Security Configuration Scenarios

Starting from Version 11, BigFix provides the capability to configure several security options.

SHA-384

The first setting enforces SHA-384 as the only hashing algorithm for digital signatures. You can set this security option only after you install or upgrade all the BigFix components to Version 11.

Note: When you set this option you configure a very restricted security environment. You can enable or disable this security setting at any time by running the BigFix Administration tool. For additional information, see Security.

In a complex environment, you can enforce SHA-384, only after all the DSA servers are upgraded to BigFix V11 or above and have a new license.

SHA-256 Downloads

You can set a check for verifying the file download integrity using the SHA-256 algorithm. If you do not set this option, the file download integrity check is run using the SHA-1 algorithm.

TLS 1.3

Select this option to require only the TLS 1.3 communication among the BigFix components. If this option is not selected, the BigFix server and relay will accept also the TLS 1.2 communication.

For additional information, see Security.

FIPS 140-2

To achieve compliance with the FIPS 140-2 standard, perform the steps described in Editing the Masthead on Windows systems and Editing the Masthead on Linux systems.