FIPS 140-2 is a U.S. government cyber security standard used to approve
cryptographic modules and algorithms used for encryption. Three Metasys component types
have been updated to include FIPS 140-2 certification or compliance; however, they have
been implemented differently as shown below:
- Network engines: FIPS 140-2 Level 1 Compliance using FIPS validated components is included by default in all SNE, SNC, and NAE55xx-2/-3 series network engines that have Release 11.0 or later software and is an optional feature that can be purchased separately and added onto NAE85/LCS85 series network engines. FIPS 140-2 Level 1 Compliance using FIPS validated components is certified for SNE and SNC series network engine.
- Metasys Application Servers (ADS, ADX, and OAS): FIPS 140-2 Level 1 Compliance using FIPS validated components is an optional feature that can be purchased separately and added on to Metasys Server offerings from Release 11.0.
- CGE and CVE series equipment controllers: FIPS 140-2 Level 1 Compliance using FIPS validated components is included by default in all CGE and CVE series equipment controllers from Release 12.0 that have 10.0 firmware or later.
In addition, FIPS 140-2 enhancements result in the following mixed site compatibility behaviors that need to be understood to prevent field misunderstanding and rework. FIPS140-2 engines cannot communicate with older engines that do not use the same encryption type, as shown in the following table.
Communication behavior | Site Director type and FIPS 140-2 status | ||
---|---|---|---|
Network engine at Release 14.0, FIPS 140-2 is included by default. | Metasys Server or NAE85/LCS85 at Release 14.0, FIPS 140-2 is added. | Metasys Server or NAE85/LCS85 at Release 14.0, FIPS 140-2 is not added. | |
Can communicate with child network engines at Release 10.1 or earlier (FIPS 140-2 not available) | No | No | Yes |
Can communicate with child network engines at Release 11.0, 12.0, 13.0, or 14.0 (FIPS 140-2 is default) | Yes | Yes | Yes |