Federal Information Processing Standard (FIPS) 140-2 Level 1 compliance using FIPS validated components - Metasys - LIT-1201526 - General System Information - Metasys System - 13.0.50

Metasys System Product Bulletin

Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Product Bulletin
Document number
LIT-1201526
Version
13.0.50
Revision date
2024-01-23
Product status
Active
FIPS 140-2 is a U.S. government cyber security standard used to approve cryptographic modules and algorithms used for encryption. Three Metasys component types have been updated to include FIPS 140-2 certification or compliance; however, they have been implemented differently as shown below:
  • Network engines: FIPS 140-2 Level 1 Compliance using FIPS validated components is included by default in all SNE, SNC, and NAE55xx-2/-3 series network engines that have Release 11.0 or later software and is an optional feature that can be purchased separately and added onto NAE85/LCS85 series network engines. FIPS 140-2 Level 1 Compliance using FIPS validated components is certified for SNE and SNC series network engine.
  • Metasys Application Servers (ADS, ADX, and OAS): FIPS 140-2 Level 1 Compliance using FIPS validated components is an optional feature that can be purchased separately and added on to Metasys Server offerings from Release 11.0.
  • CGE and CVE series equipment controllers: FIPS 140-2 Level 1 Compliance using FIPS validated components is included by default in all CGE and CVE series equipment controllers from Release 12.0 that have 10.0 firmware or later.

In addition, FIPS 140-2 enhancements result in the following mixed site compatibility behaviors that need to be understood to prevent field misunderstanding and rework. Due to the encryption for FIPS140-2 Engines, they cannot communicate with older engines that do not use the same encryption type, as shown in the following table.

Table 1. FIPS 140-2 impact on mixed-site communication behaviors
Communication behavior Site Director type and FIPS 140-2 status
Network Engine at Release 13.0. FIPS 140-2 is included by default. Metasys Server or NAE85/LCS85 at Release 13.0, and FIPS 140-2 is added. Metasys Server or NAE85/LCS85 at Release 13.0, but FIPS 140-2 is not added.
Can communicate with child network engines at Release 10.1 or earlier (FIPS 140-2 not available) No No Yes
Can communicate with child network engines at Release 11.0, 12.0, or 13.0 (FIPS 140-2 is default) Yes Yes Yes