Cisco Cisco Web Security Appliance S170 사용자 가이드
2
I R O N P O R T A S Y N C O S 6 . 5 F O R W E B U S E R G U I D E
W H A T ’S N E W I N T H I S R E L E A S E
This section describes the new features and enhancements in AsyncOS for Web 6.5. For more
information about the release, see the product release notes, which are available on the
IronPort Customer Support Portal at the following URL:
information about the release, see the product release notes, which are available on the
IronPort Customer Support Portal at the following URL:
http://www.cisco.com/cisco/web/support/index.html
You might also find it useful to review release notes for earlier releases to see the features and
enhancements that were previously added.
enhancements that were previously added.
New Feature: FIPS Compliance
AsyncOS for Web 6.5 provides support for the new FIPS-compliant version of the Cisco
IronPort S670 Web Security appliance.
IronPort S670 Web Security appliance.
The Federal Information Processing Standard (FIPS) 140 is a publicly announced standard
developed jointly by the United States and Canadian federal governments specifying
requirements for cryptographic modules that are used by all government agencies to protect
sensitive but unclassified information. The Cisco IronPort S670 Web Security appliance is
offered with a Hardware Security Module (HSM) card that is FIPS 140-2 level 2 certified. This
standard specifies additional protections for information used in cryptographic operations,
including the use of a tamper-resistant hardware keystore for private keys.
developed jointly by the United States and Canadian federal governments specifying
requirements for cryptographic modules that are used by all government agencies to protect
sensitive but unclassified information. The Cisco IronPort S670 Web Security appliance is
offered with a Hardware Security Module (HSM) card that is FIPS 140-2 level 2 certified. This
standard specifies additional protections for information used in cryptographic operations,
including the use of a tamper-resistant hardware keystore for private keys.
When the Cisco IronPort S670 Web Security appliance includes the HSM card and uses
AsyncOS for Web 6.5, it offloads cryptographic operations to the HSM card in a FIPS
compliant manner. The HSM card is responsible for the storage and protection of the
cryptographic keys.
AsyncOS for Web 6.5, it offloads cryptographic operations to the HSM card in a FIPS
compliant manner. The HSM card is responsible for the storage and protection of the
cryptographic keys.
AsyncOS for Web 6.5 provides support for using the HSM for all cryptographic operations
performed by the appliance. It also provides a FIPS management console to allow an
administrator to configure the HSM for use in a clustered environment and manage
certificates and private keys.
performed by the appliance. It also provides a FIPS management console to allow an
administrator to configure the HSM for use in a clustered environment and manage
certificates and private keys.
For more information, see Chapter 5, “FIPS Management,” on page 67.