FIPS CLI Commands
This appendix describes the Federal Information Processing Standards (FIPS) commands.
fips enable
Description
Enables FIPS mode.
Syntax
[no] fips enable
Parameters
None
Usage
FIPS are publicly announced validation standards developed by the United States National Institute of Standards and Technology (NIST) for use by all nonmilitary government agencies and by government contractors.
FIPS 140-2 is a technical and worldwide de-facto standard for the implementation of cryptographic modules. FIPS validation makes the Riverbed appliance more suitable for use with government agencies that have formal policies requiring use of FIPS 140-2 validated cryptographic software.
The Riverbed operating systems, such as RiOS, rely on a FIPS 140-2 Level 1 compatible cryptographic module to meet compliance.
Important: Throughout this guide, FIPS-mode and FIPS-compliance refers to use of the Riverbed Cryptographic Security Module. The RCSM appears as the validated cryptographic module on the NIST vendor page instead of a specific Riverbed appliance. The NIST vendor page is available at this URL:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm Example
amnesiac (config) # fips enable
amnesiac (config) # service restart
Product
SteelHead CX, SteelHead EX, SteelFusion Core, SteelFusion Edge, Interceptor, Mobile Controller
Related Topics
show fips status
Description
Displays FIPS information.
Syntax
show fips status
Parameters
None
Example
amnesiac > show fips status
SCC Autoregistration: Should not be configured in FIPS mode.
SMB2 Signing: May not comply with FIPS standard.
Web: Web SSL ciphers must include the elements in
TLSv1.2:kRSA:!eNull:!aNULL and may optionally delete ciphers
Product
SteelHead CX, SteelHead EX, SteelFusion Core, SteelFusion Edge, Interceptor, Mobile Controller
Related Topics