Index | Prev | Next

FIPS Options

In Niagara 4.6 and later, Workbench may be used to commission remote controllers to run in FIPS mode, whether or not Workbench itself is running in FIPS mode.

In order to make FIPS options visible in various windows, go to Tools > Options > FIPS Options, and set Show FIPS Options to true.

If you would like the various FIPS options to be selected by default, set the Check FIPS Options By Default option to true.

Figure 2.    Workbench FIPS Options
Image

Setting Show FIPS Options to true causes certain FIPS options to be visible during the following tasks:

  • Changing the default platform credentials via the Change Platform Defaults Wizard:

    If the Workbench option to "Show FIPS Options" is set to “true” there is an added “Select FIPS 140-2 mode” step in the Change Platform Defaults Wizard, as shown. This indicates that in a subsequent step the wizard displays a checkbox labeled, “This platform will be licensed for FIPS 140-2”. Clicking this checkbox enforces FIPS password strength requirements. Note that if not checked, the platform does not consider a password FIPS-compliant, even if it technically meets the requirements. Also, if both of the Workbench FIPS Options are set to “true”, then by default this checkbox is visible and selected. In that situation, the wizard enforces FIPS password strength requirements by default.

    Figure 3.   Change Platform Defaults Wizard step to select FIPS mode
    Image

  • Changing the system passphrase via the System Passphrase command in Platform Administration:
    Figure 4.   FIPS Option in Set System Passphrase window
    Image
  • Changing the platform user passwords via the User Accounts command in Platform Administration:
    Figure 5.   FIPS Option in Manage platform daemon users
    Image
  • Setting the system passphrase and platform user passwords during Commissioning
    Figure 6.   FIPS Option in Commissioning
    Image
 
NOTE: To install a FIPS license to a particular host, the Workbench FIPS Options described above must be set to true.
 

FIPS Compliant Passwords in Workbench

Workbench running in FIPS mode will also enforce strong passwords for operations such as exporting certificates, setting passwords on certificates, and logging in to stations.

FIPS-compliant passwords must be at least 14 characters in length. This applies to most passwords, such as user passwords (platform and station), certificate passwords, the system passphrase, etc. Some passwords are excluded from this rule, such as passwords destined to be used with an external server, such as an email server.

Related Links

  • FIPS 140-2 requirements (Parent Topic)

    • Index | Prev | Next