5.6 Enabling FIPS mode

LiveCycle provides a FIPS mode to restrict data protection to Federal Information Processing Standard (FIPS) 140-2 approved algorithms using the RSA BSAFE Crypto-C 2.1 encryption module.

If you did not enable this option by using Configuration Manager during LiveCycle configuration or if you enable it but want to turn it off, you can change this setting through Administration Console.

Modifying FIPS mode requires you to restart the server.

FIPS mode does not support Acrobat versions earlier than 7.0. If FIPS mode is enabled and the Encrypt With Password and Remove Password processes include the Acrobat 5 setting, the process fails.

In general, when FIPS is enabled, the Assembler service does not apply password encryption to any document. If this is attempted, a FIPSModeException is thrown, indicating that “Password encryption is not permitted in FIPS mode.” Additionally, the PDFsFromBookmarks element is not supported in FIPS mode when the base document is password-encrypted.

Turn FIPS mode on or off

  1. Log in to Administration Console.

  2. Click Settings > Core System Settings > Configurations.

  3. Select Enable FIPS to enable FIPS mode or deselect it to disable FIPS mode.

  4. Click OK and restart the application server.

Note: LiveCycle software does not validate code to ensure FIPS compatibility. It provides a FIPS operation mode so that FIPS-approved algorithms are used for cryptographic services from the FIPS-approved libraries (RSA).

// Ethnio survey code removed