User guide
Chapter 9: Security Management
201
2. Enable FIPS 140-2 Mode by selecting the Enable FIPS 140-2
checkbox in the Encryption & Share section of the Security Settings
page. You will utilize FIPS 140-2 approved algorithms for external
communications once in FIPS 140-2 mode. The FIPS cryptographic
module is used for encryption of KVM session traffic consisting of
video, keyboard, mouse, virtual media and smart card data.
3. Reboot the Dominion KX II. Required
Once FIPS mode is activated, 'FIPS Mode: Enabled' will be displayed
in the Device Information section in the left panel of the screen.
For additional security, you can also create a new Certificate Signing
Request once FIPS mode is activated. This will be created using the
required key ciphers. Upload the certificate after it is signed or create
a self-signed certificate. The SSL Certificate status will updated from
'Not FIPS Mode Compliant' to 'FIPS Mode Compliant'.
When FIPS mode is activated, key files cannot be downloaded or
uploaded. The most recently created CSR will be associated
internally with the key file. Further, the SSL Certificate from the CA
and its private key are not included in the full restore of the
backed-up file. The key cannot be exported from Dominion KX II.
FIPS 140-2 Support Requirements
The Dominion KX II supports the use of FIPS 140-20 approved
encryption algorithms. This allows an SSL server and client to
successfully negotiate the cipher suite used for the encrypted session
when a client is configured for FIPS 140-2 only mode.
Following are the recommendations for using FIPS 140-2 with the
Dominion KX II:
Dominion KX II
Set the Encryption & Share to Auto on the Security Settings page.
See Encryption & Share.
Microsoft Client
FIPS 140-2 should be enabled on the client computer and in Internet
Explorer.
To enable FIPS 140-2 on a Windows client:
1. Select Control Panel > Administrative Tools > Local Security Policy
to open the Local Security Settings dialog.
2. From the navigation tree, select Select Local Policies > Security
Options.
3. Enable "System Cryptography: Use FIPS compliant algorithms for
encryption, hashing and signing".
4. Reboot the client computer.