Compliant FIPS cryptography features
A description of the features that are compliant with Federal Information Processing Standards (FIPS), and those that are non-compliant.
To achieve full compliance with Federal Information Processing Standards (FIPS), make sure that the system is configured in FIPS-mode and only uses FIPS-compliant features.
FIPS-compliant features
After enabling FIPS mode, these features will use
compliant cryptography:
- hypertext transfer protocol secure (HTTPS) Web interface
- secure shell (SSH) remote access
- Remote Collector and Central Management Console (CMC) data flows
- Local users password encryption
- Configuration secrets stored in the local configuration file
Non-compliant features
The Nozomi Networks software does not prevent you from using features that are not
compliant with FIPS. If you want to achieve full
compliance with FIPS, make sure that the system:
The list below shows some, but not all, non-compliant features:
- server message block (SMB) remote backup transfer
- Unencrypted Syslog forwarding
- simple network management protocol (SNMP) with users configured with MD5 or DES protocols
- Any cryptography usage outside the security boundary of the FIPS library