Target provides an installation option to install a virtual smart card reader driver. You can also install the driver by running a fixlet in the BigFix console.
  - Manage the component services
    After you install the Remote Control components, if you change their configuration, you can stop, start, or restart the component services.
  - Enabling email
  - Configure LDAP
  - Configure Microsoft Entra ID
  - Configure TLSv1.3
  - Federal information processing standard (FIPS) compliance in Remote Control
    The US Federal information processing standard 140-2 (FIPS 140-2) is a cryptographic function validation program that defines security standards for cryptographic modules that are used in IT software.
  - NIST SP800-131A compliance in Remote Control
    Remote Control version 10.0.0 components can be configured for NIST SP800-131A compliance.
    - Enable NIST SP800-131A compliance on the server
      You can enable NIST SP800-131A compliance on the Remote Control server during installation, when you are using the server installer program. You can also enable NIST compliance after installation. To enable NIST SP800-131A compliance for a manual BigFix® Remote Control Server installation, you must configure theBigFix Remote Control Server and WebSphere®.
    - Enabling NIST SP800-131A compliance on the controller
    - Creating a certificate for an MS SQL database when NIST SP800-131A is enabled
      When you enable NIST SP800-131A compliance and you are using an MS SQL database, you must create a certificate.
    - Enable NIST SP800-131A compliance on the target
      You can enable NIST SP800-131A compliance on the Remote Control target in various ways. NIST SP800-131A compliance can be enabled during installation when you are using the target installation program. You can enable NIST SP800-131A compliance after the installation by editing the target registry on Windows® systems, or by editing the configuration file on Linux® systems.
    - Enabling NIST SP800-131A compliance on the gateway
      You can enable NIST SP800-131A compliance on the gateway component by editing the gateway configuration file that is created when you install gateway support.
    - Enabling NIST SP800-131A compliance on the broker
      You can enable NIST SP800-131A compliance on the broker component by editing the broker configuration file that is created when you install broker support.
    - Enabling NIST SP800-131A compliance on the CLI tools
      NIST SP800-131A compliance can be enabled during installation when you are installing the CLI tools on a Windows operating system. You can enable NIST SP800-131A after you install the CLI tools in Linux by editing the configuration file.
  - Verifying the server installation
  - Recover from installation errors
  - Uninstall the components
  - Upgrade from previous versions
  - Maintaining the target installation
  - Properties that can be set in the target configuration
    You can configure target properties either during or after installation. The operating system on the target system determines which properties can be configured. The target properties determine the actions that can be carried out during a peer-to-peer session. If you set a server URL and set the Managed property to Yes, the actions are determined by the policies that are set on the Remote Control server.
- Remote Control Administrators Guide
  This guide is for users who want to administer Remote Control.
- Remote Control Console User Guide
- BigFix Remote Control Controller Users Guide
- Remote Control Target Users Guide
- Remote Control On-demand Target Guide
  Use Remote Control to start remote control sessions over the internet with targets that do not have the target software installed.
- Remote Control V10 Readme
Power Management
Use Power Management to control, monitor, and manage conservation policies in your deployment.
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
Server Automation
Server Automation provides powerful automation. You can use it to sequence automation actions in steps across multiple endpoints.
Profile Management
Profile Management is a WebUI-based feature of BigFix Lifecycle. It provides Security Administrators the capability to define and deploy security policies to Windows 10 and macOS devices.
BigFix Remediate
BigFix MCM

NIST SP800-131A compliance in Remote Control

Remote Control version 10.0.0 components can be configured for NIST SP800-131A compliance.

The National Institute of Standards and Technology (NIST) Special Publications (SP) 800-131A standard strengthens algorithms and increases the cryptographic key lengths to improve security.

The following prerequisites are required:

Ensure that all keys have at least a key security strength greater than or equal to 112 bits. RSA keys must be at least 2048 bits.
Ensure that all certificates are created with the new key strengths. Any RSA certificates that use keys shorter than 2048 bits must be replaced with a certificate that uses 2048-bit keys or higher.
Ensure that all certificates are signed by an allowed signature algorithm of minimum SHA-2.

When you enable NIST SP800-131A compliance, the TLSv1.2 protocol is used for providing secure connections. Therefore, you must ensure that your browser is compatible.

Compliance with NIST SP800-131A also requires that the cryptographic provider is FIPS 140-2 certified. When SP800-131A compliance is enabled, FIPS 140-2 compliance is enabled automatically, even when it is disabled in the settings.

For NIST SP800-131A compliance, you must configure all your components. There is no compatibility with earlier versions of the components.

Note:

There is no support for NIST SP800-131A with Oracle JVMs. Therefore, to take advantage of the NIST support, you must install the stand-alone controller component.
The NIST SP800-131A support has been deprecated due to the availability of the new FIPS 140-3 module. For more information about the FIPS 140-3 module, see Federal information processing standard (FIPS) compliance in Remote Control.