Logger forwarders, such as ArcSight Managers to which Logger forwards events and alerts: The system to which your FIPS-compliant Logger forwards events should be FIPS-compliant as well. Additionally, you need to import that system’s SSL server certificate on the Logger so that Logger can communicate with it.
If you forward events and alerts to an ArcSight Manager, it needs to run ESM 4.0 SP2 or later to enable FIPS 140-2 on it. For more information, see the ArcSight ESM Installation and Configuration Guide for the ESM version you are running. Additionally, follow instructions in ESM Destinations to complete configuration of this setup.
Loggers: Logger automatically uses FIPS 140-2 compliant algorithms. Therefore, no action is required on Logger, except enabling FIPS as described in this section. When enabling FIPS on a Software Logger, make sure that the machine on which Logger is installed is used exclusively for Logger.
Note: Enabling FIPS 140-2 on Software Logger does not make the system on which it is installed FIPS 140-2 compliant. Consult your system’s documentation to determine the requirements for making the entire system FIPS 140-2 compliant.
A Logger must use a CA-signed certificate if it is a destination of a software-based SmartConnector. Additionally, ensure that the root certificate of the CA that signed Logger's certificate is trusted on the SmartConnector. If the CA’s root certificate is not trusted on the SmartConnector, follow instructions in Installing or Updating a SmartConnector to be FIPS-Compliant.
See Also