Configure the Analytics Agent for FIPS Compliance

The Analytics Agent >= 22.10.0 is Federal Information Processing Standards (FIPS) 140-2 compliant.

To use the FIPS-compliant BCFKS trust store for the Analytics Agent, you can:

  1. Update the Analytics Agent configuration properties, OR
  2. Update the JVM arguments.

Update Analytics Agent Configuration Properties

When truststores are used in the Analytics Agent, the truststore type must be added to override the default truststore type (JKS).

Configure Analytics Agent to Events Service Communication

To configure Analytics Agent to Events Service communication, update the following properties:

https.event.trustStorePath=<path_to_BCFKS_truststore>
https.event.trustStorePassword=<password_for_truststore>
https.event.trustStoreType=BCFKS

Configure Analytics Agent to Controller Communication

To configure Analytics Agent to Controller communication, update the following properties:

ad.controller.https.trustStorePath=<path_to_BCFKS_truststore>
ad.controller.https.trustStorePassword=<password_for_truststore>
ad.controller.https.trustStoreType=BCFKS

Update JVM Arguments

  1. Provide the following JVM arguments: 
    -Djavax.net.ssl.trustStore=<absolute_path_to_BCFKS_truststore>
-Djavax.net.ssl.trustStoreType=BCFKS
-Djavax.net.ssl.trustStorePassword=<password_for_truststore>
  2. In the java.securityReplace <desired preference order>
    security.provider.<desired preference order>=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
If the secure credential store is used for the access key or other password encryptions, use the FIPS-complaint configuration to generate the keystore. See Encrypt Agent Credentials.