Reference Guide

Enabling FIPS Cryptography

Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS

standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US

Department of Commerce. FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-

based cryptographic module.

This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms.

NOTE: The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module (Certificate #1747) running

on NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5 guidelines.

NOTE: Only the following features use the embedded FIPS 140-2-validated cryptography module:

● SSH Client

● SSH Server

● RSA Host Key Generation

● SCP File Transfers

Currently, other features using cryptography do not use the embedded FIPS 140-2-validated cryptography module.

Topics:

• Configuration Tasks

• Preparing the System

• Enabling FIPS Mode

• Generating Host-Keys

• Monitoring FIPS Mode Status

• Disabling FIPS Mode

Configuration Tasks

To configure and use FIPS cryptography on the switch, perform these tasks:

● Preparing the System

● Enabling FIPS Mode

● Generating Host-Keys

● Monitoring FIPS Mode Status

● Disabling FIPS Mode

Preparing the System

Before you enable FIPS mode, Dell Networking recommends making the following changes to your system.

1. Disable the Telnet server (only use secure shell [SSH] to access the system).

2. Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).

3. Attach a secure, standalone host to the console port for the FIPS configuration to use.

300 Enabling FIPS Cryptography