Configuring fips, Feature and hardware compatibility, Overview – H3C Technologies H3C SecPath F1000-E User Manual

258

Configuring FIPS

Feature and hardware compatibility

Feature F1000-A-EI/E-SI/S-AI F1000-E

F5000-A5

Firewall module

FIPS No

No

No Yes

Overview

Federal Information Processing Standards (FIPS), developed by the National Institute of Standard and
Technology (NIST) of the United States, specify the security requirements for cryptographic modules. FIPS

140-2 defines four levels of security, simply named "Level 1" to "Level 4" from low to high. Currently, the

device supports Level 2.
Unless otherwise noted, FIPS in the document refers to FIPS 140-2.

Configuring FIPS

After you enable FIPS mode, the system has strict security requirements, and performs self-test on

cryptography modules to make sure that they operate properly.

Configuration consideration

To configure FIPS, perform the following operations:

1.

Delete all MD5-based digital certificates.

2.

Delete the DSA key pairs that have a modulus length of less than 1024 bits and all RSA key pairs.

3.

Enable FIPS mode.

4.

Enable the password-control function.

5.

Configure the login user name and password.
The password must comprise no less than 8 characters and must contain uppercase and lowercase
letters, digits, and special characters. The password must be managed through the

password-control function.

6.

Configure the login user service type.

7.

Save the configuration and reboot the device.

After the reboot, the device operates in FIPS 140-2 mode. In CC evaluation, a device in FIPS mode means

that the device operates in compliance with the CC evaluation standards.