action.skip

FIPS Mode

When you run in FIPS mode, all connections are made using security protocols and algorithms that meet FIPS 140-2 standards. In this mode some standard connection options are not available.

To run Reflection in FIPS mode

Option 1: Configure sessions to require FIPS mode using Group Policy

  1. Run the Group Policy editor using one of the following techniques:

    • Type the following at the command line:

      Gpedit.msc
      
    • In the Active Directory Users and Computers console, open the properties for an Organizational Unit, click the Group Policy tab, and edit or create a new policy object.

  2. Install the Reflection template (ReflectionPolicy.adm) if you have not already done so.

    note

    For information about how to download and install the Reflection policy template, see Knowledge Base Article 7021501.

  3. Under Local Computer Policy > User Configuration > Administrative Templates > Reflection Settings, disable the setting Allow non-FIPS mode.

Option 2: Configure FIPS mode on a per session basis

Info

This option is only supported for IBM 3270 and 5250 sessions.

  1. In the Reflection Workspace, open or create a 3270 or 5250 document.

    When creating a new 3270 or 5250 document enter the Host name / IP address and enable the Configure additional settings checkbox.

  2. From the Configure Connection Settings pane select the Security Settings button.

    The Security Properties dialog box will open.

  3. Enable Use SSL/TLS Security in the Security Properties dialog box to reveal the SSL/TLS settings menu.

  4. Enable the Run in FIPS mode option and select OK.

More Information

For more information about specific sessions to Run in FIPS mode, see the SSL/TLS Security Properties documentation.

What is FIPS 140-2?

The United States Government's Federal Information Processing Standard (FIPS) 140-2 specifies security requirements for cryptographic modules. Cryptographic products are validated against a specific set of requirements and tested in 11 categories by independent, U.S. Government-certified testing laboratories. This validation is then submitted to the National Institute of Standards and Technology (NIST), which reviews the validation and issues a certificate. In addition, cryptographic algorithms may also be validated and certified based on other FIPS specifications. The list of validated products and the vendor's stated security policy (the definition of what the module has been certified to do) can be found at: Cryptographic Module Validation Program.

important

If you are configuring Reflection to use FIPS mode, you should ensure that you are running a version that has met all FIPS 140-2 standards. Contact technical support for more information.

More information