Netbackup 7.6GA show this message when configuring KMS (Key Management Server) for the first time:
KMS can be configured to run in FIPS or non-FIPS mode. Please make certain you have read the documentation to understand the differences and best practices for these two modes.
Also a configured keygroup look like FIPS compliance is supported.
# nbkmsutil -listkeys -kgname ENCR_acme
Key Group Name : ENCR_acme
Supported Cipher : AES_256
Number of Keys : 1
Has Active Key : Yes
Creation Time : Mon Jan 6 17:33:47 2014
Last Modification Time: Mon Jan 6 17:33:47 2014
Description : –
Key Tag : xxx
Key Name : acme_encryption
Current State : ACTIVE
Creation Time : Mon Jan 6 17:37:31 2014
Last Modification Time: Mon Jan 6 17:37:31 2014
Description : –
FIPS Approved Key : No
Solution:
Both text messages should have been removed from the Netbackup 7.5 GA version. The code needed to support FIPS is at the time of writing not implemented in Netbackup. A Etrack has been opened to remove the text until FIPS support has been added to Netbackup KMS.