Strict Security and FIPS 140-3 Compatible Cryptography

When both the Strict Security mode and FIPS 140-3 Compatible Cryptography are enabled, the appliance is restricted to the limitations of each. Access to the reporting APIs is disabled and all the restrictions of the FIPS 140-3 Compatible Cryptography mode are put into effect. The combined effects of enabling both options are:

  • Reporting API access control list – the ACL section of the Administration > Integration > API Authorization page is disabled. This prevents scripts from bypassing the login requirements when accessing the reporting API. Tools that must access the reporting API while the appliance is in the Strict Security mode must be able to handle the login page.

  • NTP encryption – In the Time Configuration section of the Administration > General Settings page, NTP connections must use either SHA1 encryption or no encryption. Any NTP servers that are currently configured to use MD5 encryption will be disconnected when the FIPS 140-3 Compatible Encryption mode is enabled.  

Note:  There is no notification when switching to the FIPS 140-3 Compatible Cryptography mode disconnects NTP connections using MD5 encryption.

  • In the SNMP MIB Configuration section of the Administration > General Settings page, the settings are modified as follows:

    • If the SNMP MIB Configuration had been set to use SNMPv3 with Authentication and Privacy, then the settings are not changed when the FIPS 140-3 Compatible Cryptography mode is enabled.

    • If the SNMP MIB Configuration had been set to anything else (SNMPv1, SNMPv2, SNMPv3 with No Authentication/No Privacy or Authentication/No Privacy), then the SNMP server of the appliance is switched off when the FIPS 140-3 Compatible Cryptography mode is enabled.

    • If the SNMP server of the appliance had been switched off, then it remains off when the FIPS 140-3 Compatible Cryptography mode is enabled.

  • Password protection – increased as described above.

  • Vulnerability scanning setup – the Administration > Integration > Vulnerability Scanning setup page is disabled and not displayed.

  • Mitigation – All Administration > Mitigation pages are disabled and not displayed.

  • ODBC DB Access – the Administration > Account Management > ODBC DB Access page is disabled and not displayed.

Security compliance

Appliance security