FIPS mode

FIPS (Federal Information Processing Standards) is a set of standards developed by the United States Federal Government for use in computer systems. FIPS 140-2 is the subset of standards which defines approved encryption algorithms used for handling sensitive information.

If your Secure Email Gateway has been pre-configured to operate in FIPS mode, the cryptographic modules used by the Gateway and the underlying RedHat 9 OS are compliant with FIPS 140-2.

Features and options you will not be able to use in FIPS mode

In FIPS mode, you will not be able to:

  For more information on the system-wide FIPS security profile implemented in Red Hat 9, see the Red Hat Documentation.

Full-mode PMM in FIPS mode

When PMM (Personal Message Management) is configured in Full mode, it uses NTLM for authentication with Active Directory domain controllers. NTLM is not FIPS compliant.

Enable and Disable FIPS mode

Your Secure Email Gateway can only be configured to operate in FIPS mode during installation.

  Once enabled, you cannot disable FIPS mode without reinstalling the Gateway.

Check if your Secure Email Gateway is operating in FIPS mode

From Cockpit

  1. Log in to Cockpit and navigate to Terminal.

     

    To access the Cockpit administration user interface, open a supported web browser and enter the IP address of your Secure Email Gateway, on port 9090:

    https://<ip-address>:9090

  2. Execute the following:

    fips-mode-setup --check

From the Gateway web user interface

  1. Navigate to System > Monitoring & Control > Logs & Alarms.

  2. Select the System Logs tab.

    If the Gateway is operating in FIPS mode, the FIPS Audit log is active. If not, the log is inactive and gray.

Alternatively:

  1. Navigate to System > Encryption > Encryption/Decryption Defaults.

    If the Gateway is operating in FIPS mode, the following warning is displayed:

    While using Email Gateway in FIPS mode, you will be unable to use PGP or Password encryption methods as they use unsupported algorithms.

Tell me about...