Enabling Fips Cryptography; Configuration Tasks; Preparing The System - Dell Z9000 Configuration Manual

10/25/40/50/100gbe throughput

Hide thumbs Also See for Z9000:

Table of Contents

Enabling FIPS Cryptography

This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This

feature provides cryptographic algorithms conforming to various FIPS standards published by the

National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of

Commerce. FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a

software-based cryptographic module.

NOTE: The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module

(Certificate #1747) running on NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5

NOTE: Only the following features use the embedded FIPS 140-2-validated cryptography module:

RSA Host Key Generation

SCP File Transfers

Currently, other features using cryptography do not use the embedded FIPS 140-2-validated

cryptography module.

Enabling FIPS Mode

Generating Host-Keys

Monitoring FIPS Mode Status

Disabling FIPS Mode

Preparing the System

Before you enable FIPS mode, Dell Networking recommends making the following changes to your

Disable the Telnet server (only use secure shell [SSH] to access the system).

Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).

Attach a secure, standalone host to the console port for the FIPS configuration to use.

Enabling FIPS Cryptography