Manualshelf

R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
151152153154155156157158159160
144
Configuring FIPS
Overview
Federal Information Processing Standards (FIPS), developed by the National Institute of Standard and
Technology (NIST) of the United States, specify the requirements for cryptography modules. FIPS 140-2
defines four levels of security, simply named "Level 1" to "Level 4" from low to high. Currently, the switch
supports Level 2.
Unless otherwise noted, FIPS in the document refers to FIPS 140-2.
Startup methods for entering the FIPS mode
After you enable FIPS mode and reboot the switch, the switch operates in FIPS mode, which has strict
security requirements, and performs self-tests on cryptography modules to verify that they work correctly.
The device operating in FIPS mode complies with Common Criteria (CC) and meets the requirements of
Protection Profile for Network Devices (NDPP).
The system provides two methods to enter FIPS mode: automatic reboot and manual reboot.
Automatic reboot
The system automatically creates a default FIPS configuration file named fips-startup.cfg, and specifies
this file as the next startup configuration file. After requesting the user to configure the username and
password to log in to the rebooted device, the system automatically uses the default FIPS configuration
file to reboot the device.
To use automatic reboot to enter the FIPS mode, follow these steps:
1. Enable FIPS mode.
2. Select the automatic reboot method. You can press Ctrl+C to exit the configuration process. Then,
the fips mode enable command that is already entered is not executed.
3. Configure the username and password to log in to the device in FIPS mode. The user role is crypto
officer in FIPS mode. The password must comprise at least 15 characters and must contain
uppercase and lowercase letters, digits, and special characters.
4. The system automatically uses the specified startup configuration file to reboot the device.
5. The system enters FIPS mode. You can only use the configured username and password to log in
to the device in FIPS mode.
Manual reboot
This method requires that you manually complete the configurations for entering FIPS mode and then
reboot the switch.
To use manual reboot to enter FIPS mode, follow these steps:
1. Enable the password control function globally.
2. Set the number of character types in a password for password control to 4 and configure at least
one character for each type.
3. Configure the password for password control to contain at least 15 characters.