beautypg.com

Configuring the high security settings on an skm, Fips status server overview, Fips status server tests – HP Secure Key Manager User Manual

Page 176

background image

Configuring the High Security Settings on an SKM

IMPORTANT:

When you enable FIPS compliance on the SKM, the functionality displayed here is disabled. Modifying
any of the items in the High Security Settings section immediately takes the device out of FIPS
compliance. This section should be used to

review the key and device security functionality that has

been disabled for full FIPS compliance. When the device is FIPS-compliant, you should not alter these
settings.

To configure the High Security settings on a non-FIPS-compliant SKM:

1.

Log in to the Management Console as an administrator with SSL, Advanced Security, and KMS
Server access controls.

2.

Navigate to the High Security Configuration page (Security > High Security).

3.

Alter the fields in the High Security Settings section as needed.

4.

Navigate to the Security Settings Configured Elsewhere section (located below High Security
Settings).

5.

Review the settings in this section. To alter these settings, click the fields to access the appropriate
sections.

FIPS Status Server overview

The FIPS Status Server is an http server that provides system status, in the form of the FIPS Status report,
whenever the device is running. The report indicates:

the latest results of all system self-tests

the device state (either error or normal)

the status of FIPS compliance (either yes or no)

The device performs the following tests:

Table 76 FIPS Status Server tests

Description

Conditional

power-on

Test

Known Algorithm Test for the AES algorithm. This test
is performed at power-on.

X

AES Encryption

Known Algorithm Test for the DES algorithm. This test
is performed at power-on.

X

DES Encryption

Known Algorithm Test for the DSA algorithm. This test
is performed at power-on.

X

DSA Encryption

Known Algorithm Test for the HMAC algorithm. This
test is performed at power-on.

X

HMAC Algorithm

Known Algorithm Test for the SHA-1 algorithm. This
test is performed at power-on.

X

SHA-1 Algorithm

Known Algorithm Test for the RSA algorithm. This test
is performed at power-on.

X

RSA Encryption

Using the Management Console

176