What does it mean if I see a FIPS compliance warning event?
Applies to
- ONTAP 9
- Monitoring software such as Active IQ Unified Manager
- Federal Information Processing Standards (FIPS)
- Cloud Manager
Answer
Example event:
Event: FIPS 140-2 Compliance On Controller.
The controller is using a version of the NetApp Cryptographic Security Module (NCSM) that is not FIPS 140-2 compliant. Organizations that store data at rest using a FIPS validated encrypted format or FIPS validated onboard key management (OKM) are not able to meet FIPS 140-2 compliant when using this version of ONTAP.
Risk found in your system - FIPS140-2 not enabled
FIPS 140-2 Compliance is disabled on the following working environment(s): XXXXXX. FIPS 140-2 helps operating in compliance with national and international information security and engineering standards.
- FIPS is a standard of the US government.
- No compliance does not mean that your system is not secure.
- In some cases even the strongest security standard is not compliant with FIPS.
- If this is not the case and your Organization is not a US governmental Organization, this message does not concern you.
- Removing weak encryption if not needed for backward compatibility should be common practice and it is unrelated to this warning.