Enabling SP800-131 compliance
You can set up a BigFix Inventory profile to meet the SP800-131 requirement that is originated by the National Institute of Standards and Technology (NIST).
Procedure
You can configure BigFix Inventory to
run in SP800-131 strict or transition mode.
- To configure the product to run in strict mode:
- Ensure that your server certificates meet the criteria for SP800-131.
For more information about SP800-131, see the National Institute of Standards and Technology Special Publication 800-131A.
- Modify your HTTPS configuration to use the TLS version 1.2 protocol.
- Enable the Java Secure Socket Extension (JSSE) to run in SP800-131
strict mode: set the system property com.ibm.jsse2.sp800-131 to strict.
The property must be set in the jvm.options file,
which is in the installation_dir/wlp/usr/servers/server1 directory. Example:
-Dcom.ibm.jsse2.sp800-131=strict
Note: If your server certificates do not meet the criteria for SP800-131 or if the TLS version 1.2 protocol is not used, then after you restart the server you are not able to connect to BigFix Inventory. In this event, you can remove the com.ibm.jsse2.sp800-131 property from the jvm.options file, or set the property to transition. - Ensure that your server certificates meet the criteria for SP800-131.
- To configure the product to run in transition mode,
enable JSSE to run in SP800-131 transition mode by setting the system
property com.ibm.jsse2.sp800-131 to transition.
The property must be set in the jvm.options file,
which is in the installation_dir/wlp/usr/servers/server1 directory.Example:
-Dcom.ibm.jsse2.sp800-131=transition