McDewey

For more information, see the Starting a CLI Session section in the Command Line Interface Reference Guide for Cisco Unified Communications Solutions. Step 2 In the CLI, enter utils fips status The following message appears to confirm that FIPS 140-2 mode is enabled. admin:utils fips status The system is operating in FIPS mode. Self test status:

• S T A R T --------------------- Executing FIPS selftests runlevel is graphical.target Start time: Wed Aug 2 18:28:56 IST 2023 NSS self tests passed. Kernel Crypto tests passed. Operating System OpenSSL self tests passed. Strongswan self tests passed. OpenSSL self tests passed. CryptoJ self tests passed. BCFIPS self tests passed. KFOM self tests passed. FIPS 140-2 Mode Server Reboot FIPS startup self-tests in each of the FIPS 140-2 modules are triggered after rebooting when Unified Communications Manager server reboots in FIPS 140-2 mode. If any of these self-tests fail, the Unified Communications Manager server halts. Caution Unified Communications Manager server is automatically rebooted when FIPS is enabled or disabled with the corresponding CLI command. You can also initiate a reboot. Note If the startup self-test failed because of a transient error, restarting the Unified Communications Manager server fixes the issue. However, if the startup self-test error persists, it indicates a critical problem in the FIPS module and the only option is to use a recovery CD. Caution FIPS Mode Restrictions Restrictions Feature FIPS mode does not support SNMP v3 with MD5 or DES. If you have SNMP v3 configured while FIPS mode is enabled, you must configure SHA as the Authentication Protocol and AES128 as the Privacy Protocol. SNMP v3 Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 248 Advanced System Security FIPS 140-2 Mode Server Reboot