beautypg.com

Fips selftests, Selftests – Brocade Network OS Command Reference v4.1.0 User Manual

Page 325

background image

Network OS Command Reference

287

53-1003115-01

fips selftests

2

fips selftests

Enables Federal Information Processing Standards (FIPS) self tests which will be performed when
the switch boots. If the tests run successfully, the switch comes up in the FIPS compliant state.

Synopsis

fips selftests

Operands

None

Defaults

The switch operates in the non-FIPS compliant state.

Command Modes

Privileged EXEC mode

Description

Use this command to enable FIPS self tests on the switch. These self tests include known answer
tests (KATs) that exercise various features of FIPS algorithms and conditional tests that test the
randomness of random number generators and check for signed firmware. These tests run when
the switch boots. Successful completion of these tests places the switch into the FIPS-compliant
state. If any test returns an error, the switch reboots and runs the tests again. Whether tests
succeed or fail, you cannot return the switch to the non-FIPS compliant state.

You typically use this command after disabling non-FIPS compliant features on the switch and
configuring secure ciphers, but before zeroizing the switch with the fips zeroize command. These
non-FIPS compliant features that must be disabled include Brocade VCS Fabric mode, the
Boot PROM, root access, TACACS+ authentication, and the dot1x feature. Secure ciphers that
must be configured are for the SSH protocol and (optionally) for the Lightweight Directory Access
Protocol (LDAP) protocol. The fips zeroize command erases all critical security parameters and
reboots the switch. Refer to the Network OS Administrator’s Guide for details about preparing a
switch for FIPS compliance.

Usage Guidelines

Under normal operation, this command is hidden to prevent accidental use. Enter the unhide fips
command with password “fibranne” to make the command available.

This command applies only in the standalone mode. It can be entered only from a user account
with the admin role assigned.

CAUTION

This command should be used only by qualified personnel. Once a switch is in the FIPS-compliant
state, you cannot return it to the non-FIPS compliant state.

Examples

To enable the FIPS self tests:

switch# unhide fips

Password: *****

switch# fips selftests

Self tests enabled

See Also

fips root disable, fips zeroize, prom-access disable, show prom-access, unhide fips

See also other documents in the category Brocade Computer Accessories: