Cisco Prime Collaboration Assurance Guide - Advanced, 11.x
- Updated:
- February 2, 2017
Chapter: Enable FIPS Compliance
Enable FIPS
Compliance
Enable FIPS Compliance
Cisco Prime Collaboration Assurance supports the Federal Information Processing Standards (FIPS). The FIPS Setup page under is accessible only to System Administrator and Super Administrator roles.
Federal Information Processing Standards (FIPS) are U.S. government computer-security standards. The FIPS-140 series of standards specifies requirements for cryptography modules. For more information, see http://www.nist.gov/itl/fips.cfm.
In the Cisco Prime Collaboration Assurance implementation, each of the integrated cryptographic modules is initialized in a manner that is compliant with their individual security policies.
You can enable or disable FIPS, only if you have deployed Cisco Prime Collaboration in ENT mode.
You can enable FIPS only when you require to use the products which are compliant with the FIPS-140 standards. By default, FIPS is not enabled. The administrator must enable FIPS in Cisco Prime Collaboration Assurance server.
To implement your changes, the system restarts (takes around 15 minutes) after which the user interface can be launched again.
-
Manage only FIPS certified devices in Cisco Prime Collaboration Assurance. For more information on supported devices for FIPS-compliant setup, see FIPS Compliant Devices Supported for Cisco Prime Collaboration Assurance 11.5.
- Perform a backup before you enable or disable FIPS.
-
Ensure that all devices managed by Cisco Prime Collaboration Assurance are FIPS enabled.
- Ensure that devices managed with unsupported SNMP v3 protocols (MD5 Authentication Protocol or DES Privacy Protocol) are reconfigured to FIPS-compliant protocols (SHA1 Authentication Protocol and AES128 Privacy Protocol) on the devices and Cisco Prime Collaboration Assurance.
You can perform the following actions:
|
Action |
Description |
||
|---|---|---|---|
|
Enable FIPS Compliance |
|
||
|
Disable FIPS Compliance |
|
||
|
Verify the status of FIPS Compliance |
Verify if Federal Information Processing Standard (FIPS) Compliance check box is checked or not. If the Federal Information Processing Standard (FIPS) Compliance check box is checked, FIPS is enabled otherwise it is disabled. |
 Note | Cisco Prime Collaboration Assurance in FIPS-compliant setup supports Unified CM in FIPS 140-2 compliant setup. |
- SNMP v3 protocols with MD5 Authentication Protocol or DES Privacy Protocol are not supported in FIPS-compliant setup.
-
Devices or Endpoints, which are JITC certified and UC-APL certified are not supported in FIPS or non-FIPS compliant setup in Cisco Prime Collaboration Assurance.
-
Enabling FIPS in Cisco Prime Collaboration Assurance may impact the system performance.
-
Cisco Prime NAM/vNAM is not supported in FIPS-compliant setup.
Feedback