Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
29-4
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 29 FIPS Management
Checking FIPS Mode Compliance
–
FTP Push log subscriptions' passwords
–
IPMI LAN password
–
Updater server URLs
–
AMP proxy configuration URL and credentials
Note
All users, including the administrators, cannot view the sensitive information in the
configuration files.
configuration files.
•
Swap space in your appliance is encrypted to prevent any unauthorized access or forensic attacks, if
the physical security of the appliance is compromised.
the physical security of the appliance is compromised.
Procedure
mail.example.com> fipsconfig
FIPS mode is currently enabled.
Choose the operation you want to perform:
- SETUP - Configure FIPS mode.
- FIPSCHECK - Check for FIPS mode compliance.
[]> setup
To finalize FIPS mode, the appliance will reboot immediately. No commit will be required.
Are you sure you want to disable FIPS mode and reboot now ? [N]> n
Do you want to enable encryption of sensitive data in configuration file when FIPS mode is
enabled? Changing the value will result in system reboot [N]> y
Enter the number of seconds to wait before forcibly closing connections.
[30]>
System rebooting. Please wait while the queue is being closed...
Closing CLI connection.
Rebooting the system...
Checking FIPS Mode Compliance
Use the
fipsconfig
command to check if your appliance contains any non-FIPS-compliant objects.
Procedure
mail.example.com> fipsconfig
FIPS mode is currently disabled.
Choose the operation you want to perform:
- SETUP - Configure FIPS mode.
- FIPSCHECK - Check for FIPS mode compliance.
[]> fipscheck
Currently, there are non-FIPS-compliant objects configured.
List of non FIPS compliant DKIM Verification Profiles:
Profile Name Key Size
-------------------------------------------------------------