The Federal Information Processing Standard (FIPS) is a U.S. government standards regulation that governs how hardware and
software use encryption and cryptographic services. To meet FIPS 140 accreditation, cryptographic modules undergo a thorough
certification process by NIST (National Institute of Standards and Technology). This process ensures that all cryptographic
algorithms adhere to government security guidelines. The current version of FIPS 140 is version 2, widely known as
FIPS 140-2.
In order for a
Niagara 4 installation to run in a
FIPS 140-2 compliant mode, it must meet the following requirements:
- Its license must contain the “fips140-2” feature. This ensures that only FIPS-compliant cryptographic modules running in FIPS
mode are used.
- Passwords must be at least 14 characters in length. This applies to most passwords, such as user passwords (platform and station),
certificate passwords, the system passphrase, etc. Some passwords are excluded from this rule, such as passwords destined
to be used with an external server, such as an email server.
- Certificates must use a key size of 2048 or 3062, and must be stored in a FIPS compliant key store.
For new
Niagara installations, these requirements will be enforced where possible. When upgrading an existing installation to FIPS mode,
some changes may need to be made manually. This is described in the section, “Upgrading a
NiagaraAX
FIPS 140-2 station”.