Using security hardening feature, you can enable different security profiles for Session Manager.
Session Manager supports Standard and Hardened security profiles. Each profile has specific security attributes. The following table describes security attributes for Standard and Hardened profile:
Security attribute |
Standard |
Hardened |
VM Configuration Hardening1 |
Y |
Y |
Password management |
Y |
Y (more restrictive) |
Login and session management |
Y |
Y (more restrictive) |
System and application files hardening |
Y |
Y |
Certificate management |
Y |
Y |
Support TLS 1.2 and TLS 1.3 |
Y |
Y |
FIPS 140-2 Compliance |
- |
Y |
Multifactor Authentication (PIV and CAC support) |
Through System Manager |
Through System Manager |
SELinux enabled |
Enforced |
Enforced |
Audit management |
Y |
Y |
AIDE (File Tampering Prevention) |
- |
Y |
By default, Session Manager is configured with the Standard profile.
Warning:
After you configure Session Manager with Hardened profile, you cannot change the profile. To change the profile, you need to redeploy Session Manager.
