Areas of non-compliance with FIPS
There is a number of processes that are necessary for the operation of Secure Email Gateway, which are currently not FIPS compliant.
The following table displays processes used by Secure Email Gateway that are non-compliant with FIPS 140-2.
| Area | Description |
|---|---|
| Java Secure Socket Extension (JSSE) | Enables secure Internet communications. |
| Bouncy Castle | Cryptography Java library used for importing (and extracting information from) certificates. |
| SSH | Cryptographic protocol used for secure communication. Uses low level digest APIs and MD5 in password validation. |
| SNMP alerts | SNMP alerts are implemented using an SNMPv1 client. Community strings are passed in plaintext. |
BATV Bounce Address Tag Validation |
Untagging uses an unapproved low level digest API. |
| Unacceptable Images | Image Classification Content Manager uses an MD5 checksum to determine whether images are acceptable. |
| PMM Mobile | Uses an unsupported mode of AES encryption (ECB). |
| PDFs | Decryption of PDF documents uses MD5. |
| BATV secret key obfuscation | MD5 is used to obfuscate the BATV secret key. |
| Replication between Gateways | The task for replicating commands and data between multiple Secure Email Gateway validates using MD5 hashes. |
| Peer status monitor | The Peer status task checks for peer status changes using MD5 hashes. |
| TRUSTManager reputation check | Checks requests and responses from an SMTP client using MD5 hashes. |
| User Interface Certificate Management | Generates MD5 hashes for certificate A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked. users. |
| Downloading Missing Manager lists | The infrastructure task for downloading lists uses an MD5 hash to check for changes. |
| LDAP Address List Service | Uses MD5 to verify downloaded files. |
| TRUSTManager reputation uploader | Uses an MD5 hash to communicate with TRUSTManager server alongside uploaded file. |
| Upgrade Service | Calculates MD5 hashes for downloaded files, in order to compare them with patch control files. |
| Downloading Managed Lists | Calculates MD5 hashes for comparison of downloaded files. |
| Service Availability List downloader | Calculates MD5 hash for comparison of downloaded files. |