# FIPS mode enabling and disabling

FIPS stands for Federal Information Processing Standards. For details please these external pages:

* <https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips>
* <https://csrc.nist.gov/publications/fips>

Vectra physical and virtual (for traditional hypervisors) appliances support operations in a FIPS compliant mode. Appliances deployed in IaaS clouds such as AWS, Azure, and GCP cannot run in FIPS mode.

<table><thead><tr><th width="441.875">Appliance Type</th><th>FIPS Mode Supported</th></tr></thead><tbody><tr><td>All physical appliances</td><td>Yes</td></tr><tr><td>Virtual appliances for traditional hypervisors such as VMware, Nutanix, Hyper-V, KVM, etc</td><td>Yes</td></tr><tr><td>Cloud (IaaS) deployed virtual appliances in environments such as AWS, Azure, GCP, etc.</td><td>No</td></tr></tbody></table>

When FIPS mode is enabled, only FIPS compliant cyphers and configuration options are enabled for Brains and Sensors or Stream appliances.

{% hint style="info" %}
**Please Note:**

* Enabling or disabling FIPS mode will cause a reboot of Brain and paired Sensors or Stream appliances.
  * The kernel needs to changed between FIPS and default Ubuntu kernels.  This requires a reboot.
* If FIPS mode is required for your deployment, it is recommended to enable FIPS mode prior to directing traffic at your Sensors.
* In the case of virtual appliances, the underlying hardware must also be FIPS compliant (it must support the RDRAND CPU instruction).
  {% endhint %}

To enable FIPS mode you must be able to access the CLI of your Brain appliance.  Please see [SSH login process for CLI](/deployment/appliance-operations/ssh-login-process-for-cli.md) for more details.

**To Enable:**

Use the `set security-mode fips` command.

**To Disable:**

Use the `set security-mode default` command.

**Showing Current State:**

Use the `show security-mode` command.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vectra.ai/deployment/appliance-operations/fips-mode-enabling-and-disabling.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.