Users Guide
FIPS Cryptography
Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS standards
published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module.
This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms.
NOTE: The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module (Certicate #1747) running on
NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5 guidelines.
NOTE: Only the following features use the embedded FIPS 140-2-validated cryptography module:
• SSH Client
• SSH Server
• RSA Host Key Generation
• SCP File Transfers
Currently, other features using cryptography do not use the embedded FIPS 140-2-validated cryptography module.
Topics:
• Conguration Tasks
• Preparing the System
• Enabling FIPS Mode
• Generating Host-Keys
• Monitoring FIPS Mode Status
• Disabling FIPS Mode
Conguration Tasks
To enable FIPS cryptography, complete the following conguration tasks.
• Preparing the System
• Enabling FIPS Mode
• Generating Host-Keys
• Monitoring FIPS Mode Status
• Disabling FIPS Mode
Preparing the System
Before you enable FIPS mode, Dell Networking recommends making the following changes to your system.
1 Disable the Telnet server (only use secure shell [SSH] to access the system).
2 Disable the FTP server (only use secure copy [SCP] to transfer les to and from the system).
3 Attach a secure, standalone host to the console port for the FIPS conguration to use.
14
266 FIPS Cryptography