FIPS Options

In order to make FIPS options visible in various windows, go to Tools > Options > FIPS Options, and set Show FIPS Options to true.

If you would like the various FIPS options to be selected by default, set the Check FIPS Options By Default option to true.

Setting Show FIPS Options to true causes certain FIPS options to be visible during the following tasks:

• Changing the default platform credentials via the Change Platform Defaults Wizard

  If Show FIPS Options is set to true, the Change Platform Defaults Wizard adds a step: “Select FIPS 140-2 mode”, as shown. This indicates that in a subsequent step the wizard displays a checkbox labeled, “This platform will be licensed for FIPS 140-2”. Clicking this checkbox enforces FIPS password strength requirements. If not checked, the platform does not consider a password FIPS-compliant, even if it technically meets the requirements. Also, if both FIPS Options are set to true, by default this checkbox is visible and selected. In that situation, the wizard enforces FIPS password strength requirements by default.

  
  
  

• Changing the system passphrase via the System Passphrase command in Platform Administration

  
  
  

• Changing the platform user passwords via the User Accounts command in Platform Administration

  
  
  

• Setting the system passphrase and platform user passwords during Commissioning

  
  
  

FIPS Compliant Passwords in Workbench

Workbench running in FIPS mode enforces strong passwords for operations, such as exporting certificates, setting passwords on certificates, and logging in to stations.

FIPS-compliant passwords must be at least 14 characters in length. This applies to most passwords, such as user passwords (platform and station), certificate passwords, the system passphrase, etc. Some passwords are excluded from this rule, such as passwords destined to be used with an external server, such as an email server.