High security procedures, Configuring the skm for fips compliance – HP Secure Key Manager User Manual

Description

Component

Displays the SSL Protocols enabled in the SSL Options section. Click the link to access
the SSL Options section. FIPS compliance requires that SSL 2.0 and SSL 3.0 be dis-
abled.

Allowed SSL Protocols

Indicates the security strength of the SSL ciphers enabled in the SSL Cipher Order
section. Click the link to access the SSL Cipher Order section. On FIPS capable devices,
this field indicates if the enabled SSL ciphers permit FIPS compliance and, if not, what
is preventing compliance. For FIPS compliance, you must disable ciphers with key
sizes smaller than 128-bits and all RC4 ciphers.

Enabled SSL Ciphers

High Security Procedures

This section describes the procedures for managing the high security features of SKM.

It explains the following processes:

• Configuring the Key Manager for FIPS Compliance
• Configuring the High Security Settings on a Key Manager

Configuring the SKM for FIPS Compliance

The HP DL360 R05 can be configured to comply with FIPS 140-2, Level 2 standards.

To configure the SKM for FIPS compliance:

1.

View the Security Protocols enabled on your Internet Browser. You must enable TLS 1.0 to access
the Management Console while FIPS-compliant.

2.

Log in to the Management Console as an administrator with SSL, Advanced Security, and KMS
Server access controls.

3.

Navigate to the High Security Configuration page (Security > High Security).

4.

Confirm that the Is FIPS Compliant value is “No” in the FIPS Compliance section.

NOTE:

If the Is FIPS Compliant value is “Yes,” the device is currently FIPS-compliant and settings
should not be modified.

5.

Click Set FIPS Compliant in the FIPS Compliance section.

6.

Review the settings in the High Security Settings and Security Settings Configured Elsewhere
sections to confirm all settings have been adjusted for FIPS compliance.

Secure Key Manager

175