Fips support, In this appendix, Fips overview – Dell POWEREDGE M1000E User Manual
Page 561: Zeroization functions, Appendix d, Table 102
Fabric OS Administrator’s Guide
521
53-1001763-02
Appendix
D
FIPS Support
In this appendix
•
•
•
•
FIPS overview
Federal information processing standards (FIPS) specify the security standards to be satisfied by a
cryptographic module utilized in Fabric OS v6.0.0 and later to protect sensitive information in the
switch. As part of FIPS 140-2 level 2 compliance passwords, shared secrets, and the private keys
used in SSL, TLS, and system login need to be cleared out or zeroized. Power-up self tests are
executed when the switch is powered on to check for the consistency of the algorithms
implemented in the switch. Known-answer-tests (KATs) are used to exercise various features of the
algorithm and their results are displayed on the console for your reference. Conditional tests are
performed whenever an RSA key pair is generated. These tests verify the randomness of the
deterministic and non-deterministic random number generator (DRNG and non-DRNG). They also
verify the consistency of RSA keys with regard to signing and verification and encryption and
decryption.
ATTENTION
When FIPS mode is enabled, this is a chassis-wide setting and affects all logical switches.
Zeroization functions
Explicit zeroization can be done at the discretion of the security administrator. These functions
clear the passwords and the shared secrets.
lists the various keys used in the system
that will be zeroized in a FIPS-compliant Fabric OS module.
TABLE 102
Zeroization behavior
Keys
Zeroization CLI
Description
DH private keys
No CLI required
Keys will be zeroized within code before they are
released from memory.
FCAP private key
pkiRemove
The pkiCreate command creates the keys, and
'pkiremove' removes/zeroizes the keys.