Enabling fips mode, Enabling fips mode -18 – Carrier Access Broadmore 1750 User Manual

11-18

Broadmore 1750 - Release 4.6

Security Management (FIPS Mode)

Enabling FIPS Mode

Enabling FIPS Mode

Only a Superuser (Crypto Officer) can change the security modes. The Broadmore
is shipped from the factory with FIPS mode turned off. The security mode can only
be changed after successfully logging into the Broadmore for the first time, by
performing the following steps.

1. Log into the online CPU (Broadmore primary IP address) with a conventional

terminal emulator such as Telnet (see “Logging In” on page

10-5

).

2. Enable FIPS mode by entering the following command at the Broadmore

prompt:
fipsmode on

↵

3. Set the session timeout for the Broadmore craft port by entering the following

command:
settimeout <hh:mm:ss>

↵

Example: settimeout 00:05:00 sets the timeout to 5 minutes.
The current value can be displayed by entering settimeout by itself.

NOTE:

The SSH session timeout is fixed at 5 minutes.

Item

Comments

FIPS Mode Active

Broadmore is in FIPS 140-2 validated operating mode

Security inactive;
non-FIPS mode

Broadmore is not in FIPS approved operating mode

FIPS Lib Rev

Version of FIPS Library.

SSHield

Version of SSHield software

Built

Build date of SSHield software