Before you enable FIPS mode, you must have a strong password, a secure connection to your authentication
server, and a valid license.
Obtain your FIPS license as described in Software Licenses.
To be FIPS-compliant, your password must be at least 8 characters long, but it is recommended that you use at
least 14 characters. Although this requirement is not enforced by the software, having a weak administrator
password leaves you vulnerable. A strong password includes a mix of letters, numbers and symbols. Think of this
as a phrase, not just a password. For instance,
I never saw @ purple cow, I never hope 2C1 has
a combination of all three types of characters.
Only administrators with System rights can change the FIPS mode. When in FIPS mode, you will not be able to
select non-compliant SSL algorithms.
To use your existing, FIPS-compliant certificates while in FIPS mode, export the certificates before enabling FIPS
and then import them again after FIPS is enabled. See Exporting and Importing FIPS-Compliant Certificates.
To enable FIPS
In the AMC, navigate to General Settings > FIPS Security.
If you have imported your license, select the Enable FIPS mode checkbox.
Existing certificates will be deleted from the system in the next step. To preserve
your FIPS-compliant certificates, ensure that you have exported them.
Click Save and then apply your Pending changes.
When in FIPS mode, you cannot edit system configuration files.
If your appliance configuration is not FIPS-compliant, in the upper-right corner you will see an alert link that says FIPS-compliance warning. Click on the link for more information on how to bring your appliance configuration
The lack of this alert does not mean your environment is FIPS compliant. It is your
responsibility to ensure all FIPS prerequisites are met in order to be FIPS compliant.
Was This Article Helpful?
Help us to improve our support portal