FIPS 140-2 cryptography in the BigFix environment

BigFix uses the BigFix Cryptographic Module to perform cryptographic functions throughout its environment. For instance, every time an operator logs into the BigFix console, creates a new user, initiates an action, or subscribes to new content there are cryptographic operations performed by this module.

The BigFix Cryptographic Module has been certified by NIST as compliant with the FIPS (Federal Information Processing Standard) 140-2 standard. Successful validation under the FIPS 140-2 standard means that these software routines have received an exceptional level of scrutiny and testing by a government approved laboratory. FIPS 140-2 has four evaluation levels with Levels 1 and 2 applicable to software. BigFix chose the more stringent Level 2 validation and was certified on 12 computing platforms. BigFix stops to run or does not start if the BigFix Cryptographic Module enters an error state.