User guide

CHAPTER 2

FIPS

•

SA FIPS on page 7

•

SA FIPS Execution on page 8

•

FIPS Overview on page 9

SA FIPS

FIPS, or Federal Information Processing Standards, are National Institute of Standards

and Technology regulations for handling keys and encrypting data. Juniper Networks SA

FIPS is a standard SA4000 or SA6000 NetScreen Instant Virtual Extranet equipped with

a FIPS-certified cryptographic module. The tamper-proof hardware security module

installed on an SA FIPS Series Appliance is certified to meet the FIPS 140-2 level 3 security

benchmark. The module handles private cryptographic key management and SSL

handshakes, simultaneously, ensuring FIPS compliance and off-loading CPU-intensive

public key infrastructure (PKI) tasks from the Secure Access Service to a dedicated

module.

The configuration process for SA FIPS administrators is almost exactly the same as for

the non-SA FIPS administrators, requiring only minor configuration changes during the

initialization, clustering, and certificate generation processes. In the few cases where

administration tasks are different, this guide includes the appropriate instructions for

both SA and SA FIPS administrators. For end-users, SA FIPS is exactly the same as a

standard Secure Access Service system.

SA FIPS is a hardware feature that is built into selected Secure Access Services. It is not

available on SA700 Series Appliances.

Documentation

SA FIPS Execution on page 8•

• Creating Administrator Cards on page 57

• Creating a New Security World on page 17

• Recovering an Archived Security World on page 20

• SA FIPS Execution on page 8