Manualshelf

Reference v4.1.0 Instruction Manual

ManualsBrandsBrocade ManualsComputer AccessoriesNetwork OS Command
321322323324325326327328329330
Network OS Command Reference 287
53-1003115-01
fips selftests
2
fips selftests
Enables Federal Information Processing Standards (FIPS) self tests which will be performed when
the switch boots. If the tests run successfully, the switch comes up in the FIPS compliant state.
Synopsis fips selftests
Operands None
Defaults The switch operates in the non-FIPS compliant state.
Command Modes Privileged EXEC mode
Description Use this command to enable FIPS self tests on the switch. These self tests include known answer
tests (KATs) that exercise various features of FIPS algorithms and conditional tests that test the
randomness of random number generators and check for signed firmware. These tests run when
the switch boots. Successful completion of these tests places the switch into the FIPS-compliant
state. If any test returns an error, the switch reboots and runs the tests again. Whether tests
succeed or fail, you cannot return the switch to the non-FIPS compliant state.
You typically use this command after disabling non-FIPS compliant features on the switch and
configuring secure ciphers, but before zeroizing the switch with the fips zeroize command. These
non-FIPS compliant features that must be disabled include Brocade VCS Fabric mode, the
Boot PROM, root access, TACACS+ authentication, and the dot1x feature. Secure ciphers that
must be configured are for the SSH protocol and (optionally) for the Lightweight Directory Access
Protocol (LDAP) protocol. The fips zeroize command erases all critical security parameters and
reboots the switch. Refer to the Network OS Administrator’s Guide for details about preparing a
switch for FIPS compliance.
Usage Guidelines Under normal operation, this command is hidden to prevent accidental use. Enter the unhide fips
command with password “fibranne to make the command available.
This command applies only in the standalone mode. It can be entered only from a user account
with the admin role assigned.
CAUTION
This command should be used only by qualified personnel. Once a switch is in the FIPS-compliant
state, you cannot return it to the non-FIPS compliant state.
Examples To enable the FIPS self tests:
switch# unhide fips
Password: *****
switch# fips selftests
Self tests enabled
See Also fips root disable, fips zeroize, prom-access disable, show prom-access, unhide fips