General steps to place the Extreme NetIron device in FIPS mode

Perform the following steps to place the Extreme NetIron device in FIPS mode.

Procedure

  1. Assume the Crypto-officer role.
  2. Copy the needed signature files. Refer to Copying the signature files.
  3. Enable FIPS mode. Refer to Enabling FIPS mode. The device enables FIPS administrative commands. The device is not in the FIPS approved mode yet. Do not change the default strict FIPS security policy, which is required for the FIPS approved mode.
  4. Zeroize shared secrets and host keys. Refer to Zeroizing shared secrets and host keys.
  5. Configure all users of the module and the authentication methods. Refer to Configuring user authentication
  6. Save the configuration. Refer to Saving the configuration.
  7. Reload the device. Refer to Reloading the device.
  8. Enter the fips show command. The device displays the FIPS-related status, which should confirm the security policy is the default security policy.
  9. Perform a FIPS self-test to verify the correct signature files were copied. Refer to Perform a FIPS self-test.
  10. Inspect the physical security of the module including placement of tamper evident labels on the Extreme NetIron device. Refer to the Extreme FIPS Security Seal document for more information.
9037139-00 Rev AA