Secure Mobile Access 12.4 Administration Guide

Enabling FIPS

Before you enable FIPS mode, you must have a strong password, a secure connection to your authentication server, and a valid license.

Obtain your FIPS license as described in Software Licenses.

To be FIPS-compliant, your password must be at least 8 characters long, but it is recommended that you use at least 14 characters. Although this requirement is not enforced by the software, having a weak administrator password leaves you vulnerable. A strong password includes a mix of letters, numbers and symbols. Think of this as a phrase, not just a password. For instance, I never saw @ purple cow, I never hope 2C1 has a combination of all three types of characters.

To use your existing, FIPS-compliant certificates while in FIPS mode, export the certificates before enabling FIPS and then import them again after FIPS is enabled. See Exporting and Importing FIPS-Compliant Certificates.

To enable FIPS

  1. In the AMC, navigate to General Settings > FIPS Security.

  2. Click Edit.

  3. If you have imported your license, select the Enable FIPS mode checkbox.

    Existing certificates will be deleted from the system in the next step. To preserve your FIPS-compliant certificates, ensure that you have exported them.

  4. Click Save and then apply your Pending changes.

    When in FIPS mode, you cannot edit system configuration files.

If your appliance configuration is not FIPS-compliant, in the upper-right corner you will see an alert link that says FIPS-compliance warning. Click on the link for more information on how to bring your appliance configuration into FIPS-compliance.

The lack of this alert does not mean your environment is FIPS compliant. It is your responsibility to ensure all FIPS prerequisites are met in order to be FIPS compliant.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden