Cisco Cisco Email Security Appliance C680
Software Notes
8
Release Notes for Cisco IronPort AsyncOS 7.3.1 for Email
OL-23626-02
The Federal Information Processing Standard (FIPS) 140 is a publicly announced
standard developed jointly by the United States and Canadian federal
governments specifying requirements for cryptographic modules that are used by
all government agencies to protect sensitive but unclassified information. The
HSM offered with the certain Cisco IronPort Email Security appliances is the
CAVIUM Nitrox XL CN15xx-NFBE Cryptographic Module, which complies
with the FIPS 140-2 Level 2 standard. This standard specifies additional
protections for information used in cryptographic operations, including the use of
a tamper-resistant hardware keystore for private keys.
standard developed jointly by the United States and Canadian federal
governments specifying requirements for cryptographic modules that are used by
all government agencies to protect sensitive but unclassified information. The
HSM offered with the certain Cisco IronPort Email Security appliances is the
CAVIUM Nitrox XL CN15xx-NFBE Cryptographic Module, which complies
with the FIPS 140-2 Level 2 standard. This standard specifies additional
protections for information used in cryptographic operations, including the use of
a tamper-resistant hardware keystore for private keys.
The HSM card provides cryptographic processing for the appliance as well as
storage for private keys. All cryptographic operations take place within the secure
environment of the HSM card.
storage for private keys. All cryptographic operations take place within the secure
environment of the HSM card.
When the Email Security appliance includes the HSM card and uses AsyncOS 7.3,
it offloads all cryptographic operations to the HSM card in a FIPS-compliant
manner. AsyncOS for Email 7.3 also provides a FIPS management console to
allow a FIPS Officer to configure the HSM card to manage certificates and private
keys.
it offloads all cryptographic operations to the HSM card in a FIPS-compliant
manner. AsyncOS for Email 7.3 also provides a FIPS management console to
allow a FIPS Officer to configure the HSM card to manage certificates and private
keys.
Software Notes
Please be aware of the following software impacts:
Security Management Appliances That Are Not FIPS Compliant
While you can use a Security Management appliance that does not have an HSM
card to provide centralized services for an Email Security appliance running
AsyncOS 7.3, this may bring the Email Security appliance’s HSM card out of
FIPS compliance.
card to provide centralized services for an Email Security appliance running
AsyncOS 7.3, this may bring the Email Security appliance’s HSM card out of
FIPS compliance.