Retiring of a signature is done by Cisco when the signature is no longer needed (generally the vulnerability is fairly old, the majority of systems have been upgraded to newer versions, and the attack is rarely if ever being seen on the Internet anymore).
One of the main reason for doing this is that retired signatures will not use CPU cycles. Retiring a signature will force a recompilation of the cache to prevent the sensor from wasting resources on this signature. A disabled signature will use CPU cycles and memory but won’t fire; the signature is still a part of the compiled cache.. So we “retire” these signatures that are not needed anymore in order to improve sensor performance.
You can “unretire” signatures if you are still running those applications with the vulnerability being protected against. All signatures “retired” by Cisco will also be “disabled”. If a user chooses to “unretire” a signature, the user should also “enable” the signature.