Cisco Cisco Email Security Appliance C190 User Guide

Cisco AsyncOS 9.1 for Email 사용 설명서

27 장     FIPS 관리

  FIPS 모드 규정 준수 검사

절차

mail.example.com> fipsconfig

FIPS mode is currently enabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

- FIPSCHECK - Check for FIPS mode compliance.

[]> setup

To finalize FIPS mode, the appliance will reboot immediately. No commit will be required.

Are you sure you want to disable FIPS mode and reboot now ? [N]> n

Do you want to enable encryption of sensitive data in configuration file when FIPS mode is 

enabled? Changing the value will result in system reboot [N]> y

Enter the number of seconds to wait before forcibly closing connections.

[30]>

System rebooting.  Please wait while the queue is being closed...

Closing CLI connection.

Rebooting the system...

FIPS 모드 규정 준수 검사

fipsconfig

 명령을 사용하여 어플라이언스에 비FIPS 규격 객체가 포함되어 있는지 확인합니다.

절차

mail.example.com> fipsconfig

FIPS mode is currently disabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

- FIPSCHECK - Check for FIPS mode compliance.

[]> fipscheck

All objects in the current configuration are FIPS compliant.

FIPS mode is currently disabled.

인증서 및 키 관리

AsyncOS에서는 인증서 및 개인 키 쌍을 사용하여 어플라이언스와 외부 머신 간의 통신을 암호화
할 수 있습니다. 기존 인증서 및 키 쌍을 업로드하거나 자체 서명 인증서를 생성하거나 
CRS(Certificate Signing Request)를 생성하여 인증 기관에 제출하고 공용 인증서를 획득할 수 있습
니다. 인증 기관에서는 개인 키로 서명한 신뢰할 수 있는 공용 인증서를 반환하며 이는 어플라이언
스에 업로드할 수 있습니다.

어플라이언스가 FIPS 모드인 경우 다음을 진행할 수 있습니다. 

어플라이언스의 FIPS 모드에서는 어플라이언스의 FIPS 규격 준수를 위해 어플라이언스에서 사용
하는 인증서에 여러 제한사항을 추가합니다. 인증서는 SHA-1, SHA-224, SHA-256, SHA-384 및 
SHA-512와 같은 서명 알고리즘을 사용해야 합니다.