跳转到主内容

如果我看到 FIPS 合规性警告事件,这意味着什么?

适用场景

  • ONTAP 9
  • 监控 Active IQ Unified Manager 等软件
  • 联邦信息处理标准( FIPS )
  • Cloud Manager

问题解答

示例事件:

Event: FIPS 140-2 Compliance On Controller.

The controller is using a version of the NetApp Cryptographic Security Module (NCSM) that is not FIPS 140-2 compliant. Organizations that store data at rest using a FIPS validated encrypted format or FIPS validated onboard key management (OKM) are not able to meet FIPS 140-2 compliant when using this version of ONTAP.

Risk found in your system - FIPS140-2 not enabled
 
FIPS 140-2 Compliance is disabled on the following working environment(s): XXXXXX. FIPS 140-2 helps operating in compliance with national and international information security and engineering standards.

  • FIPS 是美国政府的标准。
    • 不合规并不意味着您的系统不安全。
    • 在某些情况下,即使是最强的安全标准也不符合 FIPS 。
  • 如果情况并非如此,并且您的组织不是美国政府组织,则您不会关注此消息。
  • 如果不需要删除弱加密以实现向后兼容性,则通常会采用这种做法,它与此警告无关。

追加信息

关于 FIPS 140-2

Scan to view the article on your device