Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2705
Views
0
Helpful
2
Replies

FIPS Compliant?

Go to solution
Jason Meyer
Level 1
Level 1

‎10-24-2011 03:34 PM

We currently use IronPort Encyption appliances for encrypting outbound e-mails. 

Our customers are asking if these devices are FIPS compliant?  They are reading this somewhere:

AsyncOS for Email 7.3 provides support for the Cisco IronPort Email Security appliance with a FIPS-compliant Hardware Security Module (HSM) card.

The Federal Information Processing Standard (FIPS) 140 is a publicly announced standard developed jointly by the United States and Canadian federal governments specifying requirements for cryptographic modules that are used by all government agencies to protect sensitive but unclassified information. The HSM offered with the Cisco IronPort C670 Email Security appliance is the CAVIUM Nitrox XL CN15xx-NFBE Cryptographic Module, which complies with the FIPS 140-2 Level 2 standard. This standard specifies additional protections for information used in cryptographic operations, including the use of a tamper-resistant hardware keystore for private keys.

The HSM card provides cryptographic processing for the appliance as well as storage for private keys. All cryptographic operations take place within the secure environment of the HSM card.

When the Email Security appliance includes the HSM card and uses AsyncOS 7.3, it offloads all cryptographic operations to the HSM card in a FIPS-compliant manner. AsyncOS for Email 7.3 also provides a FIPS management console to allow a FIPS Officer to configure the HSM card to manage certificates and private keys.”

Are the IEA appliances FIPS compliant?

Jason Meyer

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Christopher Smith
Level 4
Level 4

‎10-24-2011 06:17 PM

Hi Jason,

I believe you have a SR open with us reference this issue. My apologies we did not get to follow up before the end of the day. The information your referencing is correct however this applies to the ESA Email Security Appliance. The ESA runing  AsyncOS 7.3 and above Provides support for FIPS. The IEA IronPort Encryption Appliance is not FIPS compliment. While the ESA runs IronPorts Proprietary AsyncOS, the IEA is based on Linux. These two platforms are entirely different from the ground up. Currently there are no plans to make the IEA FIPS complient.

Christopher C Smith

CSE CSCM

Cisco IronPort Customer Support

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Christopher Smith
Level 4
Level 4

‎10-24-2011 06:17 PM

Hi Jason,

I believe you have a SR open with us reference this issue. My apologies we did not get to follow up before the end of the day. The information your referencing is correct however this applies to the ESA Email Security Appliance. The ESA runing  AsyncOS 7.3 and above Provides support for FIPS. The IEA IronPort Encryption Appliance is not FIPS compliment. While the ESA runs IronPorts Proprietary AsyncOS, the IEA is based on Linux. These two platforms are entirely different from the ground up. Currently there are no plans to make the IEA FIPS complient.

Christopher C Smith

CSE CSCM

Cisco IronPort Customer Support

0 Helpful

Go to solution
Jason Meyer
Level 1
Level 1
In response to Christopher Smith

‎10-31-2011 09:32 AM

I don't have a SR open on this.  Just wanted to get a response from CISCO on this.   Thanks Chris.

0 Helpful
Customers Also Viewed These Support Documents