FIPS Compliance in GigaVUE-FM
GigaVUE-FM is compliant with the Federal Information Processing Standard (FIPS), a US government standard for security requirements of cryptographic modules. The FIPS module used in GigaVUE-FM is compliant with FIPS 140-2 and was validated by the National Institute of Standards and Technology (NIST). The certificate number is 4769. For more information, refer to Cryptographic Module Validation Program – Certificate 4769.
Refer to the following sections for details:
Rules, Notes and Limitations
Refer to the following rules and notes for FIPS:
- After upgrading GigaVUE-FM instance from pre 5.16.00 to 5.16.00 or above, GigaVUE-FM boots in non-FIPS mode.
- FIPS is disabled by default in GigaVUE-FM. You can enable FIPS whenever needed. However, once enabled you cannot disable it.
- Only users with super admin privileges can enable FIPS.
Refer to the Frequently Asked Questions section for further details.
Configure FIPS in GigaVUE-FM
To configure FIPS in GigaVUE-FM:
| 1. |
On the left navigation pane, click  and go to System > Preferences. |
| 2. | Under Security Settings, enable the FIPS Mode. |
| 3. | Click Apply to save the changes. |
| 4. | GigaVUE-FM will restart automatically after switching to FIPS Mode. Once the reboot completes, clear your browser cache and cookies to ensure the GigaVUE-FM IDP URL loads correctly. |
Note: Once enabled, the toggle button is disabled. You cannot switch back to non-FIPS mode.
Configure FIPS in GigaVUE-FM High Availability Group
To form a FIPS enabled High Availability (HA) group:
- Enable FIPS in each of the standalone GigaVUE-FM instances.
- Assemble the HA group with FIPS enabled standalone GigaVUE-FM instances.
Note: You cannot add a GigaVUE-FM instance that is not FIPS enabled to a FIPS enabled High Availability group. Similarly, you cannot add a FIPS-enabled GigaVUE-FM instance to a High Availability group that is not FIPS enabled.
Frequently Asked Questions
This page lists some of the most common issues and question related to FIPS.
Are all versions of GigaVUE-FM validated for FIPS compliance?
The 5.12.00.01, 5.16.00, and above software versions are validated for FIPS compliance.
Can you enable FIPS using the fmctl command?
No. There is no support for enabling FIPS using the fmctl command. You can enable FIPS only using the GigaVUE-FM GUI.
Can you add a device that is not FIPS-compliant to a FIPS enabled GigaVUE-FM?
Yes. You can add a non FIPS compliant device to a FIPS enabled GigaVUE-FM.
What happens to the GigaVUE-FM database after you enable FIPS?
The GigaVUE-FM database is reset. GigaVUE-FM reboots and comes up as a new instance. You must reconfigure and setup GigaVUE-FM again.
How do I perform backup and restore operation on a FIPS enabled GigaVUE-FM?
A backup taken on a FIPS enabled GigaVUE-FM can only be restored on a GigaVUE-FM instance that is FIPS enabled. Similarly, backup taken on a non-FIPS GigaVUE-FM can be restored only on a non FIPS GigaVUE-FM.
Is the FIPS certification applicable for GigaVUE-FM instance irrespective of where it is deployed?
No. GigaVUE-FM Hardware appliance is only validated for FIPS certification.
