Federal Information Processing Standard (FIPS) 140-2 Level 1 compliance using FIPS validated components - Metasys - LIT-1201526 - General System Information - Metasys System - 14.0

Metasys System Product Bulletin

Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Product Bulletin
Document number
LIT-1201526
Version
14.0
Revision date
2024-09-17
Product status
Active
FIPS 140-2 is a U.S. government cyber security standard used to approve cryptographic modules and algorithms used for encryption. Three Metasys component types have been updated to include FIPS 140-2 certification or compliance; however, they have been implemented differently as shown below:
  • Network engines: FIPS 140-2 Level 1 Compliance using FIPS validated components is included by default in all SNE, SNC, and NAE55xx-2/-3 series network engines that have Release 11.0 or later software and is an optional feature that can be purchased separately and added onto NAE85/LCS85 series network engines. FIPS 140-2 Level 1 Compliance using FIPS validated components is certified for SNE and SNC series network engine.
  • Metasys Application Servers (ADS, ADX, and OAS): FIPS 140-2 Level 1 Compliance using FIPS validated components is an optional feature that can be purchased separately and added on to Metasys Server offerings from Release 11.0.
  • CGE and CVE series equipment controllers: FIPS 140-2 Level 1 Compliance using FIPS validated components is included by default in all CGE and CVE series equipment controllers from Release 12.0 that have 10.0 firmware or later.

In addition, FIPS 140-2 enhancements result in the following mixed site compatibility behaviors that need to be understood to prevent field misunderstanding and rework. FIPS140-2 engines cannot communicate with older engines that do not use the same encryption type, as shown in the following table.

Table 1. FIPS 140-2 impact on mixed-site communication behaviors
Communication behavior Site Director type and FIPS 140-2 status
Network engine at Release 14.0, FIPS 140-2 is included by default. Metasys Server or NAE85/LCS85 at Release 14.0, FIPS 140-2 is added. Metasys Server or NAE85/LCS85 at Release 14.0, FIPS 140-2 is not added.
Can communicate with child network engines at Release 10.1 or earlier (FIPS 140-2 not available) No No Yes
Can communicate with child network engines at Release 11.0, 12.0, 13.0, or 14.0 (FIPS 140-2 is default) Yes Yes Yes