FIPS 140-2 Compliance Overview

FireMon Asset Manager Version is FIPS 140-2 compliant. FIPS status can checked and updated at any time via the CLI.

Further information about configuring FIPS 140-2 can be found here: FIPS.

The FireMon Security team validates STIG checks that are based on FIPs 140-2 compliance. We do not run scans specifically that are checking for FIPS compliance in s the product, but when configured as such, it is FIPS 140-2 compliant.

FIPS 140-2 mode is set to enabled as part of the installation prompts. When it is enabled the system sets the System Wide Crypto Policy to "FIPS" which sets the appropriate FIPS 140-2 compliant HMACs, ciphers, and core cryptographic components.

Asset Manager Known Issues when FIPS is enabled

• When deploying the OVA, ensure FIPS 140-2 is enabled in the wizard. After licensing the system, disable FIPS 140-2 through the CLI by entering the following command: system fips disable. A reboot is required to apply the change.

• MSSP customers will need to disable FIPS 140-2.

• WMI Scanning requires FIPS 140-2 to be disabled.

• BGP Scanning requires FIPS 140-2 to be disabled.