FIPS 140-3 Compatible Cryptography
When the FIPS 140-3 Compatible Cryptography option is selected on the Administration > Appliance Security > Security Compliance page, the appliance configures cryptography kernel settings as specified for FIPS 140-3 Level 1. While compatible, note that the NetProfiler and Flow Gateway appliances are not using a FIPS certified module and are therefore not certified for FIPS 140-3 cryptography.
Additionally, selecting the FIPS 140-3 Compatible Cryptography option has the following effects:
-
NTP encryption – In the Time Configuration section of the Administration > General Settings page, NTP connections must use either SHA1 encryption or no encryption. Any NTP servers that are currently configured to use MD5 encryption will be disconnected when the FIPS 140-3 Compatible Cryptography mode is enabled.
Note: There is no notification when switching to the FIPS 140-3 Compatible Cryptography mode disconnects NTP connections using MD5 encryption.
-
In the SNMP MIB Configuration section of the Administration > General Settings page, the settings are modified as follows:
-
-
If the SNMP MIB Configuration had been set to use SNMPv3 with Authentication and Privacy, then the settings are not changed when the FIPS 140-3 Compatible Cryptography mode is enabled.
-
If the SNMP MIB Configuration had been set to anything else (SNMPv1, SNMPv2, SNMPv3 with No Authentication/No Privacy or Authentication/No Privacy), then the SNMP server of the appliance is switched off when the FIPS 140-3 Compatible Cryptography mode is enabled.
-
If the SNMP server of the appliance had been switched off, then it remains off when the FIPS 140-3 Compatible Cryptography mode is enabled.
-
-
Vulnerability scanning setup – the Administration > Integration > Vulnerability Scanning setup page is disabled and not displayed.
-
Mitigation – All Administration > Mitigation pages are disabled and not displayed.
-
ODBC DB Access – the Administration > Account Management > ODBC DB Access page is disabled and not displayed.