Fortress Secure Client Version 4.1.1 Security Policy Version 1.3 March 2009 Prepared by the Fortress Technologies, Inc., Government Technology Group 4023 Tampa Rd. Suite 2000. Oldsmar, FL 34677 Copyright © 2009 Fortress Technologies, Inc., 4023Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table of Contents 1.0 Introduction 1 2.0 References 1 3.0 Document Organization 1 4.0 Security Rules 2 4.1 Introduction 2 4.2 Cryptographic Module 2 4.3 Module Interfaces 3 4.4 Roles and Services 5 4.4.1 Crypto Officer Role Services 5 4.4.2 User Role Services 6 4.5 Cryptographic Key Management 8 4.6 Cryptographic Algorithms 15 4.7 Mitigation of Other Attacks 16 5.0 Secure Operation of the Fortress Secure Client 17 5.1 System Requirements 17 5.2 Installing the Module 17 5.3 Configuring Modes of Operation 17 5.4 Powering-Up and Operating the Module 19 5.5 Power-Up and Conditional Test 19 5.6 Identifying FIPS-Relevant Failures 24 5.7 Performing Zeroization 28 5.8 CAC Suport 28 6.0 Contacting Fortress 29 6.1 Installation 29 6.2 Support and Service 29 ii Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy List of Figures Figure 1: Cryptographic module components and interfaces ..............4 List of Tables Table 1: Crypto Officer Role services 5 Table 2: User Role services 7 Table 3: Keys and CSPs: Non-Protocol 8 Table 4: Fortress Technologies Approved PRNG's: Keys and CSPs: PRNG 9 Table 5: Fortress Technologies Non-Approved PRNG's: Keys and CSPs: PRNG 9 Table 6: Windows OS: Non-Approved PRNG's: Keys and CSPs: PRNG 9 Table 7: Keys and CSPs: MSP Static Key Exchange 10 Table 8: Keys and CSPs: MSP Dynamic Key Exchanges' 11 Table 9: Keys and CSPs: MSP Encrypted Unicast Traffic Data Exchange 12 Table 10: Keys and CSPs: MSP Group Key Exchange 13 Table 11: Keys and CSPs: MSP Encrypted Multicast/Broadcast Traffic Data Exchange 14 Table 12: Algorithms supported 15 Table 13: System requirements 17 Table 14: Power-Up Self Test 20 Table 15: Conditional Self Test 23 Table 16: FIPS-relevant audit records 25 Table 17: FIPS-relevant audit record error codes 26 iii Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy This page is intentionally blank iv Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 1.0 Introduction This is a non-proprietary Fortress Secure Client security policy. This security policy defines all security rules the Fortress Secure Client version 4.1.1 (also referred to throughout the Security Policy as "Module") must operate under and enforce. The Module complies with all FIPS 140-2 level 1 requirements. 2.0 References · Secure Client 4.1 User Guide · Fortress FC-X (X=250, 500 or 1000) · Fortress Gateway User Guide for the AirFortress 7500 or 2100. · Fortress MAPS User Guide · Fortress ES-520 User Guide · Compatible Radius vendors' User Guides o See Fortress Secure Client User Guide for compatible Radius vendors · Compatible Smart Card vendors' User Guides o See Fortress Secure Client User Guide for compatible Smart Card vendors 3.0 Document Organization This document is the FIPS 140-2 Security Policy is for the Fortress Secure Client version 4.1.1. Section 1.0 is a brief introduction of the module. Section 2 will call out the references needed to understand the module. Section 3.0 (this section) will summarize the document organization. Section 4.0 will describe the security rules under which this cryptographic module will operate. This includes a definition of the Module, its components, roles and services, key management and algorithms. Section 5.0 will detail the secure operation of the Module. And finally Section 6.0 will explain installation issues and how to contact Fortress if necessary. 1 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 4.0 Security Rules 4.1 Introduction The Fortress Secure Client is a cryptographic software application that operates as a multi-chip standalone cryptographic module. The cryptographic boundary of the module is the applicable drivers and compiled application executable. The physical boundary is the hardware platform, such as a typical PC, on which the module is installed. The module identifies network devices and encrypts and decrypts traffic transmitted to and from those devices. The module operates as an electronic encryption application designed to prevent unauthorized access to data transferred across a wireless network. The module encrypts and decrypts traffic transmitted over the network to protect data passing to and from the module on the wireless network. The module operates at the datalink layer of the OSI model, and is installed as an application and intermediate driver; the cryptographic processing is implemented without human intervention to prevent any chance of human error. 4.2 Cryptographic Module The module provides datalink layer (OSI Layer 2) security. To accomplish this, it was designed with the features described in the following sections. The following security design concepts guide the development of the module: 1. Use strong, proven encryption solutions such as; Triple-DES and AES. 2. Protects data at or below the level of the vulnerable TCP/IP layer 3 IP information. 3. Minimize the human intervention used to configure the module to implement secure connections. This will help to prevent human error and to ease the use and management of the module. 4. Secure all points where a LAN, WLAN, or WAN can be accessed by using a unique company Access ID, defined by the customer, to identify authorized devices as belonging to the protected wireless network The Mobile Security Protocol (MSP) architecture of the cryptographic engine ensures that cryptographic processing is secure on a wireless network and automates most security operations to prevent any chance of human error. Because MSP operates at the datalink layer, header information is less likely to be intercepted. In addition to applying standard strong encryption algorithms, MSP also compresses data, disguising the length of the data to prevent 2 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy analytical attacks and yielding a significant performance gain on network throughput. The module requires no special configuration to operate once correctly installed. Cryptographic Officers are, however, encouraged to change certain security settings, such as the Access ID for the device, to ensure that each customer has unique parameters that must be met for access. The module allows role-based access to user interfaces for access to the appropriate set of management and status monitoring tools. 4.3 Module Interfaces The module provides logical interfaces for input and output; it does not support separate ports for cryptographic key management or data authentication. Inbound and outbound traffic is received through the communication port of the hardware device on which the Client is installed. The information is processed by the driver then sent to the packet capture component, which identifies packets as incoming or outgoing and encrypts or decrypts the packets accordingly. This interface interacts with third-party applications installed on the computer that receives packets and with the device communication port (NIC, RJ-45 port, serial port, or other option). The module uses logical controls to handle the information flow of communication, which passes all communication into and out of the module. When in FIPS Mode, data is transmitted to the network as ciphertext, unless a trusted device or feature requiring clear text is configured. The module does not allow plaintext transmission of cryptographic keys, or critical security parameters across a LAN or WLAN. The module does not require physically separate entry and exit ports. The device communications port serves as both a data entry and exit port for secured network communications, as the data streams are bi-directional and conform to the real-time information exchange over the network. Figure 1 shows the cryptographic boundary for the module. The boundary will include FIPS relevant modules and non-FIPS relevant modules including Windows modules.1 1 The following modules are excluded from the cryptographic boundary: FTIGINA2.DLL, FSNOTIFY.DLL, FTISERVICE.EXE, MSPYMINI.SYS and FSVPNDRVR.SYS plus all Windows components. 3 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Figure 1: Cryptographic module components and interfaces 4 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 4.4 Roles and Services There are no unauthenticated services. There is a Crypto Officer role and a User role. 4.4.1 Crypto Officer Role Services Crypto Officers are authenticated by the operating system, not by the module. The Crypto Officer is the Windows Administrator. The module checks to see that the user is the Windows Administrator before allowing access to the sections of the Graphically User Interface (GUI) that configure the cryptographic module. In general the Crypto Officer can configure profiles, endpoints and other options. Crypto Officer Services are shown in Table 1. Table 1: Crypto Officer Role services Service Description Input Output Key/CSP Perform Power-up Initiates the power-up None Status of command None Self-tests self-tests of the module, which are run when the GPC is powered-on Global settings Update information Commands and Status of commands None update2 that is used in configuration data and configuration presentation of the data GUI Profiles update3 Update End Point Commands and Status of commands None connection configuration data and configuration information. data Endpoints update4 Update End Point Commands and Status of commands Access ID (write) connection configuration data and configuration organization data information and End Point power-up 5 connection state 2 Secure Client Interfaces to update Global settings include saving the Profile that should be loaded on power-up, the last Profile ID created, the last End Point ID created, the Device ID to be used for all Endpoints, as well as the interfaces described in section "Secure Client Options" of the Secure Client User Guide. 3 Secure Client Interfaces to configure Profiles can be found in section "Profiles" of the Secure Client User Guide. 4 Secure Client Interfaces to configure Endpoints can be found in section "Endpoints" of the Secure Client User Guide. 5 May contain 0 or 1 MSP Endpoints, or 0, 1, or 2 rMSP Endpoints. 5 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 4.4.2 User Role Services Users are authenticated by the use of the Access ID. Both sides must have the same Access ID in order for a secure connection to be made. The Access ID can only be configured by the Crypto Officer. The User can pick a profile, perform diagnostics or can exit the FIPS mode by turning off all encryption. User Services included are shown in Table 2. 6 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 2: User Role services Service Description Input Output Key/CSP Fortress (non- Prompts operator for Fortress Fortress User Status of None module) User User Authentication Authentication commands Authentication6 information according to Credentials Gateway MSP configuration. Select Profile7 Set Crypto Officer-configured Commands Status of None Profile to use commands Establish MSP Initiate MSP connection Commands, Static Status of The following keys/CSPs are connection8 (perform initial key exchanges Key Exchange commands and used/generated as a result of at OSI layer 2) parameters, MSP connection executing this service: Dynamic Key information, MSP Exchange outputs and data Access ID, Device ID, Hardkey, parameters, MSP DH Static public and private inputs and data keys, Static Secret Encryption Key, DH Dynamic public and private keys, Dynamic Secret Encryption Key Establish rMSP Initiate rMSP connection Commands, Static Status of The following keys/CSPs are connection9 (perform initial key exchanges Key Exchange commands and used/generated as a result of at OSI layer 3) parameters, MSP and rMSP executing this service: Dynamic Key connection Exchange information, MSP Access ID, Device ID, Hardkey, parameters, MSP and rMSP outputs DH Static public and private and rMSP inputs and data keys, Static Secret Encryption and data Key, DH Dynamic public and private keys, Dynamic Secret Encryption Key Winsock API Perform re-key exchanges at Refresh Dynamic MSP outputs and The following keys/CSPs are (indirect OSI layer 2, and encrypt and Key Exchange data used/generated as a result of interface to decrypt packets at layer 2. parameters, executing this service: MSP) Encrypted Data Exchange Static Secret Encryption Key, parameters, MSP DH Dynamic public and private inputs and data keys, Dynamic Secret Encryption Key Winsock API Perform re-key exchanges at Refresh Dynamic MSP and rMSP The following keys/CSPs are (indirect OSI layer 3, and encrypt and Key Exchange outputs and data used/generated as a result of interface to decrypt packets at layer 2. parameters, executing this service: rMSP) Encrypted Data Exchange Static Secret Encryption Key, parameters, MSP DH Dynamic public and private and rMSP inputs keys, Dynamic Secret and data Encryption Key Secure Client View connection information Commands Status of None Monitoring10 and perform diagnostic tests. commands and MSP and rMSP connection information 6 If the module's Fortress GINA (Graphical Identification and Authentication library which is a component of the Microsoft Windows operating systems that provides secure authentication and interactive logon services) component has been installed, a pass-thru GINA works together with the Windows logon dialogs to authenticate Users to Gateways (not the module). If the module's Fortress GINA component has not been installed, the module displays only its own dialogs to authenticate Users to Gateways (not the module). 7 Secure Client Interfaces to change profiles can be found in section "Switching Profiles" of the Secure Client User Guide. 8 Secure Client Interfaces to initiate MSP connections can be found in section "Connecting to Secure Networks" of the Secure Client User Guide. 9 Secure Client Interfaces to initiate rMSP connections can also be found in section "Connecting to Secure Networks" of the Secure Client User Guide. 10 Secure Client Interfaces to view MSP and rMSP connection information can be found in section "Monitoring the Secure Client Driver" of the Secure Client User Guide. 7 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 4.5 Cryptographic Key Management There are keys and CSPs that are not associated with any protocols. There are also keys and CSPs associated with the Fortress Secure Client's PRNG and MSP protocol. Client keys and CSPs are identified and described in the tables below. Table 3: Keys and CSPs: Non-Protocol Key/CSP Type Generation/ Output Storage Zeroization Use Input Access ID 16- or 32 hex Input plaintext Not output Plaintext on Not actively Used as input character (using GUI)11 disk zeroized by to derive the string (only the module. Hardkey use 32 (a.k.a. characters in Formatting of Module FIPS mode) HD is method Secret Key). for zeroization Device ID 32 hex Not input Not output Plaintext on Not actively The Device character (generated using disk zeroized by ID (along with string PRNG during the module. the MAC module address) are installation) Formatting of used to HD is method identify the for zeroization module (but not the operator) to controllers as part of the MSP protocol. Machine HMAC key Not input Not output Plaintext on Not actively Used as Hardkey (derived using disk zeroized by HMAC key to the Fortress- the module. compute the proprietary non- HMAC-SHA- FIPS hardkey Formatting of 256-based generation HD is method software method) for zeroization integrity value used in the power-up self-test 11 It is recommended that the Access ID be a randomly generated value to increase security, since this would reduce the risk of repeating patterns being used for different Access IDs. 8 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 4: Fortress Technologies Approved PRNG's: Keys and CSPs: PRNG Fortress Technologies Approved PRNG's Algorithm Type Seed Uses 12 X9.31 Triple- Fortuna Generation of Diffie-Hellman components DES 2 Key X9.31 Triple- NFRandom13 Used as an event source for Fortuna. DES 2 Key Table 5: Fortress Technologies Non-Approved PRNG's: Keys and CSPs: PRNG Fortress Technologies Non-Approved PRNG's Algorithm Type Seed Uses NFRandom 32 bit Time Inside Fortuna to pick a pool and to seed the X9.31 that is used as an event source for Fortuna. Fortuna 32 bit OS PRNG and Used to seed the X9.31 when it is used for X9.31 building keys. Table 6: Windows OS: Non-Approved PRNG's: Keys and CSPs: PRNG Window Operating System Non-Approved PRNG's Algorithm Type Uses FIPS.SYS 64 bit Used as an event source for Fortuna on Windows 2000 and Windows XP Crypto API 64 bit Used as an event source for Fortuna on Windows Vista 12 Fortuna is an implementation of a cryptographically secure pseudorandom number generator (PRNG) devised by Bruce Schneier and Niels Ferguson named the Fortuna after the Roman goddess of chance. From Practical Cryptography (ISBN: 0-471-22357-3) 13 NFRandom is the "minimal standard random" routine by Stephen K. Park and Keith W. Miller, in "Random number generators: good ones are hard to find", in the Oct 1988 CACM (v.31, no.10). 9 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 7: Keys and CSPs: MSP Static Key Exchange Key/CSP Type Generation/ Output Storage Zeroization Use Input Hardkey AES CBC (e/d; Not input Not output Plaintext Not actively Used to support (a.k.a. 128, 192, 256) (derived from the in RAM zeroized by the correct Module Access ID using the module. operation of the Secret Key Triple-DES the Fortress- first key exchange TCBC (e/d; KO proprietary non- Passively (called the Static 2) FIPS hardkey zeroized when Key Exchange) of generation power cycles. the MSP protocol. However, it is method) considered a CSP and not a Not generated key. using an Approved method. Static key DH (512, 768, Not input Not output Plaintext Zeroized when Used as part of exchange ­ 1024, 1536, (generated using in RAM a new the first key DH Static 2048) private PRNG) MSP/rMSP exchange (called private key key policy the Static Key (configuration) Exchange) of the DH ECC (256, is loaded. MSP protocol to 384) private key establish the Also zeroized Static Secret when power Encryption Key. cycles. Static key DH (512, 768, Not input. Output Plaintext Zeroized when Used as part of exchange ­ 1024, 1536, The value is plaintext in RAM a new the first key DH Static 2048) private calculated from (during the MSP/rMSP exchange (called public key key the private key first key policy the Static Key value using the exchange (configuration) Exchange) of the DH ECC (256, DH equation. (called the is loaded. MSP protocol to 384) private key Static Key establish the Exchange) Also zeroized Static Secret of the MSP when power Encryption Key. protocol) cycles. Static key AES CBC (e/d; Not input. Not output Plaintext Zeroized when Used to encrypt exchange ­ 128, 192, 256) Derived using in RAM a new the second key Static Secret the result of an MSP/rMSP exchange (called Encryption Triple-DES SP800-56A KDF policy the Dynamic Key Key TCBC (e/d; KO based on the DH (configuration) Exchange) and 2) shared secret is loaded. subsequent key exchanges (called Also zeroized Refresh Dynamic when power Key Exchanges) cycles. of the MSP protocol. 10 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 8: Keys and CSPs: MSP Dynamic Key Exchanges' Key/CSP Type Generation/ Output Storage Zeroization Use Input Static key See table 7. See table 7. See table 7. See table 7. See table 7. See table 7. exchange ­ Static Secret Encryption Key Dynamic key DH (512, Not input Not output Plaintext in Zeroized when a Used during exchange ­ 768, 1024, (generated RAM new MSP/rMSP the second key DH Dynamic 1536, 2048) using PRNG) policy exchange private key private key (configuration) is (called the loaded. Dynamic Key DH ECC Exchange, or (256, 384) Also zeroized when Refresh private key a Refresh Dynamic Dynamic Key Key Exchange Exchange) of occurs the MSP protocol to Also zeroized when establish the power cycles. Dynamic Secret Encryption Key. Dynamic key DH (512, Not input. Output Plaintext in Zeroized when a Used during exchange ­ 768, 1024, The value is encrypted RAM new MSP/rMSP the second key DH Dynamic 1536, 2048) calculated (using the policy exchange public key private key from the Static Secret (configuration) is (called the private key Encryption loaded. Dynamic Key DH ECC value using Key during Exchange, or (256, 384) the DH the second Also zeroized when Refresh private key equation. key a Refresh Dynamic Dynamic Key exchange Key Exchange Exchange) of (called the occurs the MSP Dynamic Key protocol to Exchange) of Also zeroized when establish the the MSP power cycles. Dynamic protocol) Secret Encryption Key. Dynamic key AES CBC Not input. Not output Plaintext in Zeroized when a Used to exchange ­ (e/d; 128, Derived using RAM new MSP/rMSP encrypt/decrypt Dynamic 192, 256) the result of an policy unicast traffic Secret SP800-56A (configuration) is at layer 2 Encryption Triple-DES KDF based on loaded. during the Key TCBC (e/d; the DH shared protected data KO 2) secret Also zeroized when exchange power cycles. (called the Encrypted Data Exchange) of the MSP protocol. 11 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 9: Keys and CSPs: MSP Encrypted Unicast Traffic Data Exchange Key/CSP Type Generation/ Output Storage Zeroization Use Input Dynamic key See table 8. See table 8. See table 8. See table 8. See table 8. See table 8. exchange ­ Dynamic Secret Encryption Key 12 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 10: Keys and CSPs: MSP Group Key Exchange Key/CSP Type Generation/ Output Storage Zeroization Use Input Group Static AES CBC Not input (derived Not output Plaintext Not actively Used to support the Common Key (e/d; 128, 192, from the Access ID in RAM zeroized by correct operation of 256) using the Fortress- the module. sending/receiving proprietary non- multicast/broadcast Triple-DES FIPS hardkey Power cycling traffic as part of the TCBC (e/d; generation method) is method for MSP protocol. KO 2) zeroization. However, it is considered a CSP and not a key. Group DH (512, 768, Not input Not output Plaintext Not actively Used during the Dynamic 1024, 1536, (generated using in RAM zeroized by Group Key Exchange Private Key 2048) private PRNG) the module. of the MSP protocol key to establish the Group However, PRNG is Power cycling Dynamic Common DH ECC (256, seeded using the is method for Key. 384) private Access ID, not the zeroization. key RNG. Group DH (512, 768, Not input Output Plaintext Not actively Used during the Dynamic 1024, 1536, The value is plaintext in RAM zeroized by Group Key Exchange Public Key 2048) private calculated from the (during the the module. of the MSP protocol key private key value Group Key to establish the Group using the DH Exchange Power cycling Dynamic Common DH ECC (256, equation. of the MSP is method for Key. 384) private protocol) zeroization. key Group AES CBC Not input Not output Plaintext Zeroized Used to Dynamic (e/d; 128, 192, in RAM when a new encrypt/decrypt Common Key 256) Derived using the MSP/rMSP multicast/broadcast result of an SP800- policy traffic at layer 2 after Triple-DES 56A KDF based on (configuration) the module TCBC (e/d; the DH shared is loaded. determines it has the KO 2) secret correct Group Also zeroized Dynamic Public Key. when power cycles. 13 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 11: Keys and CSPs: MSP Encrypted Multicast/Broadcast Traffic Data Exchange Key/CSP Type Generation/ Output Storage Zeroization Use Input Group Static See MSP See table 10. See table 10. See table 10. See table 10. See table 10. Common Key Group Key Exchange Keys and CSPs description Group See MSP See table 10. See table 10. See table 10. See table 10. See table 10. Dynamic Group Key Common Key Exchange Keys and CSPs description 14 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 4.6 Cryptographic Algorithms The Client implements the following cryptographic algorithms: Table 12: Algorithms supported Algorithm Supported Certificate Number FIPS Approved? Allowed in FIPS mode? AES CBC(e/d; 975 Yes Yes 128,192,256) HMAC-SHA-1 Key Size 547 Yes Yes Ranges Tested: KS=BS HMAC-SHA-256 Key Size 547 Yes Yes Ranges Tested: KS=BS HMAC-SHA-384 Key Size 547 Yes Yes Ranges Tested: KS=BS HMAC-SHA-512 Key Size 547 Yes Yes Ranges Tested: KS=BS ANSI X9.31 Triple-DES- 552 Yes Yes 2Key SHA-1 BYTE-only 944 Yes Yes SHA-256 BYTE-only 944 Yes Yes SHA-384 BYTE-only 944 Yes Yes SHA-512 BYTE-only 944 Yes Yes Triple-DES TCBC(e/d; KO 768 Yes Yes 2) and ECB(e/d; KO 2) DES N/A No No Diffie-Hellman (key N/A No Yes agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) EC Diffie-Hellman (key N/A No Yes agreement; key establishment methodology provides 128 or 192 bits of encryption strength) MD5 N/A No No RSA (non-compliant) N/A No No 15 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 4.7 Mitigation of Other Attacks The Fortress Secure Client is designed to mitigate several specific attacks: Man-in-the-middle (before encrypted data exchanges are performed) MSP (and rMSP by virtue of its encapsulation of MSP messages) performs two separate Diffie-Hellman key exchanges by default, providing defense against man-in-the-middle attacks. Diffie-Hellman key exchanges are performed before the module begins encrypting/decrypting packets. Man-in-the-middle (after encrypted data exchanges have been performed) MSP (and rMSP by virtue of its encapsulation of MSP messages) performs additional Diffie-Hellman key exchanges at Crypto Officer- configured intervals and at Controller-configured intervals, providing further defense against man-in-the-middle attacks. Diffie-Hellman key exchanges are performed after a MSP (or rMSP) connection has been established, after the module has been encrypting/decrypting packets, when either the module initiates a Diffie-Hellman key exchange at a configured interval, or when the Controller does the same. Denial-of-service MSP (and rMSP by virtue of its encapsulation of MSP messages) encrypts packet IP headers by default (the IP address in the rMSP UDP message is of the rMSP endpoint), providing a defense against denial of service attacks. IP headers are encrypted before the module sends the packets. Network eavesdropping MSP (and rMSP by virtue of its encapsulation of MSP messages) encrypts packets at the data link layer (OSI layer 2), providing defense against network eavesdropping. Packets are encrypted at layer 2 inside MSP messages before the module sends the packets. 16 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 5.0 Secure Operation of the Fortress Secure Client 5.1 System Requirements The Client must be installed and configured on an allowed Windows operating system. Windows must be configured to operate in Single- User Mode. System requirements are listed in the table below. Table 13: System requirements Component Version Windows operating system versions that Windows 2000 Professional SP 4 testing was performed on Windows XP Professional SP 2 Windows 2003 Server SP2 Windows Vista Ultimate Edition (32-bit) Fortress Secure Clients (in peer-to-peer Fortress Secure Clients version 4.1.1 configuration) Fortress Gateway See the FC-X (shown below) or other Fortress gateway users guide for information about compatible Fortress Secure Client versions. Module Maximum Configuration Active Devices FC-250 500 FC-500 1000 FC-1500 3300 Fortress Management Access Controller See the MAPS User Guide for information (MAPS) about compatible Fortress Secure Client versions. Fortress Bridge See the ES-520 user's guide for information about compatible Fortress Secure Client versions. RADIUS servers (in EAP configurations) See Fortress Secure Client User Guide for compatible vendors Smart cards See Fortress Secure Client User Guide for compatible vendors 5.2 Installing the Module The module should be installed according to installation section of the Fortress Secure Client User Guide. 5.3 Configuring Modes of Operation The module supports several modes of operation, including Approved modes of operation for which only Approved algorithms shall be used/selected. There is a status output indicator on the "Status" tab called "FIPS mode" of the Fortress Secure Client GUI that indicates whether or not the Client is operating in an Approved mode. Additional modes of operation, including bypass modes, can be determined by 17 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy any operator of the module using additional tabs of the GUI to examine Client settings. The following are the modes of operation that the Fortress Secure Client supports: · Mode 1. MSP/rMSP Approved encrypting mode: o Both LAN and/or WLAN traffic is encrypted using Approved algorithms and settings described below. o No 802.1X traffic is allowed. o No trusted devices have been configured. · Mode 2. Exclusive bypass mode: o Neither LAN nor WLAN traffic is encrypted. · Mode 3. Alternating bypass mode: o LAN traffic is encrypted using Approved algorithms and settings described below but WLAN traffic is not (or vice versa), and/or o 802.1x traffic and/or trusted devices have been configured. The Approved modes of operation consist of allowed combinations of module configuration settings as follows: Mode 1. MSP/rMSP Approved encrypting mode configuration requirements: · On the "Endpoints" tab, the "All cards" option is set on the "Basic options" subtab. · On the "Endpoints" tab, neither "Trusted device IP addresses" nor "802.1x traffic" options are set on the "Advanced options" subtab. The "FIPS mode" indicator on the "Status" tab will read FIPS "Enabled" and the "All cards" option is set on the "Basic options" tab when the Client is operating in Mode 1 Mode 2. Exclusive bypass mode configuration configuration requirements: · On the "Status" tab, the "No Encryption" profile is selected. The "FIPS mode" indicator on the "Status" tab will read "Bypass" and the "Current profile" indicator on the "Status" tab will read "No Encryption" when the Client is operating in Mode 2. 18 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Mode 3. Alternating bypass mode configuration requirements: · On the "Endpoints" tab, the "All cards" option is not set on the "Basic options" subtab and there is both a LAN and WLAN card installed and/or · On the "Endpoints" tab, either "Trusted device IP addresses" or "802.1x traffic" options are set on the "Advanced options" subtab The "FIPS mode" indicator on the "Status" tab will read "Bypass" when the Client is operating in Mode 3. 5.4 Powering-Up and Operating the Module The Client operates at the datalink layer of the OSI model, and is installed as an application and intermediate driver; the cryptographic processing is implemented without human intervention to prevent any chance of human error. See the Fortress User Guide for information about how to perform module services in general. 5.5 Power-Up and Conditional Test The following tables will detail each of the self tests that is run by the Secure Client. 19 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 14: Power-Up Self Test Power-Up Self Test Description Error Conditions Conditions to Exit Tests File Integrity Self During installation the packet If the test fails the network Log in as Windows Tests driver binary, "fsvpndrvr.sys interfaces are forced into a administrator and clear FIPS is loaded into memory and a blocked state and a error error by clicking Reset FIPS SHA-256 Hmac is done using message is written to the button. The "Reset FIPS state" the Machine Hard Key. The Windows log and is button appears beneath the resulting value is stored in displayed as an error in the error message on the "Status" the configuration database. Client GUI. tab for Cryptographic Officer Then when the Fortress only (only the error message Secure Client packet driver is is displayed for Users).then loaded after powerup, the reboot device. If device binary is again loaded into passes all FIPS test the memory and another SHA-1 module will operate normally. hmac is taken using the Machine Hard Key. If the If the Crypto Officer want to results don't match, the test rerun the Power On Self Test fails and the error description he can click the "Reset FIPS is logged in the Windows state" button or the User must Event Log and is displayed reboots the secure client as an error in the Client GUI. Triple-DES Self Test A known input is injected into If the test fails the network Log in as Windows the Triple-DES engines and interfaces are forced into a administrator and clear FIPS results are checked against a blocked state and an audit error by clicking Reset FIPS known answer. If the results record is generated. button. The "Reset FIPS state" don't match the known button appears beneath the answers, the test fails and error message on the "Status" the error description is tab for Cryptographic Officer logged in the Windows Event only (only the error message Log and is displayed as an is displayed for Users).then error in the Client GUI. reboot device. If device passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client AES (256 bit key) A known input is injected into If the test fails the network Log in as Windows CBC Self Test the AES engines and results interfaces are forced into a administrator and clear FIPS are checked against a known blocked state. error by clicking Reset FIPS answers. If the results don't button. The "Reset FIPS state" match the known answers, button appears beneath the the test fails and the error error message on the "Status" description is logged in the tab for Cryptographic Officer Windows Event Log and is only (only the error message displayed as an error in the is displayed for Users).then Client GUI. reboot device. If device passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client HMAC-MD5 Self A known input is injected into If the test fails the network Log in as Windows Test the HMAC-MD5 engines and interfaces are forced into a administrator and clear FIPS results are checked against a blocked state. error by clicking Reset FIPS known answers. If the button. The "Reset FIPS state" results don't match the button appears beneath the known answers, the test fails error message on the "Status" and the error description is tab for Cryptographic Officer logged in the Windows Event only (only the error message Log and is displayed as an is displayed for Users).then error in the Client GUI. reboot device. If device 20 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Power-Up Self Test Description Error Conditions Conditions to Exit Tests passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client HMAC-SHA-1 Self A known input is injected into If the test fails the network Log in as Windows Test the HMAC-SHA-1 engines interfaces are forced into a administrator and clear FIPS and results are checked blocked state. The module error by clicking Reset FIPS against a known answers. If needs to be uninstalled button. The "Reset FIPS state" the results don't match the and then reinstalled before button appears beneath the known answers, the test fails the network is serviceable error message on the "Status" and the error description is again. tab for Cryptographic Officer logged in the Windows Event only (only the error message Log and is displayed as an is displayed for Users).then error in the Client GUI. reboot device. If device passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client HMAC-SHA-256 Self A known input is injected into If the test fails the network Log in as Windows Test the HMAC-SHA-256 engines interfaces are forced into a administrator and clear FIPS and results are checked blocked state. The module error by clicking Reset FIPS against a known answers. If needs to be uninstalled button. The "Reset FIPS state" the results don't match the and then reinstalled before button appears beneath the known answers, the test fails the network is serviceable error message on the "Status" and the error description is again. tab for Cryptographic Officer logged in the Windows Event only (only the error message Log and is displayed as an is displayed for Users).then error in the Client GUI. reboot device. If device passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client HMAC-SHA-384 Self A known input is injected into If the test fails the network Log in as Windows Test the HMAC-SHA-384 engines interfaces are forced into a administrator and clear FIPS and results are checked blocked state. The module error by clicking Reset FIPS against a known answers. If needs to be uninstalled button. The "Reset FIPS state" the results don't match the and then reinstalled before button appears beneath the known answers, the test fails the network is serviceable error message on the "Status" and the error description is again. tab for Cryptographic Officer logged in the Windows Event only (only the error message Log. is displayed for Users).then reboot device. If device passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client HMAC-SHA-512 Self A known input is injected into If the test fails the network Log in as Windows Test the HMAC-SHA-512 engines interfaces are forced into a administrator and clear FIPS and results are checked blocked state. The module error by clicking Reset FIPS against a known answers. If needs to be uninstalled button. The "Reset FIPS state" the results don't match the and then reinstalled before button appears beneath the known answers, the test fails the network is serviceable error message on the "Status" 21 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Power-Up Self Test Description Error Conditions Conditions to Exit Tests and the error description is again. tab for Cryptographic Officer logged in the Windows Event only (only the error message Log. is displayed for Users).then reboot device. If device passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client FIPS Non- This checks to see if the If a number read from the Log in as Windows Deterministic CPRNGT generate the same CPRGT is the same as the administrator and clear FIPS CPRNGT random number in two last number read it's an error by clicking Reset FIPS (Test of the entropy consecutive numbers error button. The "Reset FIPS state" engine) generated. button appears beneath the error message on the "Status" tab for Cryptographic Officer only (only the error message is displayed for Users).then reboot device. If device passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client FIPS Deterministic A known answer test is Random number does not Log in as Windows X9.31 PRNG performed a random number match known answer the administrator and clear FIPS received for a known seed test fails. error by clicking Reset FIPS are compared button. The "Reset FIPS state" button appears beneath the error message on the "Status" tab for Cryptographic Officer only (only the error message is displayed for Users).then reboot device. If device passes all FIPS test the module will operate normally. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client 22 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 15: Conditional Self Test Conditional Self Test Description Error Conditions Conditions to Exit Test Deterministic CRNGT The test will checks the first 8- If the test fails the network Log in as Windows byte block of every new random interfaces are forced into a administrator and clear FIPS (Entropy Engine) blocked state and a error error by clicking Reset FIPS number with the old one. message is written to the button. The "Reset FIPS state" Windows log and is button appears beneath the displayed as an error in the error message on the "Status" Client GUI. tab for Cryptographic Officer only (only the error message Note: A failure of this test is displayed for Users).then does not necessary mean reboot device. If device a problem. It's statistically passes all FIPS test the possible for the same module will operate normally. random number to be generated. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client Non-deterministic The module the X9.31 PRNG If the test fails the network Log in as Windows CRNGT X9.31 PRNG routine within FIPS.SYS. The interfaces are forced into a administrator and clear FIPS blocked state and a error error by clicking Reset FIPS test will checks the first 8-byte message is written to the button. The "Reset FIPS state" block of every new random Windows log and is button appears beneath the number with the old one. displayed as an error in the error message on the "Status" Client GUI. tab for Cryptographic Officer only (only the error message Note: A failure of this test is displayed for Users).then does not necessary mean reboot device. If device a problem. It's statistically passes all FIPS test the possible for the same module will operate normally. random number to be generated. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client Bypass Test that checks A HMAC hash is taken using If the test fails the network Log in as Windows the integrity of the the HMAC key of the interfaces are forced into a administrator and clear FIPS configuration file before a blocked state and a error error by clicking Reset FIPS current configuration configuration changed is message is written to the button. The "Reset FIPS state" before loading a new made, this is compared to Windows log and is button appears beneath the one the previously save hash. I f displayed as an error in the error message on the "Status" they equal everything is OK Client GUI. tab for Cryptographic Officer the new hash is saved in only (only the error message place of the old hash and the is displayed for Users).then configuration change is reboot device. If device allowed to happen. If they passes all FIPS test the don't equal a FIPS error module will operate normally. occurs. If the Crypto Officer want to rerun the Power On Self Test he can click the "Reset FIPS state" button or the User must reboots the secure client Bypass Test that The test sequences are listed If the test fails the network Log in as Windows performs a test here as required by FIPS. interfaces are forced into a administrator and clear FIPS The main purpose of this blocked state and a error error by clicking Reset FIPS encrypt/decrypt when a testing is: message is written to the button. The "Reset FIPS state" new configuration is Windows log and is button appears beneath the loaded · to make sure that displayed as an error in the error message on the "Status" under certain Client GUI. tab for Cryptographic Officer precise only (only the error message circumstances is displayed for Users).then 23 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Conditional Self Test Description Error Conditions Conditions to Exit Test specific clear text reboot device. If device packets would be passes all FIPS test the allowed to pass module will operate normally. through or around the crypto engine If the Crypto Officer want to to their specified rerun the Power On Self Test destinations he can click the "Reset FIPS · while other, state" button or the User must encrypted packets reboots the secure client would not. The BPM test sequences are: 1. Add a fictitious partner to the existing database. 2.Bring that partner to "MSP or rMSP state" 3. Create bogus packet destined for the fictitious partner. 4. Verify that the packet gets sent out encrypted to that partner. 5. Remove that partner from the database. 6. Make sure that the packets go out clear. 5.6 Identifying FIPS-Relevant Failures When a FIPS-relevant error occurs, the Fortress Secure Client (a.k.a. the "module") either generates an audit record (a.k.a. an "event message") and sends it to the operating system audit trail for storage and operator (both User and Crypto Officer) review or outputs an error message to the "Status" tab, or both. When the module generates audit records related to power-up self- tests (both software integrity self-test and cryptographic algorithm known-answer self-tests) and conditional self-tests and sends them to the Windows Event Log. The module sends event messages to the Windows application log specifically. The application log contains events logged by the Fortress Secure Client application in general (i.e. it includes both FIPS-relevant messages and non-FIPS-relevant messages). The FIPS-relevant errors include as shown Table 11: Audit Logs. 24 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 16: FIPS-relevant audit records Event Source Type Event Description ID 0xe100 FTIDrv Informational FIPS Message %114 0xe101 FTIDrv Error FIPS Error %1 0xe102 FTIDrv Warning FIPS: Conditional X9.31 Self-test: Failed continuous random number generator test, regenerating a new number. 0xe103 FTIDrv Warning FIPS: Conditional X9.31 Self-test: failed seed test, regenerating the seed. 0xe104 FTIDrv Error FIPS: Conditional Entropy Self-test: Failed continuous random number generator test. 0xe105 FTIDrv Error FIPS: Conditional TRNG Self-test: Failed continuous random number generator test. 0xe106 FTIDrv Error FIPS Conditional db self-test failed 0xe107 FTIDrv Error FIPS Conditional bypass self-test failed 0xe108 FTIDrv Informational FIPS Conditional bypass self-test success 0xe109 FTIDrv Error FIPS Power up self-test FAILED Encryption Engine Test: Encountered fatal error. 0xe10a FTIDrv Error FIPS Power up self-test FAILED Hash Engine Test: Encountered fatal error. 0xe10b FTIDrv Error FIPS Power up self-test FAILED PRNG Test: Encountered fatal error. 0xe10c FTIDrv Error FIPS Power up self-test FAILED entropy Test: Encountered fatal error. 0xe10d FTIDrv Error FIPS Power up self-test FAILED KeyAgreement Test: Encountered fatal error. 0xe10e FTIDrv Error Error generating hash during FIPS file integrity test for file %1. 0xe10f FTIDrv Error FIPS File Integrity Test failed for file %1 0xe110 FTIDrv Informational FIPS File Integrity Test success for file %1 0xe111 FTIDrv Error FIPS Power up self-test FAILED File Integrity Test. 0xe112 FTIDrv Error FIPS Power up self-test FAILED. 0xe113 FTIDrv Informational FIPS Power up self-test success. 0xe114 FTIDrv Informational FIPS Power up Self-tests completed. 14 This is the error code as shown in the next table. 25 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy Table 17: FIPS-relevant audit record error codes Error Code Event Description (hex)Note 0x30f000000 FIPS_GENERAL 0x30f000001 FIPS_ENGINE_NOT_FOUND 0x30f000002 FIPS_FAILED_ENTROPY_MATERIAL 0x30f000003 FIPS_FILE_INTEGRITY_TEST 0x30f000004 FIPS_stub2 0x30f000005 FIPS_TOO_SMALL 0x30f000006 FIPS_RESOURCE_ERROR 0x30f000007 FIPS_SEEDING_ERROR 0x30f000008 FIPS_FAILED_SEED_TEST 0x30f000009 PRNG_NOT_SEEDED 0x30f0000f1 SELFTEST_KEY_AGREEMENT 0x30f0000f2 SELFTEST_HMAC 0x30f0000f3 SELFTEST_HASH 0x30f0000f4 SELFTEST_ENCRYPTION 0x30f0000f5 SELFTEST_X931PRNG 0x30f0000f6 SELFTEST_SEEDMGR 0x30f0000f9 SELFTEST_BYPASS 0x30f0000fA SELFTEST_DH_KEY 0x30f0000fB SELFTEST_ENTROPY 0x30f0000fC SELFTEST_UNIQUESERIALNO 0x30f0000fD SELFTEST_MIC 0x30f0000fE SELFTEST_X931_CONDITIONAL 0x30f0000ff SELFTEST_TRNG_CONDITIONAL Operators (both User and Crypto Officer) can view event messages generated by the module using the Windows Event Viewer as follows: 1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double- click Computer Management. Or, open the MMC containing the Event Viewer snap-in. 2. In the console tree, click Event Viewer. The Application, Security, and System logs are displayed in the Event Viewer window. How to View Event Details: 1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double- click Computer Management. Or, open the MMC containing the Event Viewer snap-in. 2. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view. 26 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 3. In the details pane, double-click the event that you want to view. The Event Properties dialog box containing header information and a description of the event is displayed. How to identify FIPS-relevant events: FIPS-relevant log entries are classified by type, and contains a description of the event as follows: · Date ­ The date the event occurred. · Time ­ The time the event occurred. · User ­ The user name of the user (User or Crypto Officer operator) that was logged on when the event occurred. · Computer ­ The name of the computer where the event occurred. · Event ID ­ An event number that identifies the event type. Event IDs corresponds to FIPS-relevant errors are listed in the table below. · Source ­ The source of the FIPS-relevant errors will always be "FTIDrv". · Type ­ The type of event. Event types corresponding to FIPS- relevant errors are listed in the table below. · Category ­ FIPS-relevant log entries do not include "Category" fields. FIPS-relevant errors include as what is shown in the table above. 27 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 5.7 Performing Zeroization Ephemeral keys and CSPs are zeroized generally speaking when MSP sessions end and MSP key exchanges occur, and when the power is cycled, as described in section "Cryptographic Key Management". Persistent keys and CSPs as identified in section "Cryptographic Key Management" require the hard drive to be formatted. To zeroize all keys and CSPs, format the hard drive and reboot. Both steps are required given the module loads and starts operating without operator intervention after the Windows kernel loading boot phase completes. 5.8 CAC Suport The Common Access Card (CAC) is a United States Department of Defense (DoD) smart card issued as standard identification for active-duty military personnel, reserve personnel, civilian employees, non-DoD other government employees and State Employees of the National Guard and eligible contractor personnel. Even through the CAC is supported by this version of Fortress Client software it should not be used in the FIPS mode of operation. The CAC was not submitted for FIPS testing. 28 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy 6.0 Contacting Fortress 6.1 Installation All software installation and reinstallation for modules is performed by the Cryptographic Officer following the procedures defined by Fortress Technologies. Software troubleshooting to resolve an error state may require the product to be reinstalled by the Cryptographic Officer. 6.2 Support and Service Any issues concerning support or if help is needed contact: Fortress Technologies, Inc 4023 Tampa Road, Suite 2000 Oldsmar, Florida 34677 Tel: 813 288-7388 Or access the web site at http://www.fortresstech.com/ 29 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice. Fortress Secure Client: Security Policy End of document 30 Copyright © 2009 Fortress Technologies Inc., 4023 Tampa Rd., Suite 2000 Oldsmar, FL 34677 This document can be reproduced and distributed only whole and intact, including this copyright notice.