An SMA 7200, 7210,6200, 6210, and 8200v appliance. No other appliances are FIPS-certified.
If you have purchased an SMA 7200, 7210,6200, 6210, and 8200v appliance with 140-2 Level 2 FIPS
certification, the tamper-evident sticker affixed to it must remain in place.
A license to run FIPS
A secure connection to your authentication server
A strong administrator password, which should be at least 14 characters long and contain punctuation characters, numbers, and a combination of uppercase and lowercase letters. In addition, you must specify an authentication server when you set up a realm;
null auth is not allowed.
When in FIPS mode, the Grub shell MUST be disabled in order to prevent a user from gaining
unauthorized access to its shell.
Modification of any Grub configuration files IS NOT allowed. Modification makes the
device Non-FIPS compliant and causes the device to become inoperable.
These states prevent FIPS from being activated, or from reaching full compliance:
Unsecured connections with authentication servers
Use of RADIUS authentication servers
Use of LDAP authentication servers without using SSL connections employing only FIPS approved ciphers
Use of Active Directory single domain authentication servers without using SSL connections employing only FIPS approved ciphers
Use of RSA Authentication Manager authentication servers without strong passwords as shared secrets
Use of USB devices for any purpose
Loading or unloading of any kernel modules via the shell command line
Installation of third party software via the shell command line
Firmware upgrades via the shell command line
Use of Debug 1, Debug 2, Debug 3 or plaintext logging
Use of certificates with private/public key-pairs generated by a non-FIPS-compliant system
Use of the zeroization procedure without the primary administrator being physically present until the procedure completes; see Zeroization
FIPS mode is not automatically enabled after you import your license. You must set it up as described in Enabling FIPS.