Fips Self-Tests - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Chapter 38 Configuring FIPS
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Click Apply to save the changes.
Step 3
Click Close to close the dialog box.
Step 4

FIPS Self-Tests

A cryptographic module must perform power-up self-tests and conditional self-tests to ensure that it is
functional.
FIPS power-up self-tests automatically run when FIPS mode is enabled . A switch is in FIPS mode only
Note
after all self-tests are successfully completed. If any of the self-tests fail, then the switch is rebooted.
Power-up self-tests run immediately after FIPS mode is enabled. A cryptographic algorithm test using a
known answer must be run for all cryptographic functions for each FIPS 140-2-approved cryptographic
algorithm implemented on the Cisco MDS 9000 Family.
Using a known-answer test (KAT), a cryptographic algorithm is run on data for which the correct output
is already known, and then the calculated output is compared to the previously generated output. If the
calculated output does not equal the known answer, the known-answer test fails.
Conditional self-tests must be run when an applicable security function or operation is invoked. Unlike
the power-up self-tests, conditional self-tests are executed each time their associated function is
accessed.
Conditional self-tests include the following:
•
•
Both of these tests automatically run when a switch is in FIPS mode.
OL-17256-03, Cisco MDS NX-OS Release 4.x
Pair-wise consistency test—This test is run when a public-private key-pair is generated.
Continuous random number generator test—This test is run when a random number is generated.
Cisco MDS 9000 Family Fabric Manager Configuration Guide
FIPS Self-Tests
38-3