FIPS 140-2 Compliance
GigaVUE‑OS is compliant with the Federal Information Processing Standard (FIPS), a US government standard for security requirements of cryptographic modules. The Gigamon Linux-based cryptographic module (the FIPS module) provides cryptographic functions for GigaVUE nodes and offers a high level of security for the Ethernet management interface. The FIPS module is compliant with FIPS 140-2 Level 1 and was validated by the National Institute of Standards and Technology (NIST). The certificate number is 2128.
Also, OpenSSL is integrated with the FIPS module and is updated to version 1.0.2zf.
To enable FIPS:
- Select Settings > Global Settings > Security.
- Use the toggle button against FIPS 140-2 Mode to enable FIPS.
- Click Apply to save the changes..
Note: When you enable or disable FIPS 140-2 mode from GigaVUE-FM GUI or switch to other security modes, the updated security configuration changes will not be immediately reflected in the GUI. The lapse is due to the time taken for the device to reboot and implement the security configuration changes. The changes will be reflected in the GigaVUE-FM GUI after the next config sync cycle.
For communications with the GigaVUE node, SSL or SSH clients are requested to use high strength ciphers during the session set up negotiation. A high strength cipher is one that uses a key that is equal to or greater than 128 bits.
Weak ciphers will be rejected by the GigaVUE node. For example, if a client attempts to connect to the GigaVUE Ethernet management port using blowfish, the following error message will be displayed: No matching cipher found.