Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding Zeroization to Clear System Data for FIPS Mode

To exit the FIPS mode, you need to zeroize the device.

The cryptographic module implements a non-FIPS mode in which non-approved cryptographic algorithms are supported. When moving from the non-FIPS mode to the FIPS mode, the Cryptographic Officer must zeroize the non-FIPS mode critical security parameters (CSPs).

The Cryptographic Officer initiates the zeroization process by entering the request system zeroize from the CLI after enabling FIPS mode. Use of this command is restricted to the Cryptographic Officer.

CAUTION:

Perform system zeroization with care. After the zeroization is complete, no data is left on the device. This command erases all the CSPs, configurations, and the hard disk partitions containing the device image. The device shall not boot up on zeroization and a USB reimage is required to recover the device.

Related Documentation