FIPS 140-2 Compliance in GigaVUE-FM
GigaVUE-FM is compliant with the Federal Information Processing Standard (FIPS), a US government standard for security requirements of cryptographic modules. The FIPS module is compliant with FIPS 140-2 Level 1 and was validated by the National Institute of Standards and Technology (NIST). The certificate number is 4066.
Refer to the following sections for details:
Refer to the following rules and notes for FIPS:
- After upgrading GigaVUE-FM instance from pre 5.16.00 to 5.16.00 or above, GigaVUE-FM boots in non-FIPS mode.
- FIPS is disabled by default in GigaVUE-FM. You can enable FIPS whenever needed. However, once enabled you cannot disable it.
- Only users with super admin privileges can enable FIPS.
Refer to the Frequently Asked Questions section for further details.
To configure FIPS in GigaVUE-FM:
1. | On the left navigation pane, click and go to System > Preferences. |
2. | Click Edit. |
3. | Under Security Settings, the FIPS 140-2 Mode option is available. Use the toggle button to enable FIPS. |
4. | GigaVUE-FM reboots after switching to FIPS mode. Clear the browser cache and cookies so that GigaVUE-FM IDP URL loads without any issues. |
Note: Once enabled, the toggle button is disabled. You cannot switch back to non-FIPS mode.
To form a FIPS enabled High Availability (HA) group:
- Enable FIPS in each of the standalone GigaVUE-FM instances.
- Assemble the HA group with FIPS enabled standalone GigaVUE-FM instances.
Note: You cannot add a GigaVUE-FM instance that is not FIPS enabled to a FIPS enabled High Availability group. Similarly, you cannot add a FIPS-enabled GigaVUE-FM instance to a High Availability group that is not FIPS enabled.
This page lists some of the most common issues and question related to FIPS.
Are all versions of GigaVUE-FM validated for FIPS compliance?
The following software versions are validated for FIPS:
- 5.12.00.01
- 5.16.00, 6.0.00, 6.1.00, 6.2.00, 6.3.00, 6.4.00, 6.5.00
Can you enable FIPS using the fmctl command?
No. There is no support for enabling FIPS using the fmctl
command. You can enable FIPS only using the GigaVUE-FM GUI.
Can you add a device that is not FIPS-compliant to a FIPS enabled GigaVUE-FM?
Yes. You can add a non FIPS compliant device to a FIPS enabled GigaVUE-FM.
What happens to the GigaVUE-FM database after you enable FIPS?
The GigaVUE-FM database is reset. GigaVUE-FM reboots and comes up as a new instance. You must reconfigure and setup GigaVUE-FM again.
How do I perform backup and restore operation on a FIPS enabled GigaVUE-FM?
A backup taken on a FIPS enabled GigaVUE-FM can only be restored on a GigaVUE-FM instance that is FIPS enabled. Similarly, backup taken on a non-FIPS GigaVUE-FM can be restored only on a non FIPS GigaVUE-FM.
Is the FIPS certification applicable for GigaVUE-FM instance irrespective of where it is deployed?
No. GigaVUE-FM Hardware appliance is only validated for FIPS certification.