Configuring the high security settings on an skm, Fips status server overview, Fips status server tests – HP Secure Key Manager User Manual
Page 176
Configuring the High Security Settings on an SKM
IMPORTANT:
When you enable FIPS compliance on the SKM, the functionality displayed here is disabled. Modifying
any of the items in the High Security Settings section immediately takes the device out of FIPS
compliance. This section should be used to
review the key and device security functionality that has
been disabled for full FIPS compliance. When the device is FIPS-compliant, you should not alter these
settings.
To configure the High Security settings on a non-FIPS-compliant SKM:
1.
Log in to the Management Console as an administrator with SSL, Advanced Security, and KMS
Server access controls.
2.
Navigate to the High Security Configuration page (Security > High Security).
3.
Alter the fields in the High Security Settings section as needed.
4.
Navigate to the Security Settings Configured Elsewhere section (located below High Security
Settings).
5.
Review the settings in this section. To alter these settings, click the fields to access the appropriate
sections.
FIPS Status Server overview
The FIPS Status Server is an http server that provides system status, in the form of the FIPS Status report,
whenever the device is running. The report indicates:
•
the latest results of all system self-tests
•
the device state (either error or normal)
•
the status of FIPS compliance (either yes or no)
The device performs the following tests:
Table 76 FIPS Status Server tests
Description
Conditional
power-on
Test
Known Algorithm Test for the AES algorithm. This test
is performed at power-on.
X
AES Encryption
Known Algorithm Test for the DES algorithm. This test
is performed at power-on.
X
DES Encryption
Known Algorithm Test for the DSA algorithm. This test
is performed at power-on.
X
DSA Encryption
Known Algorithm Test for the HMAC algorithm. This
test is performed at power-on.
X
HMAC Algorithm
Known Algorithm Test for the SHA-1 algorithm. This
test is performed at power-on.
X
SHA-1 Algorithm
Known Algorithm Test for the RSA algorithm. This test
is performed at power-on.
X
RSA Encryption
Using the Management Console
176