Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 12
Registered: ‎01-06-2012

FIPS 140-1/2 support and use

Hi All,

I'm confused and hoping someone can help me out.  I have a few different kinds of switches (48000, 5300, 4900, 4100, 5470 blade, 4020 blade) all running 6.4.2x except for the 4020s running 6.2.2d, and realize that none of them support encryption.  I know only the DCX supports encryption.  I'm just trying to figure out why in the Fabric OS Admin guide it has a section on FIPS, but I can't find where it says DCX only.  That makes me think I could do that if I really wanted to (and given the little I read, I don't look forward to the amount of effort and downtime).  The reason I ask is because of a STIG compliance requirement.  The way the item is stated doesn't even make sense to me (below).  I asked the question to support to make sure, and the answer is "does not support encryption"... but is "encryption" different in some way than FIPS?

I appreciate any input.  Thanks

Annette

Group ID (Vulid): V-6639

Group Title: FIPS 140-1/2 for management to fabric.

Rule ID: SV-6783r3_rule

Severity: CAT III
Rule Version (STIG-ID): SAN04.016.00

Rule Title: The SAN is not configured to use FIPS 140-1/2 validated encryption algorithm to protect management-to-fabric communications.

Vulnerability Discussion:  The communication between the SAN management consol and the SAN fabric carries sensitive privileged configuration data. This data's confidentiality will be protected with FIPS 140-1/2 validate algorithm for encryption. Configuration data could be used to create a denial of service by disrupting the SAN fabric.
The storage administrator will configure the SAN to use FIPS 140-1/2 validated encryption algorithm to protect management-to-fabric communications.

Responsibility:  Other

IAControls:  ECNK-1

Check Content: 
The reviewer will, with the assistance of the storage administrator, verify that the SAN is configured to use FIPS 140-1/2 validated encryption algorithm to protect management-to-fabric communications.

Fix Text: Develop a plan to implement FIPS-140-1/2 validated encryption to protect management-to-fabric communications. Obtain CM approval of the plan and execute the plan.

External Moderator
Posts: 4,973
Registered: ‎02-23-2004

Re: FIPS 140-1/2 support and use

Annette,

--->>>  I asked the question to support to make sure, and the answer is "does not support encryption"... but is "encryption" different in some way than FIPS?

have a look to this TB

http://www.brocade.com/downloads/documents/technical_briefs/Encryption_Solutions_GA-TB-099-02.pdf

TechHelp24

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.