SQL Anywhere Network Server Version 11.0.1.2250 Advanced edition
16 logical processor(s) on 4 physical processor(s) detected.
Running Windows 2003 Build 3790 Service Pack 2 on X86 (X86_64)
Server built for X86 processor architecture
25165824K of memory used for caching
Physical memory allocated for images: 24883928K
Address space allocated: 1237664K
Using a maximum page size of 8192 bytes
================================================== ==
Verify that the database is encrypted:

SELECT DB_PROPERTY('Encryption');
Return "AES256_FIPS"
================================================== ==
If this server property retun "No" does that meant that we're not using
FIPS?

And to fix this we would need to added: -FIPS in our command line with the
key....right?

SELECT PROPERTY ( 'FipsMode' );
Return "No"
================================================== ==

Thanks in advance for your help.

Best regards,
Rachan Terrell

I think the answer is yes.
But what exactly is your question again?


"Rachan Terrell" <Rachan.Terrell (AT) Stanleyassociates (DOT) com> wrote

DB_PROPERTY('Encryption') indicates if your database is encrypted.

PROPERTY ( 'FipsMode' ) indicates if your server is running with the
'-fips' switch.

Neither is possible unless you've added support for FIPS encryption
but that is included in your Advanced Edition [normally a seperately
licensible feature but this is standard with] so you are good on that
score.

http://www.sybase.com/products/datab...where/editions

"Nick Elson [Sybase iAnywhere]" <@nick@.@elson@@sybase@.@com@> wrote in
message news:4a8da9b4$2 (AT) forums-1-dub (DOT) ..

Question:

If this server property (SELECT PROPERTY ( 'FipsMode' ) retun "No" does
that meant that we're not using FIPS?

Best regards,
Rachan Terrell

"Nick Elson [Sybase iAnywhere]" <@nick@.@elson@@sybase@.@com@> wrote in
message news:4a8da9b4$2 (AT) forums-1-dub (DOT) ..

If we have our database encrypted but did not have our server running with
'-fips' switch then we are not FIPS compliance correct?

Best regards,
Rachan Terrell

"Rachan Terrell" <Rachan.Terrell (AT) Stanleyassociates (DOT) com> wrote

The purpose of the -fips switch (as I understand it) is to
only allow FIPS-approved encrypted operations.

The omission of that switch does not preclude FIPS
approved db encryption nor FIPS approved TLS.
Instead, without it, one could conceivably run with
non-fips-approved encryption or using algorithms
not in the list of approved Federal Information Processing
Standard (FIPS) 140-2 approved algorithms.

[Reference:
http://dcx.sybase.com/1101en/dbadmin...b-3913310.html ]

It is not required to turn FIPS capabilities on. It is more
of an assurance or guarantee that those are enforced in
all cases.

In deployment in an area requiring compliance, the
switch may be an operational requirement. If so
it should probably be used for testing as well.
[I believe this is exactly the case in your customers
deployments as well.]

"Rachan Terrell" <Rachan.Terrell (AT) Stanleyassociates (DOT) com> wrote