FIPS Mode Support Guide

Note

This guide only applies to YubiHSM 2 FIPS devices.

Putting YubiHSM 2 into FIPS Mode

To configure the YubiHSM 2 into the FIPS Approved mode of operation:

1. Use the Set Option service as follows: 4f000405000101 or

   put option 0 fips-mode 01
   

2. Import new Authentication Keys to replace the default values.

Validating the Mode

To check the mode of operation, use the Get Option service.

get option 0 fips-mode

where-

01 return code indicates the Approved mode.

00 return code indicates the non-Approved mode.

Taking it out of FIPS Mode

To configure the YubiHSM 2 into the non-Approved mode of operation.

1. Delete all objects on the YubiHSM 2.

2. Use the Set Option service as follows: 4f000405000100 or

   put option 0 fips-mode 00