background image
Security Policy, Version 1.0
December 3, 2012
Kaseya Virtual System Administrator Cryptographic Module
Page 4 of 21
© 2012 Kaseya US Sales, LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
1
Introduction
1.1 Purpose
This is a non-proprietary Cryptographic Module Security Policy for the Virtual System Administrator
Cryptographic Module from Kaseya US Sales, LLC.
This Security Policy describes how the Virtual
System Administrator Cryptographic Module meets the security requirements of FIPS (Federal Information
Processing Standards) 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was
prepared as part of the Level 1 FIPS 140-2 validation of the module.
FIPS 140-2 (Federal Information Processing Standards Publication 140-2 ­ Security Requirements for
Cryptographic Modules) details the U.S. and Canadian Government requirements for cryptographic
modules. More information about the FIPS 140-2 standard and validation program is available on the
Cryptographic Module Validation Program (CMVP) website, which is maintained by National Institute of
Standards and Technology (NIST) and Communication Security Establishment Canada (CSEC):
http://csrc.nist.gov/groups/STM/index.html.
The Virtual System Administrator Cryptographic Module (VSACM) is referred to in this document as the
Kaseya VSACM, crypto module, or the module.
1.2 References
This document deals only with operations and capabilities of the module in the technical terms of a FIPS
140-2 cryptographic module security policy.
More information is available on the module from the
following sources:
· The Kaseya website http://www.kaseya.com contains information on the full line of products from
Kaseya.
· The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/index.html) contains contact
information for answers to technical or sales-related questions for the module.
1.3 Document Organization
The Security Policy document is one document in a FIPS 140-2 Submission Package provided to the
Cryptographic Module Testing Laboratory. In addition to this document, the Submission Package contains:
· Vendor Evidence document
· Finite State Model
· Other supporting documentation as additional references
This Security Policy and the other validation submission documentation were produced by Corsec Security,
Inc. under contract to Kaseya. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2
Validation Documentation is proprietary to Kaseya and is releasable only under appropriate non-disclosure
agreements. For access to these documents, please contact Kaseya.