Chapter 6 FIPS Operation
Command Changes
6-8
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-06
Table 6-2
FIPS Mode Command Changes
Mode
Command
Notes
Top Level Mode
show device
Settings are not displayed for telnet or Web
management. The device type area indicates the
Secure Content Accelerator is in FIPS Mode.
When the Secure Content Accelerator is removed from
FIPS Mode, all settings existing before entering FIPS
Mode are retained with the exception of changes made
while in FIPS Mode.
show ssl
SSL information includes objects that are not
FIPS-compliant, such as security policies other than
FIPS or those containing non-FIPS-compliant
algorithms.
show ssl secpolicy
Information can be shown for individual,
non-FIPS-compliant security policies.
show ssl server
Information can be shown for all servers. All
non-FIPS-compliant servers are disabled by default in
FIPS Mode and cannot be enabled without
reconfiguring them to be FIPS compliant.
quick-start
When using the QuickStart wizard to create a server,
only FIPS-compatible security policies are available.
When using the QuickStart wizard to configure an
existing server, only FIPS-compliant servers can be
configured and only security policies containing one
or more FIPS-compliant algorithm are available.
Configuration
Mode
access-list
You can create access lists while in FIPS Mode.
However, because telnet and GUI management
methods are unavailable in FIPS Mode, the access lists
assigned to those subsystems cannot be used. These
access lists are available when the device is returned to
normal operation. Access lists can be assigned to the
SNMP subsystem while in FIPS Mode.
password
FIPS Mode passwords must be at least eight characters
in length and are limited to a character set containing
the alphabet, Arabic numerals, period (.), hyphen (-),
underscore (_), and !@#$%^&*+=[]{};:<>?~ .