如果我看到 FIPS 合规性警告事件,这意味着什么?
适用场景
- ONTAP 9
- 监控 Active IQ Unified Manager 等软件
- 联邦信息处理标准( FIPS )
- Cloud Manager
问题解答
示例事件:
Event: FIPS 140-2 Compliance On Controller.
The controller is using a version of the NetApp Cryptographic Security Module (NCSM) that is not FIPS 140-2 compliant. Organizations that store data at rest using a FIPS validated encrypted format or FIPS validated onboard key management (OKM) are not able to meet FIPS 140-2 compliant when using this version of ONTAP.
Risk found in your system - FIPS140-2 not enabled
FIPS 140-2 Compliance is disabled on the following working environment(s): XXXXXX. FIPS 140-2 helps operating in compliance with national and international information security and engineering standards.
- FIPS 是美国政府的标准。
- 不合规并不意味着您的系统不安全。
- 在某些情况下,即使是最强的安全标准也不符合 FIPS 。
- 如果情况并非如此,并且您的组织不是美国政府组织,则您不会关注此消息。
- 如果不需要删除弱加密以实现向后兼容性,则通常会采用这种做法,它与此警告无关。