Fips selftests, Selftests – Brocade Network OS Command Reference v4.1.0 User Manual
Page 325
Network OS Command Reference
287
53-1003115-01
fips selftests
2
fips selftests
Enables Federal Information Processing Standards (FIPS) self tests which will be performed when
the switch boots. If the tests run successfully, the switch comes up in the FIPS compliant state.
Synopsis
fips selftests
Operands
None
Defaults
The switch operates in the non-FIPS compliant state.
Command Modes
Privileged EXEC mode
Description
Use this command to enable FIPS self tests on the switch. These self tests include known answer
tests (KATs) that exercise various features of FIPS algorithms and conditional tests that test the
randomness of random number generators and check for signed firmware. These tests run when
the switch boots. Successful completion of these tests places the switch into the FIPS-compliant
state. If any test returns an error, the switch reboots and runs the tests again. Whether tests
succeed or fail, you cannot return the switch to the non-FIPS compliant state.
You typically use this command after disabling non-FIPS compliant features on the switch and
configuring secure ciphers, but before zeroizing the switch with the fips zeroize command. These
non-FIPS compliant features that must be disabled include Brocade VCS Fabric mode, the
Boot PROM, root access, TACACS+ authentication, and the dot1x feature. Secure ciphers that
must be configured are for the SSH protocol and (optionally) for the Lightweight Directory Access
Protocol (LDAP) protocol. The fips zeroize command erases all critical security parameters and
reboots the switch. Refer to the Network OS Administrator’s Guide for details about preparing a
switch for FIPS compliance.
Usage Guidelines
Under normal operation, this command is hidden to prevent accidental use. Enter the unhide fips
command with password “fibranne” to make the command available.
This command applies only in the standalone mode. It can be entered only from a user account
with the admin role assigned.
CAUTION
This command should be used only by qualified personnel. Once a switch is in the FIPS-compliant
state, you cannot return it to the non-FIPS compliant state.
Examples
To enable the FIPS self tests:
switch# unhide fips
Password: *****
switch# fips selftests
Self tests enabled
See Also
fips root disable, fips zeroize, prom-access disable, show prom-access, unhide fips