Table 6-2 Fips Mode Command Changes - Cisco CSS11501 - 100Mbps Ethernet Load Balancing Device Configuration Manual

Command Changes
Table 6-2 FIPS Mode Command Changes
Mode Command
Top Level Mode show device
show ssl
show ssl secpolicy
show ssl server
quick-start
Configuration access-list
Mode
password
Cisco 11000 Series Secure Content Accelerator Configuration Guide
6-8
Notes
Settings are not displayed for telnet or Web
management. The device type area indicates the
Secure Content Accelerator is in FIPS Mode.
When the Secure Content Accelerator is removed from
FIPS Mode, all settings existing before entering FIPS
Mode are retained with the exception of changes made
while in FIPS Mode.
SSL information includes objects that are not
FIPS-compliant, such as security policies other than
FIPS or those containing non-FIPS-compliant
algorithms.
Information can be shown for individual,
non-FIPS-compliant security policies.
Information can be shown for all servers. All
non-FIPS-compliant servers are disabled by default in
FIPS Mode and cannot be enabled without
reconfiguring them to be FIPS compliant.
When using the QuickStart wizard to create a server,
only FIPS-compatible security policies are available.
When using the QuickStart wizard to configure an
existing server, only FIPS-compliant servers can be
configured and only security policies containing one
or more FIPS-compliant algorithm are available.
You can create access lists while in FIPS Mode.
However, because telnet and GUI management
methods are unavailable in FIPS Mode, the access lists
assigned to those subsystems cannot be used. These
access lists are available when the device is returned to
normal operation. Access lists can be assigned to the
SNMP subsystem while in FIPS Mode.
FIPS Mode passwords must be at least eight characters
in length and are limited to a character set containing
the alphabet, Arabic numerals, period (.), hyphen (-),
underscore (_), and !@#$%^&*+=[]{};:<>?~ .
Chapter 6 FIPS Operation
78-13124-05