Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Zeroizing the System


Your device is not considered a valid FIPS cryptographic module until all critical security parameters (CSPs) have been entered—or reentered—while the device is in FIPS mode.

For FIPS 140-2 compliance, you must zeroize the system to remove sensitive information before disabling FIPS mode on the device.

As Crypto Officer, you run the request system zeroize command to remove all user-created files from a device and replace the user data with zeros. This command completely erases all configuration information on the Routing Engines, including all rollback configuration files and plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, and IPsec.


Zeroization is required on MX104 device before you upgrade in FIPS mode.

To zeroize your device:

  1. From the CLI, enter
  2. To initiate the zeroization process, type yes at the prompt:

    The entire operation can take considerable time depending on the size of the media, but all critical security parameters (CSPs) are removed within a few seconds. The physical environment must remain secure until the zeroization process is complete.