Federal Information Processing Standard (FIPS) 140-2 Level 1 compliance - Metasys - LIT-12011832 - General System Information - Metasys System - 12.0

Metasys System Configuration Guide

Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Configuration Guide
Document number
LIT-12011832
Version
12.0
Revision date
2024-07-17
Product status
Active
FIPS 140-2 is a U.S. government cyber security standard used to approve cryptographic modules and algorithms used for encryption. Three Metasys component types have been updated at Release 11.0 and Release 12.0, respectively, to include FIPS 140-2 certification or compliance; however, they have been implemented differently as shown below:
  • Network engines: FIPS 140-2 Level 1 compliance is included by default in all SNE, SNC, and NAE55xx-2/-3 series network engines that have Release 11.0 or later software and is an optional feature that can be purchased separately and added onto NAE85/LCS85 series network engines. FIPS 140-2 Level 1 compliance is certified for SNE and SNC series network engines.
  • Metasys Application Servers (ADS, ADX, and OAS): FIPS 140-2 Level 1 compliance is an optional feature that can be purchased separately and added on to Metasys Server offerings from Release 11.0.
  • CGE and CVE series equipment controllers: FIPS 140-2 Level 1 compliance is included by default in all CGE and CVE series equipment controllers at Release 12.0 that have 10.0 firmware.

In addition, FIPS 140-2 enhancements result in the following mixed site compatibility behaviors that need to be understood to prevent field misunderstanding and rework.

Table 1. FIPS 140-2 impact on mixed-site communication behaviors
Communication behavior Site Director type and FIPS 140-2 status
Network Engine at Release 12.0. FIPS 140-2 is included by default. Metasys Server or NAE85/LCS85 at Release 12.0, and FIPS 140-2 is added. Metasys Server at Release 12.0 or NAE85/LCS85, but FIPS 140-2 is not added.
Can communicate with child network engines at Release 10.1 or earlier (FIPS 140-2 not available) No No Yes
Can communicate with child network engines at Release 11.0 or 12.0 (FIPS 140-2 is default) Yes Yes Yes