Security Configuration Scenarios
Starting from V9.1 BigFix provides the capability to follow the NIST security standards by configuring an enhanced security option. This setting enables SHA-256 as the hashing algorithm for digital signatures as well as content verification. It also enables the TLS 1.2 communication among the BigFix components.
You can set the enhanced security option only after you install or upgrade all the BigFix components to V9.1 or above. If you have a mixed environment, to keep the product compatibility with BigFix components earlier than V9.1, do not set the enhanced security option or, before setting it, upgrade the BigFix components to V9.1 or above.
In addition to the enhanced security setting, you can set a check for verifying the file download integrity using the SHA-256 algorithm. If you do not set this option, the file download integrity check is run using the SHA-1 algorithm. This option can be set only if you set the enhanced security option and, therefore, only if all the BigFix components are V9.1 or above.
In a complex environment, you can enable the enhanced security option, only after all the DSA servers are upgraded to BigFix V9.1 or above and have got a new license.