Skip to main content

1E 9.x (on-premises)

FIPS compliant communication encryption

Nomad has always provided encryption for most of its communications and uses an advanced FIPS compliant encryption algorithm. The United States Federal Information Processing Standard (FIPS) http://en.wikipedia.org/wiki/FIPS_140-2 is a standard that defines security requirements for software used by the U.S. federal government. It stipulates that applications that encrypt any sensitive data should use only a certain set of approved encryption algorithms.

FIPS compliant communication encryption

FIPS encrypts the following types of Nomad data sent over a network in peer-to-peer communications, including:

    • Election communications

    • Connectionless data transfer

    • Nomad FanOut requests

    • Sign-on/sign-off communication

    • SSD Package Status Requests

    • PBA communications.

Encryption types

Nomad provides two types of encryption, its default 40-bit RC2 encryption algorithm and FIPS compliant encryption. You can set the encryption type used by Nomad during installation or by modifying a Nomad registry entry.

Note

Nomad clients running different encryption types will be unable to communicate with each other. If you want to use FIPS compliant encryption and earlier versions of Nomad are already deployed, you should roll out Nomad using its default encryption standard. Once all clients have been upgraded, change the encryption level to FIPS compliant.

Installing Nomad with FIPS encryption

FIPS encryption can be set when you enable Nomad in the 1E Client. This is done by checking the Use FIPS encryption checkbox on the Nomad screen of the 1E Client installer, for more information refer to Installing the 1E Client for Nomad.

You can also set FIPS encryption with the MODULE.NOMAD.USEFIPS installer property.

Setting FIPS encryption post-installation

To change Nomad's encryption type after installation you can modify the EncryptionType registry value. By default, this is set to 0, for standard Nomad encryption, unless the Use FIPS encryption checkbox was checked during installation, in which case it is set to 1.