Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
731732733734735736737738739740
CHAPTER
27-1
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
27
FIPS Management
FIPS Management Overview, page 27-1
Configuration Changes in FIPS Mode, page 27-1
Switching the Appliance to FIPS Mode, page 27-2
Encrypting Sensitive Data in FIPS Mode, page 27-3
Checking FIPS Mode Compliance, page 27-4
Managing Certificates and Keys, page 27-4
Managing Keys for DKIM Signing and Verification, page 27-5
FIPS Management Overview
The Federal Information Processing Standard (FIPS) 140 is a publicly announced standard developed
jointly by the United States and Canadian federal governments specifying requirements for
cryptographic modules that are used by government agencies to protect sensitive but unclassified
information. The Cisco IronPort Email Security appliance uses the Cisco SSL Cryptographic Toolkit to
achieve FIPS 140-2 Level 1 compliance.
The Cisco SSL Cryptographic Toolkit is a a GGSG-approved cryptography suite that includes Cisco
SSL, which is an enhanced version of OpenSSLs FIPS support, and the FIPS-compliant Cisco Common
Cryptography Module. The Cisco Common Cryptography Module is a software library that Email
Security appliance uses for FIPS-validated cryptographic algorithms for protocols such SSH.
Configuration Changes in FIPS Mode
The Email Security appliance uses Cisco SSL and FIPS-compliant certificates for communication when
the appliance is in FIPS mode. See Switching the Appliance to FIPS Mode, page 27-2 for more
information.
Note As part of FIPS compliance, AsyncOS for Email does not support SSH version 1.