Chapter 6 FIPS Operation
FIPS Capabilities
6-2
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-06
FIPS Capabilities
The Secure Content Accelerator configuration manager is used in FIPS-Compliant
Mode (“FIPS Mode”) to create and configure FIPS-compliant servers. When
operating in FIPS Mode, the Secure Content Accelerator supports FIPS-compliant
security. Among the FIPS-compliant features of the Secure Content Accelerator
are the following:
•
Only FIPS-approved algorithms are supported (DES and 3DES with SHA).
•
Only FIPS-compliant servers can be used when the device is operated in FIPS
Mode. Non-FIPS 104-2-compliant servers can be configured for compliance.
•
Management is available only via a serial connection.
•
Passwords at least eight characters in length are required at both access and
configuration levels.
•
Commands that do not support FIPS-compliant security measures are
disabled in FIPS Mode.
•
The command prompt contains the text “[FIPS]” to indicate the device is
operating in FIPS Mode.
Caution
To ensure the security of SSL sessions, you must use your own keys
and certificates. The default keys and certificates preloaded on the
device are intended for testing purposes only.
Using FIPS Mode
Note
A tamper-evident sticker is affixed to the Secure Content
Accelerator. When using the device for FIPS-compliant operation,
this sticker must remain in place and untouched.