Chapter 9: Security Management204Enabling FIPS 140-2For government and other high security environments, enabling FIPS140-2 mode may be desirable. The KX II uses an embedded FIPS140-2-validated cryptographic module running on a Linux® platform perFIPS 140-2 Implementation Guidance section G.5 guidelines. Once thismode is enabled, the private key used to generate the SSL certificatesmust be internally generated; it cannot be downloaded or exported.To enable FIPS 140-2:1. Access the Security Settings page.2. Enable FIPS 140-2 Mode by selecting the Enable FIPS 140-2checkbox in the Encryption & Share section of the Security Settingspage. You will utilize FIPS 140-2 approved algorithms for externalcommunications once in FIPS 140-2 mode. The FIPS cryptographicmodule is used for encryption of KVM session traffic consisting ofvideo, keyboard, mouse, virtual media and smart card data.3. Reboot the KX II. RequiredOnce FIPS mode is activated, 'FIPS Mode: Enabled' will be displayedin the Device Information section in the left panel of the screen.For additional security, you can also create a new Certificate SigningRequest once FIPS mode is activated. This will be created using therequired key ciphers. Upload the certificate after it is signed or createa self-signed certificate. The SSL Certificate status will updated from'Not FIPS Mode Compliant' to 'FIPS Mode Compliant'.When FIPS mode is activated, key files cannot be downloaded oruploaded. The most recently created CSR will be associatedinternally with the key file. Further, the SSL Certificate from the CAand its private key are not included in the full restore of thebacked-up file. The key cannot be exported from KX II.FIPS 140-2 Support RequirementsThe KX II supports the use of FIPS 140-20 approved encryptionalgorithms. This allows an SSL server and client to successfullynegotiate the cipher suite used for the encrypted session when a client isconfigured for FIPS 140-2 only mode.Following are the recommendations for using FIPS 140-2 with the KX II:KX II Set the Encryption & Share to Auto on the Security Settings page.See Encryption & Share.Microsoft Client