Fips Mode - Tripp Lite B092-016 Owner's Manual

Chapter 11: System Management
• Click Apply to run all the configurators in the queue
• Alternately click Cancel and this will discard all the delayd configuration changes
Note: All the queued configuration changes will be lost if Cancel is selected
To disable the Delayed Configuration Commits mode:
• Uncheck the Delayed Config Commits button under System: Administration and click Apply
• Click the Commit Config button in top right-hand corner of the screen to display the System: Commit Configuration
screen
• Click Apply to run the systemsettings configurator
The Commit Config button will no longer be displayed in the top right-hand corner of the screen and configurations will no
longer be queued.

11.6 FIPS Mode

Note: The US National Institute of Standards and Technology (NIST) publishes the FIPS (Federal Information Processing
Standard) series of standards. FIPS 140-1 and FIPS 140-2 are both technical standards and worldwide de-facto standards for
the implementation of cryptographic modules. These standards and guidelines are issued by NIST for use government-wide.
NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and
there are no acceptable industry standards or solutions.
Console Servers with Revision 3.0.1 firmware (or later) use an embedded OpenSSL cryptographic module that has been
validated to meet the FIPS 140-2 standards and has received Certificate #1051. This firmware is only currently available on
B095-004-1E / B095-003-1E-M Console Servers
When configured in FIPs mode all SSH, HTTPS and SDTConnector access to all services on the Console Servers will use the
embedded FIPS compliant cryptographic module. To connect you must also be using cryptographic algorithms that are FIPs
approved in your browser or client or the connection will fail.
• Select the System: Administration menu option
• Check FIPS Mode to enable FIPS mode on boot, and check Reboot to safely reboot the console server
• Click Apply and the Console Server will now reboot. It will take several minutes to reconnect as secure communications
with your browser are validated, and when reconnected it will display "FIPs mode: Enabled" in the banner
Note: To enable FIPS mode from the command line, login and run these commands:
config -s config.system.fips=on
touch /etc/config/FIPS
chmod 444 /etc/config/FIPS
flatfsd -b
The final command saves to flash and reboots the unit. The unit will take a few minutes to boot into FIPS mode. To disable
FIPS mode:
config -d config.system.fips
rm /etc/config/FIPS
flatfsd –b
168