Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Version 0.5 May, 2011 © Copyright 2007 Cisco Systems, Inc. 1 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents 1 INTRODUCTION.................................................................................................................. 3  1.1  PURPOSE ............................................................................................................................. 3  1.2  MODULE VALIDATION LEVEL ............................................................................................ 3  1.3  REFERENCES ....................................................................................................................... 3  1.4  TERMINOLOGY ................................................................................................................... 4  1.5  DOCUMENT ORGANIZATION ............................................................................................... 4  2  CISCO 7606-S AND 7609-S ROUTERS WITH SUPERVISOR SUP720-3B .................. 5  2.1  CRYPTOGRAPHIC MODULE PHYSICAL CHARACTERISTICS .................................................. 5  2.2  MODULE INTERFACES ......................................................................................................... 6  2.3  ROLES AND SERVICES ......................................................................................................... 8  2.3.1  Authentication................................................................................................ 9  2.3.2  Services......................................................................................................... 9  a. User Services ........................................................................................................ 9  b. Crypto Officer Services ....................................................................................... 10  2.3.3  Unauthenticated Services............................................................................ 11  2.4  PHYSICAL SECURITY ........................................................................................................ 11  2.4.1  Module Opacity ........................................................................................... 11  2.4.2  Tamper Evidence ........................................................................................ 13  2.5  CRYPTOGRAPHIC ALGORITHMS ........................................................................................ 17  2.5.1  Approved Cryptographic Algorithms ............................................................ 17  2.5.2  Non-FIPS Approved Algorithms Allowed in FIPS Mode .............................. 18  2.5.3  Non-Approved Cryptographic Algorithms .................................................... 18  2.6  CRYPTOGRAPHIC KEY MANAGEMENT .............................................................................. 18  2.7  SELF-TESTS ...................................................................................................................... 20  2.7.1  Self-tests performed by the IOS image ....................................................... 20  3  SECURE OPERATION ...................................................................................................... 21  3.1  SYSTEM INITIALIZATION AND CONFIGURATION ................................................................ 21  3.2  PROTOCOLS ...................................................................................................................... 22  3.3  REMOTE ACCESS .............................................................................................................. 22  © Copyright 2011 Cisco Systems, Inc. 2 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 1 Introduction 1.1 Purpose This document is the non-proprietary Cryptographic Module Security Policy for the Cisco 7606- S and 7609-S Routers with Supervisor SUP720-3B. This security policy describes how the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B (Hardware Version: Chassis: 7606-S and 7609-S with SUP720-3B; Firmware Version: 15.1(2)S) meet the security requirements of FIPS 140-2, and how to operate the router with on-board crypto enabled in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 — Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST website at http://csrc.nist.gov/groups/STM/index.html. 1.2 Module Validation Level The following table lists the level of validation for each area in the FIPS PUB 140-2. No. Area Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 3 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key management 2 8 Electromagnetic Interface/Electromagnetic Compatibility 2 9 Self-Tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A Overall module validation level 2 Table 1 Module Validation Level 1.3 References This document deals only with operations and capabilities of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the routers from the following sources: The Cisco Systems website contains information on the full line of Cisco Systems routers. Please refer to the following website: © Copyright 2011 Cisco Systems, Inc. 3 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. http://www.cisco.com/en/US/prod/collateral/routers/ps368/ps371/product_data_sheet0900aecd80 57f3c8.html For answers to technical or sales related questions please refer to the contacts listed on the Cisco Systems website at www.cisco.com. The NIST Validated Modules website (http://csrc.nist.gov/groups/STM/cmvp/validation.html) contains contact information for answers to technical or sales-related questions for the module. 1.4 Terminology In this document, the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B is referred to as the router, the module, or the system. 1.5 Document Organization The Security Policy document is part of the FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence document Finite State Machine Other supporting documentation as additional references This document provides an overview of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B and explains the secure configuration and operation of the module. This introduction section is followed by Section 2, which details the general features and functionality of the router. Section 3 specifically addresses the required configuration for the FIPS-mode of operation. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Submission Documentation is Cisco-proprietary and is releasable only under appropriate non- disclosure agreements. For access to these documents, please contact Cisco Systems. © Copyright 2011 Cisco Systems, Inc. 4 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2 Cisc 7606-S and 7609- Routers with Sup co -S pervisor S SUP720-3B B The Cisc 7600-S Ro co outer is a commpact, high- -performanc router desi ce igned in a 6- -slot and 9-s slot form fact for deplo tor oyment at the network ed where ro e dge, obust perfor rmance and I IP/Multiprottocol Label Swwitching (MP PLS) service are necess es sary to meet the requirem ments of both enterprises and h s service p providers. It enables Carr Ethernet service providers to dep e rier t ploy an advaanced netwo ork infrastruc cture that sup pports a rang of IP vide and triple ge eo e-play (voice video, and data) system e, d m applicatio in both the residential and busin services markets. Th Cisco 760 ons t ness he 00-S also dellivers WAN an metropolit nd tan-area netwwork (MAN networking solutions a the enterpr edge. Th N) g at rise he following subsection describe th physical c g ns he characteristic of the rou cs uters. 2.1 Cry yptographic Module Ph c hysical Char racteristics Figure 1 - C Cisco 7606-S R Router © Copyrig 2011 Cisc Systems, In ght co nc. 5 This docume may be freely reproduced and distributed who and intact inc ent y ole cluding this Copy yright Notice. Figure 2 - C Cisco 7609-S R Router The cryp ptographic bo oundary is d defined as being the phys sical enclosu of the cha ure assis. The cryp ptographic bo oundary is il llustrated in Figures 1 an 2 above a the dark bo nd as order around the d module. All of the functionali described in this publ e ity d lication is pr rovided by c components w within this cryptograaphic bounddary. The mo odule incorpoorates one or more super r rvisor blades s. 2.2 Mo odule Interfa faces The mod features the followin interfaces dule ng s: 1. Two T SFP Eth hernet ports 2. One O 10/100/1 1000 Etherne port et 3. One O serial con nsole port 4. Four Status LEDs L 5. Two T Disk LE EDs 6. Three Link LEDs T L 7. Two T Compac ctFlash Type II slots (dis e sabled via TE EL) These int terfaces are depicted in t figures b d the below: © Copyrig 2011 Cisc Systems, In ght co nc. 6 This docume may be freely reproduced and distributed who and intact inc ent y ole cluding this Copy yright Notice. Figure 3 - SUP 720-3B int terfaces The follo owing tables provide mo detailed information c ore conveyed by the LEDs o the front a y on and rear pane of the rout el ter: Name State Description n Status Green All diagnostic pass. The su cs upervisor engin is ne operational (n normal initializ zation sequence e). Orange The superviso engine is boo or oting or runnin ng diagnostics (n normal initializ zation sequencee) Red The diagnosti test (includin FIPS POSTs) ic ng failed. The su upervisor engin is not operat ne tional because a faul occurred dur lt ring the initialization sequence. System Green All chassis en nvironmental mmonitors are repporting OK. Orange A minor hardw problem has been detec ware cted. Red A major hardw problem h occurred ware has Active Green The superviso engine is ope or erational and a active. Orange The superviso engine is in s or standby mode. © Copyrig 2011 Cisc Systems, In ght co nc. 7 This docume may be freely reproduced and distributed who and intact inc ent y ole cluding this Copy yright Notice. PWR MGMT Orange Power-up mode; running self-diagnostics. Green Power management is functioning normally and sufficient power is available for all modules. Orange A minor power management problem has been detected. There is insufficient power for all modules to power up. Red A major power failure has occurred. DISK 0 and N/A These LEDs are illuminated green when the DISK 1 installed Flash PC card is being accessed and is performing either a read operation or a write operation. Table 2 – LED Indicators The module provides a number of physical and logical interfaces to the device, and the physical interfaces provided by the module are mapped to the following FIPS 140-2 defined logical interfaces: data input, data output, control input, status output, and power. The logical interfaces and their mapping are described in the following table: Router Physical Interface FIPS 140-2 Logical Interface Gigabit/SFP Ethernet ports Data Input Interface Console Port Gigabit/SFP Ethernet ports Data Output Interface Console Port Gigabit/SFP Ethernet ports Control Input Interface Console Port Gigabit/SFP Ethernet ports Status Output Interface Console Port LEDs Power plug Power Interface Table 3 – FIPS 140-2 Logical Interfaces 2.3 Roles and Services Authentication in the module is identity-based. There are two main roles in the router that operators can assume: 1. the Crypto Officer role and 2. the User role. The administrators of the router assumes the Crypto Officer role in order to configure and maintain the router using Crypto Officer services, while the Users exercise only the basic User services. A detailed list of services attributed to each role can be found in section 2.3.2 © Copyright 2011 Cisco Systems, Inc. 8 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2.3.1 Authentication The module provides password based and digital signature based authentication. Crypto Officers are always authenticated using passwords whereas a User can be authenticated either via a password or digital signature. a. Password based Authentication The security policy stipulates that all user passwords and shared secrets must be 8 alphanumeric characters, so the password space is 2.8 trillion possible passwords. The possibility of randomly guessing a password is thus far less than one in one million. To exceed a one in 100,000 probability of a successful random password guess in one minute, an attacker would have to be capable of 28 million password attempts per minute, which far exceeds the operational capabilities of the module to support. b. Digital signature based Authentication When using RSA based authentication, RSA key pair has modulus size of 1024 bit to 2048 bit, thus providing between 80 bits and 112 bits of strength. Assuming the low end of that range, an attacker would have a 1 in 280 chance of randomly obtaining the key, which is much stronger than the one in a million chance required by FIPS 140-2. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 1.8x1021 attempts per minute, which far exceeds the operational capabilities of the modules to support. 2.3.2 Services a. User Services Users can access the system via the console port with a terminal program or SSH session to an Ethernet port. The IOS prompts the User for username and password. If the password is correct, the User is allowed entry to the IOS executive program. In addition to username/password combination, RSA digital certificates can be used to authenticate the user over the SSH session. The services available to the User role consist of the following: Services & Description Keys & CSPs Access View state of interfaces and protocols, User password Status Functions version of IOS currently running. (r, x) Connect to other network devices DRBG seed, DRBG V, DH Network © Copyright 2011 Cisco Systems, Inc. 9 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. through SSH, telnet, PPP, etc. and shared secret, DH private Functions (r, w, initiate diagnostic network services exponent, SSH Private key, SSH x, z) (i.e., ping, mtrace). session key Adjust the terminal session (e.g., lock N/A Terminal the terminal, adjust flow control). Functions Display directory of files kept in flash N/A Directory memory. Services Perform the FIPS 140 start-up tests on N/A Perform Self- demand Tests Table 4 - User Services b. Crypto Officer Services During initial configuration of the router, the Crypto Officer password (the “enable” password) is defined. A Crypto Officer can assign permission to access the Crypto Officer role to additional accounts, thereby creating additional Crypto Officers. The Crypto Officer role is responsible for the configuration and maintenance of the router. Just like the User, the Crypto Officer can access the router via the console port or via SSH session. The Crypto Officer services consist of the following: Services & Access Description Keys & CSPs Define network interfaces and User password, Enable Configure the router settings, create command aliases, set password, RADIUS secret, (r, w, z) the protocols the router will support, TACACS+ secret, DH shared enable interfaces and network secret, Router Authentication services, set system date and time, and key, PPP authentication key, load authentication information. SSH private key Create packet Filters that are applied N/A Define Rules and to User data streams on each interface. Filters Each Filter consists of a set of Rules, which define a set of packets to permit or deny based on characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet direction. View the router configuration, routing User password, Enable View Status tables, active sessions, use gets to password, RADIUS secret, Functions (r, x) view SNMP MIB statistics, health, TACACS+ secret, DH shared temperature, memory status, voltage, secret, Router Authentication packet statistics, review accounting key, PPP authentication key, logs, and view physical interface SSH private key © Copyright 2011 Cisco Systems, Inc. 10 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. status. Log off users, shutdown or reload the User password, Enable Manage the router router, erase the flash memory, password, RADIUS secret, (r, w) manually back up router TACACS+ secret, DH shared configurations, view complete secret, Router Authentication configurations, manager user rights, key, PPP authentication key, and restore router configurations. SSH private key Perform the FIPS 140 start-up tests on N/A Perform Self-Tests demand r: read, w: write, x: execute, z: zeroize Table 5 - Crypto Officer Services 2.3.3 Unauthenticated Services The services available to unauthenticated users are: • Viewing the status output from the module’s LEDs • Powering the module on and off using the power switch on the third-party chassis 2.4 Physical Security This module is a multi-chip standalone cryptographic module. The FIPS 140-2 level 2 physical security requirements for the modules are met by the use of opacity shields covering the front panels of modules to provide the required opacity and tamper evident seals to provide the required tamper evidence. The following sections illustrate the physical security provided by the module. The tamper evident labels and opacity shields shall be installed for the module to operate in a FIPS Approved mode of operation. The following table shows the number of tamper evident labels and opacity shields. The CO is responsible for securing and having control at all times of any unused tamper evident labels. Model Tamper Evident Labels Opacity Shields 7606-S 20 1 7609-S 15 N/A Table 6 – TELs 2.4.1 Module Opacity To install an opacity shield on the module, follow these steps: 1. The opacity shield is designed to be installed on a Catalyst 7606-S chassis that is already rack-mounted. If your Cisco 7606-S chassis is not rack-mounted, install the chassis in the © Copyright 2011 Cisco Systems, Inc. 11 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. rack using the procedures contained in Cisco 7600 Series Router Installation Guide. If your Cisco 7606-S chassis is already rack-mounted, proceed to step 2. 2. Open the FIPS kit packaging (part number CVPN7600FIPS/KIT=). The kit contains the following items: • An opacity shield assembly for the Cisco 7606-S router (part number 800-26211). The opacity shield part number is located on the outside of the protective packaging. • A bag containing the installation hardware (In some kits there is no bag; the installation hardware is premounted in the opacity shield. • An envelope with 30 FIPS tamper evidence labels and a disposable ESD wrist strap. 3. Remove the opacity shield from its protective packaging. • If the thumbscrews and the snap rivet fasteners are already installed on the opacity shield, remove the four snap rivet fasteners from the opacity shield; leave the thumbscrews installed. Proceed to step 5. Note: Verify that the thumbscrews are started only two or three turns in the opacity shield. • If the opacity shield comes with a bag of installation hardware (69-1483), open the bag and remove the two thumbscrews and four snap rivet fasteners. The snap rivet fasteners come assembled; you need to separate the two pieces of the snap rivet fastener by removing the snap rivet pin from the snap rivet sleeve before you install them. Proceed to step 4. Note: Extra snap rivet fasteners are included in the bag of installation hardware in case of loss or damage. • Start the two thumbscrews in the corresponding threaded holes in the opacity shield (see Figure 5); two or three turns is sufficient. Do not thread the thumbscrews too far into the opacity shield. • Open the envelope containing the disposable ESD wrist strap. Attach the disposable ESD wrist strap to your wrist. Attach the other end of the wrist strap to exposed metal on the chassis. • Position the opacity shield over the air intake side of the chassis so that the two thumbscrews on the opacity shield are aligned with the unused L-bracket screw holes on the chassis. • Press the opacity shield firmly against the side of the chassis and secure the opacity shield to the chassis with the two thumbscrews. 4. Position the rivet sleeve over one of the square cutouts on the opacity shield. Refer to Figure 5 for snap rivet fastener placement. Press the rivet sleeve through the cutout, through the opacity shield material, and through one of the chassis air vent perforations. Note: You might need to try different cutouts to find the one cutout that aligns correctly with a chassis air vent perforation. 5. Push the rivet pin through the rivet sleeve until you hear a click. Note: If you do not hear a click, remove and inspect the snap rivet fastener. If the rivet sleeve appears expanded or damaged, discard the snap rivet fastener and use a new one from the extras supplied in the bag of fasteners. 6. Repeat step 4 and step 5 for the remaining three snap rivet fasteners. © Copyright 2011 Cisco Systems, Inc. 12 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Caution: Due to decreased airflow wh using the opacity shield, which i required f C e hen is for o FIPS 140-2 validation, sh v hort-term opeeration as sp pecified by GGR-63-CORE at 55 C is E eration requirements will only be me at 40 oC. W im mpacted. Sho ort-term ope l et Without the oppacity shield installed, th system w meet the short-term o d he will operations re equirements at 55 o C. C Caution: We recommend that you cha C ange the opa acity shield e every three m months to prrevent dust build-up and the possibility of overh b d heating the chassis. If the environment is e esspecially dusty, inspect a replace the opacity s and shield more often. Note: If you need to remo the 7606 chassis fr N n ove 6-S from the rack you must f k, first remove the oppacity shield With the o d. opacity shiel installed, t chassis is too wide to slide out of the ld the o raack. Fi igure 4 - Insta alling the Opac Shield on the Cisco 760 city 06-S Router The 7609 does not require any opacity shie 9-S t y elds. 2.4.2 Tamper Evide T ence Once the module ha been con e as nfigured to m meet overall FIPS 140-2 Level 2 r l requirements the s, module cannot be accessed without signs of tamperin The CO shall insp a ng. O pect for sign of ns tamperin periodically. ng To seal th system, apply serializ tamper-e he a zed evidence labels as depict in the fig ted gures below. © Copyrig 2011 Cisc Systems, In ght co nc. 13 This docume may be freely reproduced and distributed who and intact inc ent y ole cluding this Copy yright Notice. 1 2-7 8- 10 11-13 14- 15 © Copyright 2011 Cisco Systems, Inc. 14 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 16-17 18-20 Figure 5 - TEL placement for 7606-S © Copyright 2011 Cisco Systems, Inc. 15 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 10-11 1-9 © Copyright 2011 Cisco Systems, Inc. 16 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 12-15 Figure 6 - TEL placement for 7609-S 2.5 Cryptographic Algorithms The module implements a variety of approved and non-approved algorithms. 2.5.1 Approved Cryptographic Algorithms The routers support the following FIPS-2 approved algorithm implementations: © Copyright 2011 Cisco Systems, Inc. 17 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Algorithm IOS AES 1634 Triple-DES 1070 SHS 1439 HMAC 961 DRBG 88 RSA 808 Table 7 Approved Cryptographic Algorithms 2.5.2 Non-FIPS Approved Algorithms Allowed in FIPS Mode The module supports the following non-FIPS approved algorithms which are permitted for use in the FIPS approved mode: • Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) • RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) 2.5.3 Non-Approved Cryptographic Algorithms The module supports the following non-approved cryptographic algorithms that shall not be used in FIPS mode of operation: • DES • DES MAC • MD5 • MD4 • HMAC MD5 • Non Approved RNGs 2.6 Cryptographic Key Management The router securely administers both cryptographic keys and other critical security parameters such as passwords. All keys and CSPs are also protected by the password-protection provided by the crypto-officer logins and can be zeroized by either the Crypto Officer or User. Zeroization consists of overwriting the memory that stored the key or refreshing the volatile memory. Keys are both manually and electronically distributed but entered electronically. Manual distribution is used for pre-shared keys whereas SSH is used for electronic distribution. The module supports the following types of key management schemes: © Copyright 2011 Cisco Systems, Inc. 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 1. Pre-shared key exchange via electronic key entry. Triple-DES/AES key and HMAC- SHA-1 key are exchanged and entered electronically. 2. Diffie-Hellman key exchange is used to establish the Triple-DES or AES keys during SSHv2 exchange. All pre-shared keys are associated with the CO role that created the keys, and the CO role is protected by a password. Therefore, the CO password is associated with all the pre-shared keys. The Crypto Officer needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual tunnels are directly associated with that specific tunnel only via the SSH protocol. RSA Public keys are entered into the modules using digital certificates which  contain relevant data such as the name of the public key's owner, which associates the key  with the correct entity. All other keys are associated with the user/role that entered them. The module supports the following keys and critical security parameters (CSPs): Zeroization ID Algorithm Size Description Origin Storage Method General Keys/CSPs  User  Password  8 characters  Used to authenticate  Configured by  NVRAM  Zeroized by  password  User role  Crypto Officer  (plaintext)  overwriting  with new  password Enable  Password  8 characters  Used to authenticate  Configured during  NVRAM  Zeroized by  password  Crypto Officer role  module initialization  (plaintext)  overwriting  with new  password RADIUS  Shared  128 bits  Used to authenticate  Configured by  NVRAM  Zeroized by “#  secret  Secret  RADIUS server to  Crypto Officer  (plaintext)  no radius‐ module  server key”  TACACS+  Shared  128 bits  Used to authenticate  Configured by  NVRAM  Zeroized by “#  secret  Secret  TACACS+ server to  Crypto Officer  (plaintext)  no tacacs‐ module  server key”  DRBG  SP 800‐90  128‐bits  This is the seed for SP  Generated by  DRAM  power cycle  Seed  800‐90 DRBG.   entropy source via  (plaintext)  the device  the CTR_DRBG  derivation function  © Copyright 2011 Cisco Systems, Inc. 19 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. DRBG V  SP 800‐90  256‐bits  This is the seed key for  generated from  DRAM  power cycle    SP 800‐90 DRBG.  entropy source via  (plaintext)  the device  the CTR_DRBG  derivation function  Diffie  DH  1024‐4096 bits  This is the shared  N/A  DRAM  Zeroized upon  Hellman  secret agreed upon as  (plaintext)  deletion  shared  part of DH exchange  secret  Diffie  DH  1024‐4096 bits  The private exponent  Generated using FIPS  DRAM  Automatically  Hellman  used in Diffie‐Hellman  approved DRBG  (plaintext)  after shared  private  (DH) exchange.   secret  exponent  generated.  SSH keys/CSPs  SSH  RSA  1024‐2048 bits  This is the SSH private  Generated or  NVRAM  Zeroized by  Private  key used to  entered like any RSA  (plaintext)  either deletion  key  authenticate the  key  (via # crypto  module  key zeroize  rsa) or by  overwriting  with a new  value of the  key  SSH  Triple‐ 3‐key Triple‐ This is the symmetric  Created as part of  DRAM  Zeroized  session  DES/AES  DES  SSH key used to  SSH session set‐up  (plaintext)  automatically  key  128/192/256  protect SSH session  when SSH  bits AES keys  session is  closed  Table 8 Cryptographic Keys and CSPs 2.7 Self-Tests In order to prevent any secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The router includes an array of self-tests that are run during startup and periodically during operations. 2.7.1 Self-tests performed by the IOS image • IOS Self Tests o POST tests AES Known Answer Test RSA Signature Known Answer Test (both signature/verification) Software/firmware test © Copyright 2011 Cisco Systems, Inc. 20 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. DRBG Known Answer Test HMAC-SHA-1 Known Answer Test SHA-1/256/512 Known Answer Test Triple-DES Known Answer Test o Conditional tests Pairwise consistency test for RSA signature keys Continuous random number generation test for approved and non- approved RNGs 3 Secure Operation The module meets all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided below to place the module in FIPS-approved mode. Operating this router without maintaining the following settings will remove the module from the FIPS approved mode of operation. 3.1 System Initialization and Configuration 1. The Crypto Officer must perform the initial configuration. IOS version 15.1(2)S, filename: c7600s72033-adventerprisek9-mz.151-2.S.bin is the only allowable image; no other image should be loaded. 2. The value of the boot field must be 0x0102. This setting disables break from the console to the ROM monitor and automatically boots the IOS image. From the “configure terminal” command line, the Crypto Officer enters the following syntax: config-register 0x0102 3. The Crypto Officer must create the “enable” password for the Crypto Officer role. The password must be at least 8 characters (all digits; all lower and upper case letters; and all special characters except ‘?’ are accepted) and is entered when the Crypto Officer first engages the “enable” command. The Crypto Officer enters the following syntax at the “#” prompt: enable secret [PASSWORD] 4. The Crypto Officer must always assign passwords (of at least 8 characters) to users. Identification and authentication on the console port is required for Users. From the “configure terminal” command line, the Crypto Officer enters the following syntax: line con 0 password [PASSWORD] login local 5. The Crypto Officer shall only assign users to a privilege level 1 (the default). 6. The Crypto Officer shall not assign a command to any privilege level other than its default. © Copyright 2011 Cisco Systems, Inc. 21 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 7. The Crypto Officer may configure the module to use RADIUS or TACACS+ for authentication. Configuring the module to use RADIUS or TACACS+ for authentication is optional. RADIUS and TACACS+ shared secret key sizes must be at least 8 characters long. 8. Loading any IOS image onto the router is not allowed while in FIPS mode of operation. 3.2 Protocols 1. SNMPv3 is allowed in FIPS mode of operation. SNMPv3 uses FIPS approved cryptographic algorithms however from a FIPS perspective SNMPv3 is considered to be a plaintext session since the key derivation used as by SNMPv3 is not FIPS compliant. 3.3 Remote Access 1. SSH access to the module is only allowed if SSH is configured to use a FIPS-approved algorithm. The Crypto officer must configure the module so that SSH uses only FIPS- approved algorithms. Note that all users must still authenticate after remote access is granted. © Copyright 2011 Cisco Systems, Inc. 22 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.