FIPS-Related CLI Commands
The device's CLI commands for FIPS include the following:
FIPS-Related CLI Commands
|
CLI Command |
Description |
||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
clear security-files |
Performs zeroization, which does the following chronologically listed actions:
Manually triggering zeroization can be useful, for example, when taking the device out of deployment for service (Return of Merchandise or RMA). |
||||||||||||
|
fips on |
Enables the FIPS Mode, and does the following:
After the device restarts, it runs in FIPS mode until it is manually disabled or until a security-test fails (which also causes zeroization of the device). |
||||||||||||
|
fips off |
Disables the FIPS Mode, and does the following:
|
||||||||||||
|
show system security status |
Displays the FIPS mode status (enable or disable). |
When running in FIPS mode, the device performs the following:
| ● | All boot and runtime security tests (as required by FIPS). |
| ● | Prevents the display of any secrets in system logs and captures. |
| ● | Allows only algorithms approved by FIPS (see Approved Algorithms), with exceptions as described in Non-Approved Applications in FIPS mode. |