Federal Information Processing Standard (FIPS)

When Reflection is configured to run in FIPS mode it enforces the United States government Federal Information Processing Standard (FIPS) 140-2. All available settings use security protocols and algorithms that meet this standard. Options that do not meet these standards are not available. You can configure individual sessions to run in FIPS mod or enforce FIPS mode for all Reflection sessions.

Configure specific Secure Shell sessions to run in FIPS mode

You can use the following procedure to configure specific Secure Shell sessions to run in FIPS mode.

NOTE:This procedure does not enforce FIPS standards for all Secure Shell sessions. This change is saved to your Secure Shell configuration file and is applied to a specific SSH configuration scheme. (If you don't specify a scheme, the setting applies to all connections to the current host.) This change has no effect on subsequent Secure Shell sessions unless they are configured to use the same SSH configuration scheme (or host name).

To set FIPS mode for particular hosts or SSH configuration schemes

  1. Open the Secure Shell Settings dialog box.

  2. On the Encryption tab select Run in FIPS mode.

You can also configure this setting manually by editing the Secure Shell configuration file manually. The keyword for setting FIPS mode is FIPSMode.

Configure all Reflection sessions to run in FIPS mode

Administrators can use Reflection Group Policies to configure all Reflection sessions to run in FIPS mode.

To set FIPS modes for all sessions

  1. Run the Group Policy editor using one of the following techniques:

    • Type the following at the command line:

    • In the Active Directory Users and Computers console, open the properties for an Organizational Unit, click the Group Policy tab, and edit or create a new policy object.

  2. Install the Reflection template (ReflectionPolicy.adm) if you have not already done so.

  3. Under Local Computer Policy > User Configuration > Administrative Templates > Reflection Settings, disable the setting Allow non-FIPS mode.