← Back to HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide

V-255273

CAT I (High)

The HPE 3PAR OS must be configured to initialize its FIPS module to use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

Rule ID

SV-255273r971535_rule

STIG

HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000803

Discussion

Unapproved mechanisms used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be compromised.

Check Content

Verify the status of FIPS operation mode:

cli% controlsecurity fips status

If the output indicates FIPS mode is disabled, this is a finding.

If the output shows CIM is disabled, and CIM is an essential service for the mission, this is a finding.

If the output shows VASA is disabled, and VASA is an essential service for the mission, this is a finding.

If the output shows WSAPI is disabled, and WSAPI is an essential service for the mission, this is a finding.

If the output shows any other service status as Disabled, this is a finding.

Fix Text

To initialize the FIPS module use:

cli% controlsecurity fips enable

Warning: Enabling FIPS mode requires restarting all system management interfaces, which will terminate ALL existing connections including this one.
When that happens, you must reconnect to continue.
Continue enabling FIPS mode (yes/no)?
yes

After reconnecting, verify FIPS mode with:
cli% controlsecurity fips status