Cisco Cisco Email Security Appliance C650 Guía Del Usuario
C H A P T E R
26-1
Cisco AsyncOS 8.5.5 for Email Security User Guide
26
FIPS Management
•
•
•
•
•
FIPS Management Overview
The Federal Information Processing Standard (FIPS) 140 is a publicly announced standard developed
jointly by the United States and Canadian federal governments specifying requirements for
cryptographic modules that are used by government agencies to protect sensitive but unclassified
information. The Cisco IronPort Email Security appliance uses the CiscoSSL Cryptographic Toolkit to
achieve FIPS 140-2 Level 1 complaince.
jointly by the United States and Canadian federal governments specifying requirements for
cryptographic modules that are used by government agencies to protect sensitive but unclassified
information. The Cisco IronPort Email Security appliance uses the CiscoSSL Cryptographic Toolkit to
achieve FIPS 140-2 Level 1 complaince.
The CiscoSSL Cryptographic Toolkit is a a GGSG-approved cryptography suite that includes Cisco SSL,
which is an enhanced version of OpenSSL’s FIPS support, and the FIPS-compliant Cisco Common
Cryptography Module. The Cisco Common Cryptography Module is a software library that Email
Security appliance uses for FIPS-validated cryptographic algorithms for protocols such SSH.
which is an enhanced version of OpenSSL’s FIPS support, and the FIPS-compliant Cisco Common
Cryptography Module. The Cisco Common Cryptography Module is a software library that Email
Security appliance uses for FIPS-validated cryptographic algorithms for protocols such SSH.
Understanding How FIPS Management Works
The Email Security appliance uses CiscoSSL and FIPS-compliant certificates for communication when
the appliance is in FIPS mode. See
the appliance is in FIPS mode. See
for more
information.
Note
As part of FIPS compliance, AsyncOS for Email does not support SSH version 1.
To be FIPS Level 1 compliant, the Email Security appliance makes the following changes to your
configuration:
configuration:
•
SMTP receiving and delivery. Incoming and outgoing SMTP conversations over TLS between a
public listener on the Email Security appliance and a remote host use TLS version 1 and FIPS cipher
suites. You cannot change these values using
public listener on the Email Security appliance and a remote host use TLS version 1 and FIPS cipher
suites. You cannot change these values using
sslconfig
when in FIPS mode. TLS v1 is the only
version of TLS supported in FIPS mode.