R2511-HP MSR Router Series Security Configuration Guide(V5)
493
Configuring FIPS
Table 24 shows the support of devices for the FIPS mode that complies with NIST FIPS 140-2 requirements.
Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
Table 24 Hardware and FIPS mode compatibility matrix
Hardware FIPS mode
MSR900 No
MSR93X No
MSR20-1X No
MSR20 Yes
MSR30 Yes (except the MSR30-16)
MSR50 Yes
MSR1000 Yes
Overview
Federal Information Processing Standards (FIPS) was developed by the National Institute of Standard
and Technology (NIST) of the United States. FIPS specifies the requirements for cryptographic modules.
FIPS 140-2 defines four levels of security, named "Level 1" to "Level 4" from low to high. The device
supports Level 2.
Unless otherwise noted, in this document the term "FIPS" refers to FIPS 140-2.
FIPS self-tests
CAUTION:
If the device reboots repeatedly, it mi
g
ht be caused by software failures or hardware dama
g
es. Contact
HP Support to upgrade the software or repair the damaged hardware.
When the device enters FIPS mode, power-up self-tests and conditional self-tests automatically run to
ensure the correct operation of cryptography modules. If either type of tests fails, the device will restart.
Power-up self-tests
The power-up self-test, also called "known-answer test", examines the availability of FIPS-allowed
cryptographic algorithms. A cryptographic algorithm is run on data for which the correct output is
already known. The calculated output is compared with the known answer. If they are not identical, the
known-answer test fails.
The power-up self-test examines the cryptographic algorithms listed in Table 25: