6-3
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-06
Chapter 6 FIPS Operation
Using FIPS Mode
FIPS Mode acts as a filtering system, allowing only FIPS Level 2-compliant SSL
objects to be used for data transfer. Entering FIPS Mode is a two-step process:
starting the FIPS Mode process and rebooting the device in FIPS Mode.
1.
Connect to the device using a serial management session and enter Privileged
Mode.
SCA> enable
SCA#
2.
Enable FIPS operation.
SCA# fips enable
3.
A caution is displayed. Read the text carefully before replying to it.
Enabling FIPS mode will cause a restart of the device.
Entering FIPS mode will also change the behavior of the device.
Only FIPS-approved algorithms are supported.
Only FIPS-compliant servers can be used.
Management is available only via the serial console.
Passwords must be at least eight characters long.
Firmware signature verification is enabled.
Some commands are not supported.
Are you sure you want to do this? (y/n) [n]
4.
The Secure Content Accelerator checks access- and enable-level passwords
previously set, if any. The display reflects the state of current passwords:
Note
FIPS Mode passwords must be at least eight characters
in length and are limited to a character set containing the
alphabet, Arabic numerals, period (.), hyphen (-),
underscore (_), and !@#$%^&*+=[]{};:<>?~ .
a.
If no passwords had been set previously, this text is displayed:
You need to provide an access-level password of at least 8
characters.
Enter new password:
Confirm password:
You need to provide an enable-level password of at least 8
characters.
Enter new password:
Confirm new password: