Skip to main content
NetApp Knowledge Base

What does it mean if I see a FIPS compliance warning event?

Views:
1,875
Visibility:
Public
Votes:
3
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • Monitoring software such as Active IQ Unified Manager
  • Federal Information Processing Standards (FIPS)
  • Cloud Manager

Answer

Example event:

Event: FIPS 140-2 Compliance On Controller.

The controller is using a version of the NetApp Cryptographic Security Module (NCSM) that is not FIPS 140-2 compliant. Organizations that store data at rest using a FIPS validated encrypted format or FIPS validated onboard key management (OKM) are not able to meet FIPS 140-2 compliant when using this version of ONTAP.

Risk found in your system - FIPS140-2 not enabled
 
FIPS 140-2 Compliance is disabled on the following working environment(s): XXXXXX. FIPS 140-2 helps operating in compliance with national and international information security and engineering standards.

  • FIPS is a standard of the US government.
    • No compliance does not mean that your system is not secure.
    • In some cases even the strongest security standard is not compliant with FIPS.
  • If this is not the case and your Organization is not a US governmental Organization, this message does not concern you.
  • Removing weak encryption if not needed for backward compatibility should be common practice and it is unrelated to this warning.

Additional Information

About FIPS 140-2

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.