Cisco Cisco Email Security Appliance C170 Guía Del Usuario
C H A P T E R
29-1
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
29
FIPS Management
•
•
•
•
•
•
•
FIPS Management Overview
The Federal Information Processing Standard (FIPS) 140 is a publicly announced standard developed
jointly by the United States and Canadian federal governments specifying requirements for
cryptographic modules that are used by government agencies to protect sensitive but unclassified
information. The Cisco Email Security appliance uses the Cisco SSL Cryptographic Toolkit to achieve
FIPS 140-2 Level 1 compliance.
jointly by the United States and Canadian federal governments specifying requirements for
cryptographic modules that are used by government agencies to protect sensitive but unclassified
information. The Cisco Email Security appliance uses the Cisco SSL Cryptographic Toolkit to achieve
FIPS 140-2 Level 1 compliance.
The Cisco SSL Cryptographic Toolkit is a a GGSG-approved cryptography suite that includes Cisco
SSL, which is an enhanced version of OpenSSL’s FIPS support, and the FIPS-compliant Cisco Common
Cryptography Module. The Cisco Common Cryptography Module is a software library that Email
Security appliance uses for FIPS-validated cryptographic algorithms for protocols such SSH.
SSL, which is an enhanced version of OpenSSL’s FIPS support, and the FIPS-compliant Cisco Common
Cryptography Module. The Cisco Common Cryptography Module is a software library that Email
Security appliance uses for FIPS-validated cryptographic algorithms for protocols such SSH.
Configuration Changes in FIPS Mode
The Email Security appliance uses Cisco SSL and FIPS-compliant certificates for communication when
the appliance is in FIPS mode. See
the appliance is in FIPS mode. See
for more
information.
To be FIPS Level 1 compliant, the Email Security appliance makes the following changes to your
configuration:
configuration:
•
SMTP receiving and delivery. Incoming and outgoing SMTP conversations over TLS between a
public listener on the Email Security appliance and a remote host use TLS v1.1 and/or v1.2 and FIPS
cipher suites. You can modify the cipher suites using
public listener on the Email Security appliance and a remote host use TLS v1.1 and/or v1.2 and FIPS
cipher suites. You can modify the cipher suites using
sslconfig
when in FIPS mode.