FIPS 140-2 conformance for Access Appliance
The Federal Information Processing Standards (FIPS) define U.S. and Canadian Government security and interoperability requirements for computer systems. The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for validating cryptography modules. The FIPS 140-2 standard specifies the security requirements for cryptographic modules and applies to both the hardware and the software components. It also describes the approved security functions for symmetric and asymmetric key encryption, message authentication, and hashing.
For more information about the FIPS 140-2 standard and its validation program, see the following links:
https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf
https://csrc.nist.gov/projects/cryptographic-module-validation-program
Starting with Access Appliance 7.4.3, FIPS 140-2 standard is enabled by default for the Veritas Operating System (VxOS). The FIPS mode for VxOS is enabled with the default factory settings. After FIPS for VxOS is enabled, the sshd uses the following FIPS approved ciphers:
aes128-ctr
aes192-ctr
aes256-ctr
Older SSH clients are likely to prevent access to the appliance after FIPS for VxOS is enabled. Ensure that your SSH client supports the listed ciphers, and upgrade to the latest version if necessary. Default cipher settings are not typically FIPS-compliant, which means you might need to select them manually in your SSH client configuration.
Starting with Access Appliance version 8.2, the application layer is FIPS-compliant.
You can enable the FIPS 140-2 standard for NetBackup MSDP to increase appliance security. See Enabling FIPS for Access Appliance.