FIPS CryptographyFederal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS standardspublished by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module.This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms.NOTE: The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module (Certificate #1747) running onNetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5 guidelines.NOTE: Only the following features use the embedded FIPS 140-2-validated cryptography module:• SSH Client• SSH Server• RSA Host Key Generation• SCP File TransfersCurrently, other features using cryptography do not use the embedded FIPS 140-2-validated cryptography module.Topics:• Configuration Tasks• Preparing the System• Enabling FIPS Mode• Generating Host-Keys• Monitoring FIPS Mode Status• Disabling FIPS ModeConfiguration TasksTo enable FIPS cryptography, complete the following configuration tasks.• Preparing the System• Enabling FIPS Mode• Generating Host-Keys• Monitoring FIPS Mode Status• Disabling FIPS ModePreparing the SystemBefore you enable FIPS mode, Dell Networking recommends making the following changes to your system.1 Disable the Telnet server (only use secure shell [SSH] to access the system).2 Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).3 Attach a secure, standalone host to the console port for the FIPS configuration to use.17344 FIPS Cryptography