Skip to main content
NetApp Knowledge Base

What does it mean if I see a FIPS compliance warning event?

Views:
671
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • Monitoring software such as Active IQ Unified Manager
  • Federal Information Processing Standards (FIPS)
  • Cloud Manager

Answer

Example event:

Event: FIPS 140-2 Compliance On Controller.

The controller is using a version of the NetApp Cryptographic Security Module (NCSM) that is not FIPS 140-2 compliant. Organizations that store data at rest using a FIPS validated encrypted format or FIPS validated onboard key management (OKM) are not able to meet FIPS 140-2 compliant when using this version of ONTAP.

Risk found in your system - FIPS140-2 not enabled
 
FIPS 140-2 Compliance is disabled on the following working environment(s): XXXXXX. FIPS 140-2 helps operating in compliance with national and international information security and engineering standards.

  • FIPS is a standard of the US government.
    • No compliance does not mean that your system is not secure.
    • In some cases even the strongest security standard is not compliant with FIPS.
  • If this is not the case and your Organization is not a US governmental Organization, this message does not concern you.
  • Removing weak encryption if not needed for backward compatibility should be common practice and it is unrelated to this warning.

Additional Information

About FIPS 140-2

Scan to view the article on your device