Cisco Cisco Email Security Appliance C370 Technical References

F I P S C O N F I G

C H A P T E R 3 : T H E C O M M A N D S : R E F E R E N C E E X A M P L E S

Choose the operation you want to perform:

- INIT - Initialize the hardware security module.

- GETINFO - Display the hardware security module status.

- CERTCONFIG - Configure certificates and keys.

- DOMAINKEYSCONFIG - Configure keys for DomainKeys and DKIM.

- CLONETARGET - Clone the hardware security module as the target.

- CLONESOURCE - Clone the hardware security module as the source.

- BACKUP - Backup critical security parameters.

- RESTORE - Restore critical security parameters.

- PASSWD - Change FIPS password.

[]> getinfo

Firmware Version: 4.7.1

Serial Number: 8100752

Hardware ID: K5

Label: Cisco_IronPort_Label

Total SRAM Memory: 16984932

Free SRAM Memory: 16983492

Total Flash Memory: 14286412

Free Flash Memory: 14281236

FIPS capabilities and policy values:

Capability Policy

Enable PIN Authentication 1 1

Enable PED Authentication 1 0

Performance Level 4 -

M of N Code 0 0

Enable Configuration Masking 1 1

Allow Configuration Cloning 1 1

Allow Non-FIPS Algorithms 1 0

Allow Network Replication 0 0

Allow Offboard Storage 1 1

Private Key Wrapping 0 0

Secret Key Wrapping 1 1

Allow Changing Key Attributes 1 1

Authentication Without Challenge 1 1

Allow Non-Local Signing Key 1 1

Maximum Failed Login Attempts 10 10

Allow Auto-Activation 1 0

Choose the operation you want to perform:

- INIT - Initialize the hardware security module.

- GETINFO - Display the hardware security module status.

Code Example 3-42 fipsconfig