FIPS overview

An Extreme device in Federal Information Processing Standards (FIPS) mode is compliant with the standards established by the United States government and the National Institute of Standards and Technology (NIST).

Note

Not all software releases support FIPS. Refer to the release notes to verify if the software you are running supports FIPS.

The FIPS Publication 140-2 is a technical standard and worldwide de-facto standard for the implementation of cryptographic modules. The FIPS Publication 140-2 contains security standards developed by the United States government and the National Institute of Standards and Technology (NIST) for use by all non-military government agencies and by government contractors. Due to their importance within the security industry, these standards form a baseline for many security requirements.

In FIPS mode, the network processing occurs in the kernel and in privileged daemons.

You can configure the Extreme device to run in FIPS mode to ensure that the device is operating according to the standards stated in FIPS Publication 140-2.

An Extreme device is FIPS 140-2-compliant when the following requirements have been met:

• Tamper-evident security seals labels are applied to the device according to the instructions included in the tamper-resistant accessory kit. The accessory kit must be purchased separately.
• The device software is placed in FIPS mode with the FIPS security policy applied.

Note

Tamper-evident security seals must be applied to the product. For details on how to place the tamper-evident security seals, refer to the platform-specific FIPS Security Seal Procedures document available on www.extremenetworks.com.

Note

Once FIPS mode is enabled on the system, even if the mode is disabled at a later time, a firmware integrity test will always be carried out on the device at image copy time.