Contents

FIPS compliant communication encryption

Summary

Nomad has always provided encryption for most of its communications and in Nomad 6.0 an advanced FIPS compliant encryption algorithm was made available. The United States Federal Information Processing Standard (FIPS) is a standard that defines security requirements for software used by the U.S. federal government. It stipulates that applications that encrypt any sensitive data should use only a certain set of approved encryption algorithms.

FIPS compliant communication encryption

FIPS encrypts the following types of Nomad data:

Data sent over a network in peer-to-peer communications, including:

    • Election communications
    • Connectionless data transfer
    • Nomad FanOut requests
    • Sign-on/sign-off communication
    • SSD Package Status Requests
    • PBA communications.
On this page:

Encryption types

Nomad provides two types of encryption:its default 40-bit RC2 encryption algorithm and FIPS compliant encryption. You can set the encryption type used by Nomad during installation or by modifying a Nomad registry entry.

Nomad clients running different encryption types will be unable to communicate with each other. If you want to use FIPS compliant encryption and earlier versions of Nomad are already deployed roll-out Nomad 6.0 using its default encryption standard. Once all clients have been upgraded to Nomad 6.0, change the encryption level to FIPS compliant.

Installing Nomad with FIPS encryption

FIPS encryption can be set when you enable Nomad in the 1E Client. This is done by checking the Use FIPS encryption checkbox on the Nomad screen of the 1E Client installer, as shown in the picture opposite.

You can also set FIPS encryption with the MODULE.NOMAD.USEFIPS installer property.

Setting FIPS encryption post-installation

To change Nomad's encryption type after installation you can modify the EncryptionType registry value. By default this is set to 0, for standard Nomad encryption, unless the Use FIPS encryption checkbox was checked during installation, in which case it is set to 1.