There are a fair number of key features which are not FIPS compliant and are not available to use when operating in a FIPS enforced environment:
1. Remote agent install
2. ODBC connections to DBs (MSSQL and Oracle are in my world)
3. PDF reports
Probably more issues, however, the biggest impact to my management of our environment are items 1 and 2.
My workarounds:
1: To install agents:
Windows: We use the MSI/MST agent install method paired with our patching tool (BigFix) to push the agent.
Linux: We use a scripted install which pulls from the server triggered by an Ansible playbook
2: Accessing DBs:
As a general workaround I use PowerShell to query the DBs which creates some extra challenges
1. Length limits on the "Script Arguments" forces the query into the script if the query is fairly long.
2. Writing and debugging the script is challenging since the environments (ISE and Orion) are different
3. SCM with Oracle was a little extra challenging (perhaps due to our security constraints) where the Oracle access is managed by a local user while the script runs on the server using a different domain account
What problems have you run into running in a FIPS environment and what have you done to workaround the challenges?
