Cisco Cisco ASA 5520 Adaptive Security Appliance Instrucciones De Seguridad Importantes
Export Compliance Guide and Q&A
All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 11
A.
A sanctioned entity is an individual and/or entity that has been denied export privileges
because they have willfully violated international treaties and local laws.
Q.
How do we find out if a customer is sanctioned?
A.
To find out if a customer is sanctioned, refer to the DPL at Cisco Regulatory Affairs:
http://www.cisco.com/wwl/export/compliance_provision.html
. More information is also
available at the U.S. Department of Commerce:
http://www.bis.doc.gov
.
Q.
What is a government end user?
A.
A government end user is any foreign central, regional, or local government department,
agency, or other entity performing governmental functions. This includes governmental
research institutions; governmental corporations or their separate business units that are
engaged in the manufacture or distribution of items or services controlled on the Wassenaar
Munitions List; and international governmental organizations. Certain state-owned enterprises
qualify under license exception and as such are not subject to license requirements.
Q.
Which destinations are embargoed or prohibited to receive Cisco products, technology,
or services exported from the United States?
A.
For a list of embargoed or prohibited export destinations, refer to the Regulatory Affairs
Website at:
http://www.cisco.com/wwl/export/compliance_provision.html
.
Q.
How are Cisco ASA 5500 Series products categorized with respect to export control?
A.
Cisco ASA 5500 Series products fall into one of two encryption categories: unrestricted (retail)
or restricted (non-retail) encryption.
Q.
What is
restricted
encryption?
A.
Restricted encryption products have symmetric key lengths greater than 64 bits, such as
Advanced Encryption Standard (AES) or Triple Data Encryption Standard (3DES), and are
considered “network infrastructure” commodities under the U.S. Export Administration
Regulations. Restricted encryption products are not eligible for export to government or
military end users in some countries without an export license. To determine what end users
require an export license for restricted encryption products, visit:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
.
Q.
What is
unrestricted
encryption?
A.
Unrestricted encryption products also have symmetric key lengths greater than 64 bits, but
they do not meet the network infrastructure criteria of restricted products under the U.S.
Export Regulations. Government and military end users that are not eligible for restricted
encryption without a license may be eligible for unrestricted Cisco ASA 5500 Series products.
To determine what end users are eligible for unrestricted encryption products, visit:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
. For more information, please refer to
the U.S. Export Administration Regulations:
http://www.access.gpo.gov/bis/ear/ear_data.html
.
Q.
What encryption levels does the Cisco ASA 5500 Series support?
A.
Cisco ASA 5500 Series supports two different levels of encryption. By default, all Cisco ASA
5500 Series appliances support 56-bit DES, 56-bit RC4, 512-bit RSA, and 512-bit Digital
Signature Algorithm (DSA) encryption algorithms included in the base encryption license.
Customers can optionally upgrade to a strong encryption license that adds support for 168-bit
3DES, up to 256-bit AES, up to 128-bit RC4, up to 4096-bit RSA, and up to 1024-bit DSA
encryption algorithms. A strong encryption license can be obtained through Cisco.com, if it