Enabling FIPS Cryptography | 337
15
Enabling FIPS Cryptography
Federal Information Processing Standards (FIPS) Cryptography is supported on the following platforms: z
This chapter describes how to enable FIPS cryptography requirements on the Dell Force10 platforms. This feature provides
cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and
Technology (NIST), a non-regulatory agency of the US Department of Commerce. The FIPS mode is also validated for
numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module.
This chapter describes the FIPS configuration procedure:
• Preparing the System
• Enabling FIPS Mode
• Generating Host-Keys
• Monitoring FIPS Mode Status
• Disabling the FIPS Mode
Preparing the System
Before you enable FIPS mode, Dell Force10 recommends making the following steps to your system:
• Disable the Telnet server (only SSH (Secure Shell) should be used to access the system).
• Disable the FTP server (only SCP (Secure Copy) should be used to transfer files to and from the system).
• Attach a secure, standalone host to the console port to be used for FIPS configuration.
Note: FTOS 9.1(0.0) uses an embedded FIPS 140-2-validated cryptography module (Certificate #1747) running on
NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5 guidelines. The current validation includes the
S4810 and Z9000 platforms. More details on the cryptography module validation may be found at http://
www.openssl.org/docs/fips/fipsvalidation.html, and on the Certificate at http://csrc.nist.gov/groups/STM/cmvp/
documents/140-1/140val-all.htm#1747.
Note: The embedded FIPS 140-2-validated cryptography module is used only by the following features:
• SSH Client
• SSH Server
• RSA Host Key Generation
• SCP File Transfers
Other features using cryptography do not currently use the embedded FIPS 140-2-validated cryptography
module.
To Next Page
Loading...
