# FIPS mode enabling and disabling

FIPS stands for Federal Information Processing Standards. For details please these external pages:

* <https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips>
* <https://csrc.nist.gov/publications/fips>

Vectra physical and virtual (for traditional hypervisors) appliances support operations in a FIPS compliant mode. Appliances deployed in IaaS clouds such as AWS, Azure, and GCP cannot run in FIPS mode.

<table><thead><tr><th width="441.875">Appliance Type</th><th>FIPS Mode Supported</th></tr></thead><tbody><tr><td>All physical appliances</td><td>Yes</td></tr><tr><td>Virtual appliances for traditional hypervisors such as VMware, Nutanix, Hyper-V, KVM, etc</td><td>Yes</td></tr><tr><td>Cloud (IaaS) deployed virtual appliances in environments such as AWS, Azure, GCP, etc.</td><td>No</td></tr></tbody></table>

When FIPS mode is enabled, only FIPS compliant cyphers and configuration options are enabled for Brains and Sensors or Stream appliances.

{% hint style="info" %}
**Please Note:**

* Enabling or disabling FIPS mode will cause a reboot of Brain and paired Sensors or Stream appliances.
  * The kernel needs to changed between FIPS and default Ubuntu kernels.  This requires a reboot.
* If FIPS mode is required for your deployment, it is recommended to enable FIPS mode prior to directing traffic at your Sensors.
* In the case of virtual appliances, the underlying hardware must also be FIPS compliant (it must support the RDRAND CPU instruction).
  {% endhint %}

To enable FIPS mode you must be able to access the CLI of your Brain appliance.  Please see [SSH login process for CLI](https://docs.vectra.ai/deployment/appliance-operations/ssh-login-process-for-cli) for more details.

**To Enable:**

Use the `set security-mode fips` command.

**To Disable:**

Use the `set security-mode default` command.

**Showing Current State:**

Use the `show security-mode` command.