When you run in FIPS mode, all connections are made using security protocols and algorithms that meet FIPS 140-2 standards. In this mode some standard connection options are not available.
The following security configurations are allowed in FIPS mode:
SSL/TLS connections using 3DES (168-bit) or AES (128-bit) encryption and SHA-1 hash.
Secure Shell connections using 3DES (168-bit) or AES (128, 192, or 256-bit) encryption and SHA-1 hash.
Kerberos connections, for user authentication only, using 3DES encryption and SHA-1 hash.
To run Reflection in FIPS mode
Run the Group Policy editor using one of the following techniques:
Type the following at the command line:
In theconsole, open the properties for an , click the tab, and edit or create a new policy object.
Install the Reflection template (ReflectionPolicy.adm) if you have not already done so.
NOTE:For information about how to download and install the Reflection policy template, see Technical Note 2216.
Under> > > , disable the setting .
What is FIPS 140-2?
The United States Government's Federal Information Processing Standard (FIPS) 140-2 specifies security requirements for cryptographic modules. Cryptographic products are validated against a specific set of requirements and tested in 11 categories by independent, U.S. Government-certified testing laboratories. This validation is then submitted to the National Institute of Standards and Technology (NIST), which reviews the validation and issues a certificate. In addition, cryptographic algorithms may also be validated and certified based on other FIPS specifications. The list of validated products and the vendor's stated security policy (the definition of what the module has been certified to do) can be found at: http://csrc.nist.gov/groups/STM/cmvp/validation.htm.
IMPORTANT:If you are configuring Reflection to use FIPS mode, you should ensure that you are running a version that has met all FIPS 140-2 standards. Contact technical support for more information.