Chapter 9: Administration Features148Security SettingsThe User Station optionally uses a FIPS 140-2 encryption module thatsupports the Security Requirements for Cryptographic Modules of theFederal Information Processing Standards (FIPS), which is defined in theFIPS PUB 140-2 (http://www.nist.gov/cmvp/), Annex A: Approved SecurityFunctions. These standards are used to protect the Federalgovernment's sensitive information with the cryptographic-basedsecurity systems in the U.S. and Canada.The Check KX Device Certificates option allows Dominion User Station toenforce SSL certificate checks in communication with the KX3 for bothport information and KVM sessions.When FIPS mode is enabled, all encrypted connections to KX III KVMswitches are processed using the FIPS accredited cryptographic codeand the authenticity of those KVM switches is checked via theircertificate chain. When Check KX Device Certificate is enabled,authenticity of KVM switches is checked via their certificate chain. Youmust install the trusted device- or root-certificate of each KX III KVMswitch on the User Station, or the connection to the KVM switches fails.SeeCertificates (see "Trusted Certificates" on page 141).Important: In the FIPS mode, the User Station CANNOT connect toany targets on a KX3 or CC-SG with Security setting TLS 1.2 only.Note: The LDAPS connections, which have the encrypted LDAP enabled,are NOT using the FIPS accredited cryptographic code.To enable or disable the FIPS mode:1. Click Administration > Security Settings. The Security Settings pageopens. indicates the setting is enabled.