The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard governing cryptographic modules and is required for any software purchased by the US government and US military.
Open-source derived cryptographic algorithms implemented in DMT's C/C++ code base were removed and replaced with RSA's BSAFE Micro Edition Suite (MES).
RSA’s BSAFE MES is a library that implements algorithms and provides both FIPS-validated and non-FIPS implementations of the cryptographic algorithms. The non-FIPS implementations are used by default. When placed in FIPS 140 mode, DMT causes MES to use the FIPS 140 validated implementations.
FIPS 140 mode allows you to use only SNMPv1, SNMPv2c, and SNMPv3 except MD5 and DES authentication protocols. If you run SNMPv1 or SNMPv2c, then FIPS 140 mode has no impact. If you are using encryption, then you must use a certified encryption library and only certain encryption routines.
When you discover an SNMPv3 device, you need to select the option “V3” in the “Add Agent” window. The “Authentication Protocol” option lists only SHA and not MD5 and the “Privacy Protocol” option lists only AES and not DES. This is because MD5 and DES are not supported in FIPS 140 mode. If you discover SNMPv3 devices with MD5 and DES protocol as seed, discovery fails and the devices go to the Pending List and display as “Invalid” or “Unsupported SNMP V3 protocol”. ASL error exception messages are also observed in the IP server logs.
“Support for FIPS 140-2 in IP 9.1” section in Chapter 3, Installing IP Manager, in the VMware Smart Assurance Installation Guide for SAM, IP, ESM, MPLS, and NPM Managers, provides more information about the FIPS 140 mode implementation.