Cisco Cisco Email Security Appliance C190 Technical References

All users, including the administrators, cannot view the sensitive information in the 
configuration files.

Swap space in your appliance is encrypted to prevent any unauthorized access or forensic 
attacks, if the physical security of the appliance is compromised.

Check if your appliance contains any non-FIPS-compliant objects

Commit: This command does not require a ‘commit’.

Cluster Management: This command can be used in the following modes: cluster and machine.

Batch Command: This command does not support a batch format.

Before enabling FIPS mode, you must modify all the non-FIPS-compliant objects to meet the FIPS 
requirements.

The following example shows how to enable FIPS mode.

mail.example.com> fipsconfig

FIPS mode is currently disabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

- FIPSCHECK - Check for FIPS mode compliance.

[]> setup

To finalize FIPS mode, the appliance will reboot immediately. No commit will be required.

Are you sure you want to enable FIPS mode and reboot now ? [N]> y

Do you want to enable encryption of sensitive data in configuration file when FIPS mode is 

enabled? Changing the value will result in system reboot [N]> n

Enter the number of seconds to wait before forcibly closing connections.

[30]>

System rebooting.  Please wait while the queue is being closed...

Closing CLI connection.

Rebooting the system...

The following example shows how to encrypt sensitive data in a FIPS compliant appliance.

mail.example.com> fipsconfig

FIPS mode is currently enabled.

Choose the operation you want to perform: