Welcome
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Remote Control Installation Guide
By using Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.
NIST SP800-131A compliance in Remote Control
Remote Control version 10.0.0 components can be configured for NIST SP800-131A compliance.
Enable NIST SP800-131A compliance on the server
You can enable NIST SP800-131A compliance on the Remote Control server during installation, when you are using the server installer program. You can also enable NIST compliance after installation. To enable NIST SP800-131A compliance for a manual BigFix® Remote Control Server installation, you must configure theBigFix Remote Control Server and WebSphere®.
Enabling NIST SP800-131A compliance on a server with a stand-alone WebSphere Application Server
The BigFix® Remote Control Server uses the middleware infrastructure that is provided by WebSphere® secure HTTP communications. Therefore, to enable NIST SP800-131A compliance for a manual BigFix Remote Control Server installation you must configure BigFix Remote Control Server and WebSphere.

BigFix Documentation Homepage
BigFix 11 Lifecycle Documentation
Welcome to the BigFix Lifecycle documentation, where you can find information about how to install, maintain, and use BigFix Lifecycle.
BigFix Platform
BigFix Query
Lifecycle overview
BigFix Lifecycle is single-agent, single-console technology that provides near real-time visibility into the state of endpoints.
Lifecycle guides in PDF format
Following is a list of links to the BigFix Lifecycle guides in PDF format:
Software Distribution
Use the BigFix Software Distribution applications to deploy software to endpoints across your network from a single location. Maintain control and visibility into software delivery and installation. Device owners can use the Self Service Application to manage software and other BigFix actions that are deployed to them as offers.
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
- Release notes
  A summary of changed or new features and enhancements included in BigFix Remote Control.
- Remote Control Installation Guide
  By using Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.
  - Audience
  - Versions
  - Terms used in this guide
  - Overview of the Remote Control system
  - Get started
    Now that you understand the terms and components available in Remote Control, you can identify which components you need to install:
  - Install the Remote Control components
    The Remote Control components can be installed in two ways. If you have access to the BigFix® console, use a deployment fixlet to install the components.
  - Utility for extracting the component installation files
    Remote Control provides a utility that you can use to extract the installation files that are required for each component.
  - Enable secure target registration
    To prevent unauthorized targets from registering with the Remote Control server, you can enable the secure registration feature and use tokens to authenticate the target.
  - Install the driver for smart card authentication
    The BigFix® Remote Control Target provides an installation option to install a virtual smart card reader driver. You can also install the driver by running a fixlet in the BigFix console.
  - Manage the component services
    After you install the Remote Control components, if you change their configuration, you can stop, start, or restart the component services.
  - Enabling email
  - Configure LDAP
  - Configure TLSv1.3
  - Federal information processing standard (FIPS 140-2) compliance in Remote Control
    The US Federal information processing standard 140-2 (FIPS 140-2) is a cryptographic function validation program that defines security standards for cryptographic modules that are used in IT software.
  - NIST SP800-131A compliance in Remote Control
    Remote Control version 10.0.0 components can be configured for NIST SP800-131A compliance.
    - Enable NIST SP800-131A compliance on the server
      You can enable NIST SP800-131A compliance on the Remote Control server during installation, when you are using the server installer program. You can also enable NIST compliance after installation. To enable NIST SP800-131A compliance for a manual BigFix® Remote Control Server installation, you must configure theBigFix Remote Control Server and WebSphere®.
      - Enabling NIST SP800-131A compliance during the server installation
      - Enabling NIST SP800-131A compliance on a server with a stand-alone WebSphere Application Server
        The BigFix® Remote Control Server uses the middleware infrastructure that is provided by WebSphere® secure HTTP communications. Therefore, to enable NIST SP800-131A compliance for a manual BigFix Remote Control Server installation you must configure BigFix Remote Control Server and WebSphere.
      - Enabling NIST SP800-131A compliance after you install the server
        After you install the server by using the installer program, you can enable NIST SP800-131A compliance in a number of ways.
    - Enabling NIST SP800-131A compliance on the controller
    - Creating a certificate for an MS SQL database when NIST SP800-131A is enabled
      When you enable NIST SP800-131A compliance and you are using an MS SQL database, you must create a certificate.
    - Enable NIST SP800-131A compliance on the target
      You can enable NIST SP800-131A compliance on the Remote Control target in various ways. NIST SP800-131A compliance can be enabled during installation when you are using the target installation program. You can enable NIST SP800-131A compliance after the installation by editing the target registry on Windows® systems, or by editing the configuration file on Linux® systems.
    - Enabling NIST SP800-131A compliance on the gateway
      You can enable NIST SP800-131A compliance on the gateway component by editing the gateway configuration file that is created when you install gateway support.
    - Enabling NIST SP800-131A compliance on the broker
      You can enable NIST SP800-131A compliance on the broker component by editing the broker configuration file that is created when you install broker support.
    - Enabling NIST SP800-131A compliance on the CLI tools
      NIST SP800-131A compliance can be enabled during installation when you are installing the CLI tools on a Windows operating system. You can enable NIST SP800-131A after you install the CLI tools in Linux by editing the configuration file.
  - Verifying the server installation
  - Recover from installation errors
  - Uninstall the components
  - Upgrade from previous versions
  - Maintaining the target installation
  - Properties that can be set in the target configuration
    You can configure target properties either during or after installation. The operating system on the target system determines which properties can be configured. The target properties determine the actions that can be carried out during a peer-to-peer session. If you set a server URL and set the Managed property to Yes, the actions are determined by the policies that are set on the Remote Control server.
- Remote Control Administrators Guide
  This guide is for users who want to administer Remote Control.
- Remote Control Console User Guide
- BigFix Remote Control Controller Users Guide
- Remote Control Target Users Guide
- Remote Control On-demand Target Guide
  Use Remote Control to start remote control sessions over the internet with targets that do not have the target software installed.
- Remote Control V10 Readme
Power Management
Use Power Management to control, monitor, and manage conservation policies in your deployment.
Server Automation
Server Automation provides powerful automation. You can use it to sequence automation actions in steps across multiple endpoints.
Profile Management
Profile Management is a WebUI-based feature of BigFix Lifecycle. It provides Security Administrators the capability to define and deploy security policies to Windows 10 and macOS devices.
CVE Search dashboard
BigFix CVE Search dashboard and Web Report are available as part of the CyberFOCUS site.
BigFix Remediate
BigFix MCM

Enabling NIST SP800-131A compliance on a server with a stand-alone WebSphere Application Server

The BigFix® Remote Control Server uses the middleware infrastructure that is provided by WebSphere® secure HTTP communications. Therefore, to enable NIST SP800-131A compliance for a manual BigFix® Remote Control Server installation you must configure BigFix® Remote Control Server and WebSphere®.

About this task

To enable NIST SP800-131A compliance for a manual server installation, complete the following steps after you install the server.

Procedure

Configure WebSphere
Refer to the IBM WebSphere® documentation on how to enable NIST SP800-131A in WebSphere®. Follow the instructions relevant to your version of WebSphere®.
Log on to the BigFix® Remote Control Server with a valid admin ID and password.
Click Admin > Edit properties files
In the common.properties file set sp800131a.compliance to true.
Click Submit.
Click Admin > Reset Application.
Restart the server service.
For more information about restarting the server service, see Manage the component services. Follow the steps in the section that is relevant to your operating system.

Results

Note: NIST SP800-131A enablement changes in WebSphere® affect all other applications that are running on that server. Therefore, browser settings for the users who access those other applications must be changed to support Transport Layer Security (TLS).

To enable TLS in Internet Explorer, complete the following steps.

Click Tools > Internet Options.
On the Advanced tab, select Use TLS 1.2.
Click Apply.
Click OK.

To enable TLS in Firefox, complete the following steps.

In the browser, go to the about:config page.
Click I'll be careful, I promise.
In the search field search for security.tls.version.max.
Set the value to 3.