FIPS Page

This section provides information on using ClearPass Policy Manager in Federal Information Processing Standards (FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies.) 140-2 approved mode. The U. S. Government developed FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. 140-2 to define procedures, architectures, cryptographic algorithms, and other security techniques for use in government applications and networks that use cryptography. When running in FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. Approved mode, ClearPass Policy Manager utilizes a FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. 140‑2 validated cryptographic module. Support is not available for non-approved authentication methods such as EAP-MD5EAP – Method Digest 5. (non-tunneled). and MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. digest algorithms. For details on the Validated FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. 140-1 and FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. 140-2 Cryptographic Modules, see:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2577

Enabling FIPS Mode Using CLI

1. You can enable FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode in Policy Manager during installation using the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. or post-installation using the Web UIUser Interface..

The following figure displays the prompt to enable FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode using the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:

Figure 1  Enabling FIPS Mode

2. After enabling FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode using the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands, you can verify whether FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode is enabled or not in the Configuration Summary page.

Figure 2  FIPS Mode > Configuration Summary

Enabling FIPS Mode in the Policy Manager User Interface

Alternatively, you can enable or disable the FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode in the Policy Manager user interface:

1. Navigate to Administration > Server Manager > Server Configuration, then select the server of interest. The Server Configuration dialog for the selected server opens.

2. Select the FIPS tab, then click Enable. On enabling FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode, the WebUI displays the text [FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies.] in the version footer at the bottom of the page.

Figure 3  Server Configuration > FIPS Tab

Important Points to Remember

Note the following important points, when you enable FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode in the ClearPass Policy Manager user interface:

The database is reset when you enable the FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode in ClearPass Policy Manager.

Ensure that you backed up your database before enabling FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode.

Configuration backup file from the ClearPass Policy Manager in non-FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode cannot be restored on ClearPass Policy Manager in FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode. However, configuration backup file from the ClearPass Policy Manager in FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode can be restored on the ClearPass Policy Manager in non-FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode.

The server will be removed from the cluster if FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode is enabled.

All nodes in a cluster must be either in FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. or non-FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode. The ClearPass Policy Manager nodes in FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode cannot be connected to the cluster whose nodes are in the non-FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode.

The legacy authentication method such as EAP-MD5EAP – Method Digest 5. (non-tunneled). and MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. digest algorithm are not supported in FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode. You cannot import the certificates that are created with the MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. authentication type to the Certificates Trust List (Administration > Certificates > Certificate Trust List) page.

The server reboots when you enable FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode. You need to log in again to the Administration interface.

You can view the status of FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode in the status bar. The following figure displays the Status bar with the status of FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode:

Figure 4  FIPS Status

You can also view the status of the FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode using the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands. For more information, see Show Commands.