Requirements for FIPS

These items are required to properly configure FIPS for full compliance:

• An SMA 7200, 7210,6200, 6210, and 8200v appliance. No other appliances are FIPS-certified.

  If you have purchased an SMA 7200, 7210,6200, 6210, and 8200v appliance with 140-2 Level 2 FIPS certification.

• A license to run FIPS

• A secure connection to your authentication server

• A strong administrator password, which should be at least 14 characters long and contain punctuation characters, numbers, and a combination of uppercase and lowercase letters.

These states prevent FIPS from being activated, or from reaching full compliance:

• Unsecured connections with authentication servers

• Use of RADIUS authentication servers

• Use of LDAP authentication servers without using SSL connections employing only FIPS approved ciphers

• Use of Active Directory single domain authentication servers without using SSL connections employing only FIPS approved ciphers

• Use of RSA Authentication Manager authentication servers without strong passwords as shared secrets

• Use of USB devices for any purpose

• Installation of third party software via the shell command line

• Use of Debug 1, Debug 2, Debug 3 or plaintext logging

• Use of certificates with private/public key-pairs generated by a non-FIPS-compliant system

• Use of the zeroization procedure without the primary administrator being physically present until the procedure completes; see Zeroization

FIPS mode is not automatically enabled after you import your license. You must set it up as described in Enabling FIPS.