Security Configuration Scenarios
BigFix provides the capability to follow the NIST security standards by configuring an enhanced security option.
This setting enables SHA-256 as the hashing algorithm for digital signatures as well as content verification. It also enables the TLS 1.2 communication among the BigFix components.
In addition to the enhanced security setting, you can set a check for verifying the file download integrity using the SHA-256 algorithm. If you do not set this option, the file download integrity check is run using the SHA-1 algorithm. This option can be set only if you set the enhanced security option and, therefore, only if all the BigFix components are V95 or above.
In a complex environment, you can enable the enhanced security option, only after all the DSA servers are upgraded to BigFix V95 or above and have got a new license.