The Federal Information Processing Standard (FIPS) 140 is a publicly announced standard developed
jointly by the United States and Canadian federal governments specifying requirements for
cryptographic modules that are used by government agencies to protect sensitive but unclassified
information. The Cisco Email Security appliance uses the Cisco SSL Cryptographic Toolkit to achieve
FIPS 140-2 Level 1 compliance.

The Cisco SSL Cryptographic Toolkit is a a GGSG-approved cryptography suite that includes Cisco
SSL, which is an enhanced version of OpenSSL’s FIPS support, and the FIPS-compliant Cisco Common
Cryptography Module. The Cisco Common Cryptography Module is a software library that Email
Security appliance uses for FIPS-validated cryptographic algorithms for protocols such SSH.

Configuration Changes in FIPS Mode

The Email Security appliance uses Cisco SSL and FIPS-compliant certificates for communication when
the appliance is in FIPS mode. See

Switching the Appliance to FIPS Mode, page 29-2

for more

information.

To be FIPS Level 1 compliant, the Email Security appliance makes the following changes to your
configuration:

•

SMTP receiving and delivery. Incoming and outgoing SMTP conversations over TLS between a
public listener on the Email Security appliance and a remote host use TLS v1.1 and/or v1.2 and FIPS
cipher suites. You can modify the cipher suites using

sslconfig

when in FIPS mode.