FIPs mode FMC/FTD

net_ad · ‎02-15-2024

Trying to follow DISA SRGs, and one of the requirements is to enable FIPS mode on our 2140 FTDs, managed by FMC. I am new to these so was doing some searching online and it sounds like CC compliance is what needs to be enabled.

Am I correct in saying the CC compliance in the FMC found in system>configuration>UCAPL/CC Compliance is what I need to enable? Does that essentially enable "FIPS" mode?

Also, are there any precautions I should be aware of before enabling this? I usually will always open a TAC case and have someone on standby when making changes like this, but just want to ask ahead of time. Any way this could possibly cause a network outage?

Also, am I understanding correctly that once you enable this, you cannot disable it without reinstalling FMC? You have to completely wipe it?

dmichels · ‎05-14-2024

Hi hhha7x,

Did you enable FIPS mode? I am going through this now and am curious how this worked out for you.

WKO · ‎10-10-2024

FMC/FTD question with FIPs mode : r/Cisco (reddit.com)

In that link there is a comment that suggests:

"If you’re DoD/Federal then it will for sure need to be UCAPL. It will be required under STIG policy checks.

You will want to enable UCAPL under fmc configuration, and under all the devices managed via their platform settings.

That is in order to be FIPs complaint with fmc and ftds, sfr modules."

Cisco Secure Firewall Management Center Administration Guide, 7.2 - Security Certifications Compliance [Cisco Secure Firewall Management Center] - Cisco