Cisco ASR 1001, ASR 1002 with ESP5 or ESP10,  ASR1002‐X, ASR 1004 with RP1 or RP2 and  ESP10 or ESP20 or ESP40, and ASR 1006 with  dual RP1 or RP2 and single/dual ESP10 or  ESP20 or ESP40 or ESP100, ASR 1013 with RP2  and ESP40 or ESP100    Firmware version:   3.7.2tS    Hardware versions:   ASR1001, ASR1002, ASR1002‐X, ASR1004, ASR1006, ASR1013;  Embedded Services Processor (ESP) Hardware versions:  ASR1000‐ESP5, ASR1000‐ESP10, ASR1000‐ESP20,   ASR1000‐ESP40, ASR1000‐ESP100;  Route Processor (RP) Hardware versions:   ASR‐1000‐RP1, ASR‐1000‐RP2    FIPS‐140 Security Policy  Cisco Systems, Inc. © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents 1  Introduction ................................................................................................................. 1  1.1  References ............................................................................................................ 1  1.2  FIPS 140-2 Submission Package.......................................................................... 1  2  Module Description .................................................................................................... 2  2.1  Cisco ASR (1001, 1002, 1002-X, 1004, 1006, and 1013) ................................... 2  2.2  Embedded Services Processor (5, 10, 20, 40, and 100 Gbps) .............................. 2  2.3  Router Processor (RP1, RP2) ............................................................................... 2  2.4  Module Validation Level ..................................................................................... 4  3  Cryptographic Boundary ............................................................................................. 5  4  Cryptographic Module Ports and Interfaces ............................................................... 5  5  Roles, Services, and Authentication ........................................................................... 9  5.1  User Services ........................................................................................................ 9  5.2  Cryptographic Officer Services .......................................................................... 10  5.3  Unauthenticated User Services........................................................................... 10  6  Cryptographic Key/CSP Management ...................................................................... 11  7  Cryptographic Algorithms ........................................................................................ 17  7.1  Approved Cryptographic Algorithms................................................................. 17  7.2  Non-Approved Algorithms allowed for use in FIPS-mode ............................... 19  7.3  Non-Approved Algorithms ................................................................................ 19  7.4  Self-Tests ............................................................................................................ 20  8  Physical Security ....................................................................................................... 22  8.1  Module Opacity .................................................................................................. 22  8.2  Tamper Evidence................................................................................................ 23  9  Secure Operation ....................................................................................................... 53  i 9.1  System Initialization and Configuration ............................................................ 53  9.2  IPsec Requirements and Cryptographic Algorithms .......................................... 54  9.3  Protocols ............................................................................................................. 54  9.4  Remote Access ................................................................................................... 55  10  Related Documentation ............................................................................................. 55  11  Obtaining Documentation ......................................................................................... 55  11.1  Cisco.com ....................................................................................................... 55  11.2  Product Documentation DVD ........................................................................ 55  11.3  Ordering Documentation ................................................................................ 56  12  Documentation Feedback.......................................................................................... 56  13  Cisco Product Security Overview ............................................................................. 56  13.1  Reporting Security Problems in Cisco Products............................................. 57  14  Obtaining Technical Assistance ................................................................................ 58  14.1  Cisco Technical Support & Documentation Website ..................................... 58  14.2  Submitting a Service Request ......................................................................... 58  14.3  Definitions of Service Request Severity......................................................... 59  15  Obtaining Additional Publications and Information ................................................. 59  16  Definitions List ......................................................................................................... 61  ii 1 Introduction This is a non-proprietary Cryptographic Module Security Policy for the Cisco ASR 1001 with integrated RP and integrated ESP, ASR 1002 with integrated RP and ESP5 or ESP10, ASR1002-X with integrated RP and integrated ESP, ASR 1004 with RP1 or RP2 and ESP10 or ESP20 or ESP40, and ASR 1006 with dual RP1 or RP2 and single/dual ESP10 or ESP20 or ESP40 or ESP100, ASR 1013 with RP2 and ESP40 or ESP100 from Cisco Systems, Inc., referred to in this document as the modules, routers, or by their specific model name. This security policy describes how modules meet the security requirements of FIPS 140-2 and how to run the modules in a FIPS 140-2 mode of operation. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 — Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST website at http://csrc.nist.gov/groups/STM/cmvp/index.html. 1.1 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:  The Cisco Systems website (http://www.cisco.com) contains information on the full line of products from Cisco Systems.  The NIST Cryptographic Module Validation Program website (http://csrc.nist.gov/groups/STM/cmvp/index.html) contains contact information for answers to technical or sales-related questions for the module. 1.2 FIPS 140-2 Submission Package The security policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the submission package includes: Vendor Evidence  Finite State Machine  Other supporting documentation as additional references With the exception of this non-proprietary security policy, the FIPS 140-2 validation documentation is proprietary to Cisco Systems, Inc. and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Cisco Systems, Inc. See “Obtaining Technical Assistance” section for more information. 1 2 Module Description 2.1 Cisco ASR (1001, 1002, 1002-X, 1004, 1006, and 1013) The Cisco ASR 1000 Series Router (ASR 1001, ASR 1002, ASR 1002-X, ASR 1004, ASR 1006, and ASR 1013) is a highly scalable WAN and Internet Edge router platform that delivers embedded hardware acceleration for multiple Cisco IOS XE Software services without the need for separate service blades. In addition, the Cisco ASR 1000 Series Router is designed for business-class resiliency, featuring redundant Route and Embedded Services Processors, as well as software-based redundancy. With routing performance and IPsec VPN acceleration around ten-fold that of previous midrange aggregation routers with services enabled, the Cisco ASR 1000 Series Routers provides a cost-effective approach to meet the latest services aggregation requirement. This is accomplished while still leveraging existing network designs and operational best practices. The router also supports GDOI-based GetVPN services. 2.2 Embedded Services Processor (5, 10, 20, 40, and 100 Gbps) The Cisco ASR 1000 Series Embedded Service Processors (ESPs) are based on the innovative, industry-leading Cisco QuantumFlow Processor for next-generation forwarding and queuing in silicon. These components use the first generation of the hardware and software architecture known as Cisco QuantumFlow Processor. The 5-, 10-, 20-, 40- and 100-Gbps Cisco ASR 1000 Series ESPs provide centralized forwarding-engine options for the Cisco ASR 1000 Series Aggregation Services Routers. The Cisco ASR 1000 Series ESPs are responsible for the data-plane processing tasks, and all network traffic flows through them. The modules perform all baseline packet routing operations, including MAC classification, Layer 2 and Layer 3 forwarding, quality-of- service (QoS) classification, policing and shaping, security access control lists (ACLs), VPN, load balancing, and NetFlow. It should be noted that the ASR1001 uses an integrated ESP. It does not have a distinct part number but is referred to as the ESP2.5. Additionally, the ESP5 when used on both the ASR1002 and ASR1002-X is integrated into the module as well. 2.3 Router Processor (RP1, RP2) The Cisco ASR 1000 Series Route Processors address the route-processing requirements of carrier-grade IP and Multiprotocol Label Switching (MPLS) packet infrastructures. Not only do they provide advanced routing capabilities, but they also monitor and manage the other components in the Cisco ASR 1000 Series Aggregation Services Router. Page 2 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. It should be noted that both the ASR1001 and the ASR1002-X employ an integrated RP. The ASR1002 also has an integrated RP which in effect is an RP1. The validated platforms consist of the following components:  Cisco ASR 1001 – ASR1001  Cisco ASR 1002 – ASR1002  Cisco ASR 1002-X – ASR1002-X  Cisco ASR 1004 – ASR1004  Cisco ASR 1006 – ASR1006  Cisco ASR 1013 – ASR1013  Embedded Services Processor (5Gbps) – ASR1000-ESP5  Embedded Services Processor (10Gbps) – ASR1000-ESP10  Embedded Services Processor (20Gbps) – ASR1000-ESP20  Embedded Services Processor (40Gbps) – ASR1000-ESP40  Embedded Services Processor (100Gbps) – ASR1000-ESP100  Route Processor 1 – ASR-1000-RP1  Route Processor 2 – ASR-1000-RP2 #  Series  Firmware Version  Hardware Configuration  1 ASR 1001 Fixed Configuration 2 Single ESP (5 Gbps) ASR 1002 3 Single ESP (10 Gbps) 4 ASR 1002-X Fixed Configuration IOS-XE 3.7.2tS Single RP1 5 Single ESP (10 Gbps) Single RP1 6 Single ESP (20 Gbps) Single RP1 7 Single ESP (40 Gbps) ASR 1004 Single RP2 8 Single ESP (10 Gbps) Single RP2 9 Single ESP (20 Gbps) Single RP2 10 Single ESP (40 Gbps) Dual RP1 11 Dual ESP (10 Gbps) ASR 1006 Dual RP1 12 Dual ESP (20 Gbps) Page 3 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Dual RP1 13 Dual ESP (40 Gbps) Dual RP1 14 Dual ESP (100 Gbps) Dual RP2 15 Dual ESP (10 Gbps) Dual RP2 16 Dual ESP (20 Gbps) Dual RP2 17 Dual ESP (40 Gbps) Dual RP2 18 Dual ESP (100 Gbps) Dual RP2 19 Dual ESP (40 Gbps) ASR 1013 Dual RP2 20 Dual ESP (100 Gbps) Table 1: Module Hardware Configurations 2.4 Module Validation Level The following table lists the level of validation for each area in the FIPS PUB 140-2. No.  Area Title  Level  1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 3 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key management 2 8 Electromagnetic Interface/Electromagnetic Compatibility 2 9 Self-Tests 2 10 Design Assurance 3 11 Mitigation of Other Attacks N/A Overall Overall module validation level 2 Table 2: Module Validation Level Page 4 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 3 Cryptographic Boundary The cryptographic boundary for the Cisco ASR 1001, ASR 1002 with ESP5 or ESP10, ASR 1002-X with ESP5, ASR 1004 with RP 1 or RP 2 and ESP10 or ESP20 or ESP40, ASR 1006 with dual RP 1 or RP 2 and dual ESP10 or ESP20 or ESP40, and ASR 1013 with dual RP 2 and dual ESP40 is defined as encompassing the "top," "front," "left," "right," and "bottom" surfaces of the case; all portions of the "backplane" of the case. 4 Cryptographic Module Ports and Interfaces Each module provides a number of physical and logical interfaces to the device, and the physical interfaces provided by the module are mapped to four FIPS 140-2 defined logical interfaces: data input, data output, control input, and status output. The logical interfaces and their mapping are described in the following tables: Physical Interfaces  FIPS 140‐2 Logical Interfaces  Port Adapter Interface (3) Data Input Interface Console Port Auxiliary Port 10/100 Management Ethernet Port Port Adapter Interface (3) Data Output Interface Console Port Auxiliary Port 10/100 Management Ethernet Port Port Adapter Interface (3) Control Input Interface Console Port Auxiliary Port 10/100 BITS Ethernet Port (1 per RP) 10/100 Management Ethernet Port Power Switch Port Adapter Interface (3) Status Output Interface LEDs USB Ports (Up to 2) Console Port Auxiliary Port 10/100 Management Ethernet Port Power Plug Power interface Table 3: ASR 1001 Physical Interfaces  FIPS 140‐2 Logical Interfaces  Port Adapter Interface (3) Data Input Interface Console Port Auxiliary Port Page 5 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Physical Interfaces  FIPS 140‐2 Logical Interfaces  10/100 Management Ethernet Port GiGE port (4) Port Adapter Interface (3) Data Output Interface Console Port Auxiliary Port 10/100 Management Ethernet Port GiGE port (4) Port Adapter Interface (3) Control Input Interface Console Port Auxiliary Port 10/100 BITS Ethernet Port (1 per RP) 10/100 Management Ethernet Port Power Switch Port Adapter Interface (3) Status Output Interface LEDs USB Ports (Up to 2) Console Port Auxiliary Port 10/100 Management Ethernet Port Power Plug Power interface Table 4: ASR 1002 with ESP5 or ESP10 Physical Interfaces  FIPS 140‐2 Logical Interfaces  Port Adapter Interface (8) Data Input Interface Console Port Auxiliary Port 10/100 Management Ethernet Port GiGE port (10) Port Adapter Interface (8) Data Output Interface Console Port Auxiliary Port 10/100 Management Ethernet Port GiGE port (10) Port Adapter Interface (8) Control Input Interface Console Port Page 6 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Auxiliary Port 10/100 BITS Ethernet Port (1 per RP) 10/100 Management Ethernet Port Power Switch Port Adapter Interface (8) Status Output Interface LEDs USB Ports (Up to 2) Console Port Auxiliary Port 10/100 Management Ethernet Port Power Plug Power interface Table 5: ASR 1004 with RP 1 or RP 2 and ESP10 or ESP20 or ESP40 Physical Interfaces  FIPS 140‐2 Logical Interfaces  Port Adapter Interface (12) Data Input Interface Console Port Auxiliary Port (1 per RP) 10/100 Management Ethernet Port (1 per RP) GiGE port (10) Port Adapter Interface (12) Data Output Interface Console Port Auxiliary Port (1 per RP) 10/100 Management Ethernet Port (1 per RP) GiGE port (10) Port Adapter Interface (12) Control Input Interface Console Port Auxiliary Port (1 per RP) 10/100 BITS Ethernet Port (1 per RP) 10/100 Management Ethernet Port (1 per RP) Power Switch Port Adapter Interface (12) Status Output Interface LEDs USB Ports (Up to 2 per RP) Console Port Auxiliary Port (1 per RP) 10/100 Management Ethernet Port (1 per RP) Power Plug Power interface Page 7 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table 6: ASR 1006 with dual RP 1 or RP 2 and dual ESP10 or ESP20 or ESP40 Physical Interfaces  FIPS 140‐2 Logical Interfaces  Port Adapter Interface (12) Data Input Interface Console Port Auxiliary Port (1 per RP) 10/100 Management Ethernet Port (1 per RP) GiGE port (10) Port Adapter Interface (12) Data Output Interface Console Port Auxiliary Port (1 per RP) 10/100 Management Ethernet Port (1 per RP) GiGE port (10) Port Adapter Interface (12) Control Input Interface Console Port Auxiliary Port (1 per RP) 10/100 BITS Ethernet Port (1 per RP) 10/100 Management Ethernet Port (1 per RP) Power Switch Port Adapter Interface (12) Status Output Interface LEDs USB Ports (Up to 2 per RP) Console Port Auxiliary Port (1 per RP) 10/100 Management Ethernet Port (1 per RP) Power Plug Power interface Table 7: ASR 1013 with dual RP 2 and dual ESP40 Page 8 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 5 Roles, Services, and Authentication Authentication is identity-based. Each user is authenticated upon initial access to the module. There are two main roles in the router that operators may assume: the Crypto Officer role and the User role. The administrator of the router assumes the Crypto Officer role in order to configure and maintain the router using Crypto Officer services, while the Users exercise only the basic User services. The module supports RADIUS and TACACS+ for authentication. A complete description of all the management and configuration capabilities of the modules can be found in the Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide Manual and in the online help for the modules. The User and Crypto Officer passwords and all shared secrets must each be at least eight (8) characters long, including at least one letter and at least one number character, in length (enforced procedurally). See the Secure Operation section for more information. If six (6) integers, one (1) special character and one (1) alphabet are used without repetition for an eight (8) digit PIN, the probability of randomly guessing the correct sequence is one (1) in 4,488,223,369,069,440 (this calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total. Since it is claimed to be for 8 digits with no repetition, then the calculation should be 94 x 93 x 92 x 91 x 90 x 89 x 88 x 87). In order to successfully guess the sequence in one minute would require the ability to make over 74,803,722,817,824 guesses per second, which far exceeds the operational capabilities of the module. Additionally, when using RSA-based authentication, RSA key pair has a modulus size of 1024 to 2048 bits, thus providing between 80 and 112 bits of strength. Assuming the low end of that range, an attacker would have a 1 in 280 chance of randomly obtaining the key, which is much stronger than the one in a million chance required by FIPS 140-2. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 1.2x1019 attempts per minute, which far exceeds the operational capabilities of the modules to support. 5.1 User Services A User enters the system by accessing the console/auxiliary port with a terminal program or SSH v2 session to a LAN port or the 10/100 management Ethernet port. The module prompts the User for their username/password combination. If the username/password combination is correct, the User is allowed entry to the module management functionality. The services available to the User role consist of the following: Status Functions - View state of interfaces and protocols, firmware version  Terminal Functions - Adjust the terminal session (e.g., lock the terminal, adjust flow control)  Directory Services - Display directory of files kept in memory Page 9 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.  Perform Self-Tests – Perform the FIPS 140 start-up tests on demand  Perform Cryptography – Use the cryptography provided by the module (e.g., IPsec and GDOI) 5.2 Cryptographic Officer Services A Crypto Officer enters the system by accessing the console/auxiliary port with a terminal program or SSH v2 session to a LAN port or the 10/100 management Ethernet port. The Crypto Officer authenticates in the same manner as a User. The Crypto Officer is identified by accounts that have a privilege level 15 (versus the privilege level 1 for users). A Crypto Officer may assign permission to access the Crypto Officer role to additional accounts, thereby creating additional Crypto Officers. The Crypto Officer role is responsible for the configuration and maintenance of the router. The Crypto Officer services consist of the following:  Configure the module - Define network interfaces and settings, create command aliases, set the protocols the router will support, enable interfaces and network services, set system date and time, and load authentication information.  Define Rules and Filters - Create packet Filters that are applied to User data streams on each interface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny based characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet direction.  Status Functions - View the module configuration, routing tables, active sessions, use get commands to view SNMP MIB statistics, health, temperature, memory status, voltage, packet statistics, review accounting logs, and view physical interface status.  Manage the module - Log off users, shutdown or reload the router, manually back up router configurations, view complete configurations, manage user rights, initiate power-on self-tests on demand and restore router configurations.  Set Encryption/Bypass - Set up the configuration tables for IP tunneling. Set keys and algorithms to be used for each IP range or allow plaintext packets to be set from specified IP address.  Perform Self-Tests – Perform the FIPS 140 start-up tests on demand 5.3 Unauthenticated User Services The services for someone without an authorized role are to view the status output from the module’s LED pins, perform bypass services and cycle power. Page 10 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 6 Cryptographic Key/CSP Management The module securely administers both cryptographic keys and other critical security parameters such as passwords. The tamper evidence seals provide physical protection for all keys. All keys are also protected by the password-protection on the Crypto Officer operator logins, and can be zeroized by the Crypto Officer. All zeroization consists of overwriting the memory that stored the key. Keys are exchanged and entered electronically or via Internet Key Exchange (IKE). The module supports the following critical security parameters (CSPs): CSP  Name  Alg.  Key Size  Description  Storage  Zeroization  1 DRBG CTR 256-bit This is the entropy for SP 800-90 DRAM Power cycle the entropy (using RNG. (plaintext) device input AES- 256) 2 DRBG CTR 384-bits This DRBG seed is collected from DRAM Automatic-ally Seed (IOS (using the onboard Cavium cryptographic (plaintext) every 400 bytes, XE) AES- processor. or turn off the 256) router. 3 DRBG V CTR 256-bit DRAM Power cycle the Internal V value used as part of SP (using (plaintext) device 800-90 CTR_DRBG AES- 256) 4 DRBG CTR 256-bit DRAM Power cycle the Internal Key value used as part of Key (using (plaintext) device SP AES- 800-90 CTR_DRBG 256) 5 RNG Seed ANSI 64-bits This is the seed for Nitrox/Octeon II DRAM Zeroized with (Nitrox X9.31 resident X9.31 RNG. This seed is (plaintext) generation of /Octeon II) RNG created from Nitrox/Octeon II new seed hardware entropy sources. 6 RNG Seed ANSI 168-bits This is the seed key for DRAM Zeroized with Key X9.31 Nitrox/Octeon II resident X9.31 (plaintext) generation of (Nitrox/ RNG RNG. This seed is created from new seed Octeon II) Nitrox/Octeon II hardware entropy sources. 7 Diffie- DH 2048 – 4096 The shared exponent used in Diffie- DRAM Zeroized upon Hellman bits Hellman (DH) exchange. Created (plaintext) deletion. Shared per the Diffie-Hellman protocol. Secret Page 11 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. CSP  Name  Alg.  Key Size  Description  Storage  Zeroization  8 Diffie DH 2048 – 4096 The private exponent used in Diffie- DRAM Zeroized upon Hellman bits Hellman (DH) exchange. This CSP (plaintext) deletion. private is created using the ANSI X9.31 exponent RNG (Nitrox/Octeon II). 9 Diffie DH 2048 – 4096 The p used in Diffie-Hellman (DH) DRAM Zeroized upon Hellman bits exchange. This CSP is created using (plaintext) deletion. public key the ANSI X9.31 RNG (Nitrox/Octeon II). 10 skeyid Keyed 160-bits Value derived per the IKE (non- DRAM Automatically SHA-1 compliant) protocol based on the (plaintext) after IKE peer authentication method chosen. session terminated. 11 skeyid_a Keyed 160-bits The IKE (non-compliant) key DRAM Automatically SHA-1 derivation key for non ISAKMP (plaintext) after IKE security associations. session terminated. 12 skeyid_d Keyed 160-bits The IKE (non-compliant) key DRAM Automatically SHA-1 derivation key for non ISAKMP (plaintext) after IKE security associations. session terminated. 13 skeyid_e Keyed 160-bits The IKE (non-compliant) key DRAM Automatically SHA-1 derivation key for non ISAKMP (plaintext) after IKE security associations. session terminated. 14 IKE Triple- -168 bits The IKE (non-compliant) session DRAM Automatically session DES encrypt key. This key is created per (plaintext) after IKE encrypt -128, 192, the Internet Key Exchange Key session key AES or 256 bits Establishment protocol. terminated. 15 IKE SHA-1 160-bits The IKE (non-compliant) session DRAM Automatically session HMAC authentication key. This key is (plaintext) after IKE authentic- created per the Internet Key session cation key Exchange Key Establishment terminated. protocol. 16 ISAKMP Secret At least The key used to generate IKE (non- NVRAM # no crypto preshared eight compliant) skeyid during preshared- (plaintext) isakmp key characters key authentication. # no crypto isakmp key command zeroizes it. This key can have two forms based on whether the key is related to the hostname or the IP address. This CSP is entered by the Cryptographic Officer. Page 12 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. CSP  Name  Alg.  Key Size  Description  Storage  Zeroization  17 IKE RSA RSA 2048 – 4096 The key used in IKE (non- NVRAM # crypto key Private (Private bits compliant) authentication. # crypto (plaintext) zeroize rsa Key Key) key zeroize rsa command zeroizes it. 18 IKE RSA RSA 2048 – 4096 The key used in IKE (non- NVRAM # crypto key Public (Public bits compliant) authentication. # crypto (plaintext) zeroize rsa Key Key) key zeroize rsa command zeroizes it. 19 IPsec Triple- -168 bits The IPsec encryption key. This key DRAM Automatically encrypt- DES is created per the Internet Key (plaintext) when IPsec ion key -128, 192, Exchange Key Establishment session AES or 256 bits protocol. terminated. 20 IPsec SHA-1 160-bits The IPsec authentication key. This DRAM Automatically authenticat HMAC key is created per the Internet Key (plaintext) when IPsec ion key Exchange Key Establishment session protocol. terminated. 21 Operator Shared At least The password of the operator. This NVRAM Overwrite with password Secret eight CSP is entered by the (plaintext) new password characters Cryptographic Officer. 22 Enable Shared At least The plaintext password of the CO NVRAM Overwrite with password Secret eight role. This CSP is entered by the (plaintext) new password characters Cryptographic Officer. 23 Enable Shared At least The obfuscated password of the CO NVRAM Overwrite with secret Secret eight role. However, the algorithm used (plaintext) new password characters to obfuscate this password is not FIPS approved. Therefore, this password is considered plaintext for FIPS purposes. This password is zeroized by overwriting it with a new password. The Cryptographic Operator optionally configures the module to obfuscate the Enable password. This CSP is entered by the Cryptographic Officer. 24 RADIUS Shared 16 The RADIUS shared secret. This NVRAM # no radius- secret Secret characters CSP is entered by the (plaintext), server key Cryptographic Officer. DRAM (plaintext) 25 TACACS Shared 16 The TACACS+ shared secret. This NVRAM # no tacacs- + secret Secret characters CSP is entered by the (plaintext), server key Cryptographic Officer. DRAM (plaintext) Page 13 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. CSP  Name  Alg.  Key Size  Description  Storage  Zeroization  26 SSH RSA 2048 – 4096 The SSH (non-compliant) private NVRAM SSH private key Private bits key for the module. RSA key sizes (plaintext) is zeroized by Key 2048 - 4096 bits. either deletion (via # crypto key zeroize rsa) or by overwriting with a new value of the key 27 SSH RSA 2048 – 4096 The SSH (non-compliant) public NVRAM Zeroized upon Public bits key for the module. RSA key sizes (plaintext) deletion. Key 2048 - 4096 bits. 28 SSH Triple- -168 bits The SSH (non-compliant) session DRAM Automatically Session DES key. This key is created through (plaintext) when the SSH Key -128, 192, SSH key establishment. session is AES or 256 bits terminated. 29 GDOI Triple- -168 bits This key is created using the DRAM Automatically Data DES “GROUPKEY-PULL” registration (plaintext) when session Security -128, 192, protocol with GDOI. terminated. Key AES or 256 bits (TEK) 30 GDOI Triple- -168 bits This key is created using the DRAM Automatically Group DES “GROUPKEY-PUSH” registration (plaintext) when session Key -128, 192, protocol with GDOI. terminated. Encrypt- AES or 256 bits ing Key (KEK) 31 TLS RSA 2048-bit Identity certificates for module NVRAM TLS Server Server itself and also used in TLS (non- (plaintext or RSA private key RSA compliant) negotiations. encrypted) is zeroized by private Generated using the “crypto key either deletion key generate rsa” (via # crypto key zeroize rsa) or by overwriting with a new value of the key. 32 TLS RSA 2048-bit Identity certificates for module NVRAM Zeroized upon Server itself and also used in TLS (non- (plaintext or deletion. RSA compliant) negotiations. encrypted) public key Generated using the “crypto key generate rsa” Page 14 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. CSP  Name  Alg.  Key Size  Description  Storage  Zeroization  33 TLS pre- Shared 384-bits Shared secret created using DRAM Automatically master Secret asymmetric cryptography from (plaintext) when TLS secret which new TLS (non-compliant) session session keys can be created. terminated. Created as part of TLS session establishment 34 TLS Triple- Triple-DES This is the TLS (non-compliant) DRAM Automatically Traffic DES/AE (168- session key. Generated using the (plaintext) when TLS Keys S/ bits)/AES TLS protocol. session HMAC (128/192/25 terminated. SHA-1 6- keys bits)/HMAC (160-bits) Table 8: CSP Table Page 15 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The services accessing the CSPs, the type of access – read (r), write (w) and zeroized/delete (d) – and which role accesses the CSPs are listed below. CSP #10 CSP #11 CSP #12 CSP #13 CSP #14 CSP #15 CSP #16 CSP #17 CSP #18 CSP #19 CSP #20 CSP #21 CSP #22 CSP #23 CSP #24 CSP #25 CSP #26 CSP #27 CSP #28 CSP #29 CSP #30 CSP #31 CSP #32 CSP #33 CSP #34 CSP #1 CSP #2 CSP #3 CSP #4 CSP #5 CSP #6 CSP #7 CSP #8 CSP #9 Role/Service User Role r r r r r r r r r r r r r r r r r r r r r r r Network Function Status Function Terminal Function Directory Services CO Role Configure the module Define Rules and Filters Status Functions rrrrrrrrrrrrrr Manage the wwwwwwwwwwwwww module d d d d d d dd dddddddddddddd r r r r r rrrrrrrrrrrrrrr Set w w w w w wwwwwwwwwwwwwww Encryption/ d d d d d ddddddddddd dd Bypass Table 9: Role CSP Access Page 16 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 7 Cryptographic Algorithms 7.1 Approved Cryptographic Algorithms The Cisco ASR 1000 supports many different cryptographic algorithms. However, only FIPS approved algorithms may be used while in the FIPS mode of operation. The following table identifies the approved algorithms included in the ASR 1000 for use in the FIPS mode of operation. Algorithm Supported Mode Cert. #  IOS XE (Route Processor 1) AES CBC (128, 192, 256) 2549 SHS (SHA-1, 256, Byte Oriented 2150 and 512) HMAC SHA-1 Byte Oriented 1570 DRBG CTR (using AES-256) 382 RSA PKCS#1 v.1.5, 1024-4096 bit key 1304 1024-bit keys allowed for signature verification only The following methods are non-approved:  Key Generation: MOD: 1024-bit keys and 1536-bit keys  Signature Generation: 1024-bit keys and 1536-bit keys Triple-DES KO 1, CBC 1543 IOS XE (Route Processor 2) AES CBC (128, 192, 256) 2549 SHS (SHA-1, 256, Byte Oriented 2150 and 512) HMAC SHA-1 Byte Oriented 1570 DRBG CTR (using AES-256) 382 RSA PKCS#1 v.1.5, 1024-4096 bit key 1304 1024-bit keys allowed for signature verification only The following methods are non-approved:  Key Generation: MOD: 1024-bit keys and 1536-bit keys Page 17 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Algorithm Supported Mode Cert. #   Signature Generation: 1024-bit keys and 1536-bit keys Triple-DES KO 1, CBC 1543 Cavium Nitrox CN2420 (Embedded Services Processor (ESP2.5, ESP5)) AES CBC (128, 192, 256) 333 SHS (SHA-1) Byte Oriented 408 HMAC SHA-1 Byte Oriented 137 RNG (ANSI X9.31) Triple-DES (EDE) 154 Triple-DES KO 1, CBC 397 Cavium Nitrox CN2435 (Embedded Services Processor (ESP10)) AES CBC (128, 192, 256) 333 SHS (SHA-1) Byte Oriented 408 HMAC SHA-1 Byte Oriented 137 RNG (ANSI X9.31) Triple-DES (EDE) 154 Triple-DES KO 1, CBC 397 Cavium Nitrox CN2450 (Embedded Services Processor (ESP20)) AES CBC (128, 192, 256) 333 SHS (SHA-1) Byte Oriented 408 HMAC SHA-1 Byte Oriented 137 RNG (ANSI X9.31) Triple-DES (EDE) 154 Triple-DES KO 1, CBC 397 Cavium Nitrox CN2460 (Embedded Services Processor (ESP40)) AES CBC (128, 192, 256) 333 SHS (SHA-1) Byte Oriented 408 HMAC SHA-1 Byte Oriented 137 RNG (ANSI X9.31) Triple-DES (EDE) 154 Triple-DES KO 1, CBC 397 Cavium Octeon II CN6870 (Embedded Services Processor (ESP100)) AES ECB, CBC (128, 192, 256) 2346 SHS (SHA-1, 224, Byte Oriented 2023 256, 384, 512) HMAC SHA-1, 224, Byte Oriented 1455 256, 384, 512 RNG (ANSI X9.31) Triple-DES (EDE), AES (128, 1170 Page 18 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Algorithm Supported Mode Cert. #  192, and 256) Triple-DES KO 1,2 - ECB, CBC 1469 To use the two-key Triple-DES algorithm to encrypt data or wrap keys in an Approved mode of operation, the module operator must ensure that the same two- key Triple-DES key is not used for encrypting data (or wrapping keys) with more than 2^20 plaintext data (or plaintext keys). Table 10: FIPS-Approved Algorithms for use in FIPS Mode 7.2 Non-Approved Algorithms allowed for use in FIPS-mode The ASR 1000 cryptographic module implements the following non-Approved algorithms that are allowed for use in FIPS-mode:  Diffie-Hellman – provides between 112 and 150-bits of encryption strength. Diffie-Hellman with less than 112-bit of security strength is non-compliant and may not be used.  RSA Key Wrapping – provides 112-bits of encryption strength. RSA with less than 112-bit of security strength is non-compliant and may not be used.  Non-approved RNG for seeding the DRBG. 7.3 Non-Approved Algorithms The ASR 1000 cryptographic module implements the following non-Approved algorithms:  ROMMON (Route Processor 1) o SHA-1 (used as the EDC when entering FIPs mode (non-compliant))  ROMMON (Route Processor 2) o SHA-1 (used as the EDC when entering FIPs mode (non-compliant))  ROMMON (Embedded Services Processors – ESP 5/20/20/40/100) o SHA-1 (used as the EDC when entering FIPs mode (non-compliant))  IOS XE (Route Processor 1) o MD5, DES, HMAC MD5, RC4 – May not be used in FIPS mode  IOS XE (Route Processor 2) o MD5, DES, HMAC MD5, RC4 – May not be used in FIPS mode  Nitrox CN2420 (Embedded Services Processor (ESP5)) Page 19 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. o MD5, DES, HMAC MD5, RC4 – May not be used in FIPS mode  Nitrox CN2435 (Embedded Services Processor (ESP10)) o MD5, DES, HMAC MD5, RC4 – May not be used in FIPS mode  Nitrox CN2450 (Embedded Services Processor (ESP20)) o MD5, DES, HMAC MD5, RC4 – May not be used in FIPS mode  Nitrox CN2460 (Embedded Services Processor (ESP40)) o MD5, DES, HMAC MD5, RC4 – May not be used in FIPS mode  Octeon II CN6870 (Embedded Services Processor (ESP100)) o MD5, DES, HMAC MD5, RC4 – May not be used in FIPS mode The modules support the following key establishment schemes1:  SSH (non-compliant) key Establishment  TLS (non-compliant) Key Establishment  Internet Key Exchange Key Establishment (IKEv1) (non-compliant)  GDOI Key Establishment It should be noted that in the case of SSH, TLS, IKE and SNMPv3 Key Derivation Functions (KDFs), as per NIST Implementation Guidance (IG) D.8, scenario 4, these protocols and KDFs are allowed to be used in FIPS mode but are non-compliant. 7.4 Self-Tests The modules include an array of self-tests that are run during startup and periodically during operations to prevent any secure data from being released and to insure all components are functioning correctly. The modules implement the following power-on self-tests:  Route Processor (Integrated, RP1 and RP2) o Known Answer Tests: AES KAT, SHS KAT, HMAC KAT, Triple-DES KAT, DRBG KAT, RSA KAT o Firmware Integrity Test (SHA-256)  Embedded Services Processor (Integrated, ESP5, ESP10, ESP20, ESP40, ESP100) o Known Answer Tests: AES KAT, SHS KAT, HMAC KAT, Triple-DES KAT, RNG KAT, RSA KAT The modules perform all power-on self-tests automatically at boot. All power-on self- tests must be passed before any operator can perform cryptographic services. The power- on self-tests are performed after the cryptographic systems are initialized but prior any 1 In addition to Diffie-Hellman listed above. Page 20 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. other operations; this prevents the module from passing any data during a power-on self- test failure. In addition, the modules also provide the following conditional self-tests:  Route Processor (Integrated, RP1, and RP2) o Continuous Random Number Generator test for the FIPS-approved DRBG o Continuous Random Number Generator test for the non-approved RNG o Pair-Wise Consistency Test for RSA signature keys o Pair-Wise Consistency Test for RSA keys used in key establishment (key transport) o Conditional Bypass Test  Embedded Services Processor (Integrated, ESP5, ESP10, ESP20, ESP40, ESP100) o Continuous Random Number Generator test for the FIPS-approved RNG o Continuous Random Number Generator test for the non-approved RNG o Conditional Bypass Test Page 21 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 8 Physical Security This module is a multi-chip standalone cryptographic module. The FIPS 140-2 level 2 physical security requirements for the modules are met by the use of opacity shields covering the front panels of modules to provide the required opacity and tamper evident seals to provide the required tamper evidence. The following sections illustrate the physical security provided by the module. The module relies upon Tamper Evident Labels and Opacity Shields with the following Cisco part numbers:  ASR1001-FIPS-Kit= (for the ASR 1001)  ASR1002-FIPS-Kit= (for the ASR 1002 and the ASR 1002-X)  ASR1004-FIPS-Kit= (for the ASR 1004)  ASR1006-FIPS-Kit= (for the ASR 1006)  ASR1013-FIPS-Kit= (for the ASR 1013) 8.1 Module Opacity To install an opacity shield on the ASR 1000 routers, follow these steps: 1. The opacity shield is designed to be installed on an ASR 1000 router chassis that is already rack-mounted. If your ASR 1000 router chassis is not rack-mounted, install the chassis in the rack using the procedures contained in the ASR 1000 router Installation Guide. If your ASR 1000 router chassis is already rack- mounted, proceed to step 2. 2. Open the FIPS kit packaging. 3. Open the protective packaging and remove the opacity shield and the two bags of installation hardware. Select the bag of installation hardware appropriate for your installation. Set the second bag of fasteners aside; you will not need them for this installation. 4. Open the bag of installation hardware (Bag with part number 69-1497) and remove the following: Two M4 thumbscrews, four M4 snap rivet fastener sleeves, and four M4 snap rivet pins. Note: Extra snap fasteners are included in the bags of installation hardware in case of loss or damage. Note: Installation hardware from one bag is not interchangeable with the installation hardware from the second bag. Page 22 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The figures in the following section illustrate the installation of the opacity shields for each platform. 8.2 Tamper Evidence The tamper evident seals (hereinafter referred to as tamper evident labels (TEL)) and security devices shall be installed for the module to operate in a FIPS Approved mode of operation. The module is considered to be validated when the tamper evident labels and security devices are installed on the initially built configuration as indicated. Any changes, modifications or repairs performed after the initially built configuration that requires the removal of any TEL will invalidate the module. Once the module has been configured to meet overall FIPS 140-2 Level 2 requirements, the module cannot be accessed without signs of tampering. The CO shall inspect for signs of tampering periodically. If the CO must remove or change TELs (tamper-evidence labels) for any reason, the CO must examine the location from which the TEL was removed and ensure that no residual debris is still remaining on the chassis or card. If residual debris remains, the CO must remove the debris using a damp cloth. To seal the system, CO should apply TELs as depicted in the figures below. Please notice that the TELs applications illustrated in the figures below are only for two supervisor cards and one line card configuration. For the case of two or more line cards in a single configuration, the Crypto Officer should apply the TELs horizontally to cover each port on the line card below the top one to protect against any unauthorized physical attempts. The modules shall require the following number of labels to be affixed: Number of Tamper  Model  Labels Affixed  ASR 1001 8 ASR 1002 10 ASR 1002-X 10 ASR 1004 23 ASR 1006 24 ASR 1013 39 Table 11: TELs Table The following figures illustrate the installation of the TELs for each platform. Page 23 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1001 ‐ TEL Placement and Numbering 1 2 Front  (with  opacity  shield)  3 4 Front  (without  opacity  shield)  Page 24 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1001 ‐ TEL Placement and Numbering 5 6 Top  (with  opacity  shield)  1 7 4 8 Page 25 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1001 ‐ TEL Placement and Numbering 7 1 Left  (with  opacity  shield)  2 8 Right  (with  opacity  shield)  6 5 Back  Page 26 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1001 ‐ TEL Placement and Numbering Bottom  (with  opacity  shield)  3 Figure 1. ASR 1001 TELs Installation Page 27 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1002 ‐ TEL Placement and Numbering 1 2 Front  (with  opacity  shield)  3 4 Front  (without  opacity  shield)  6 5 7 Page 28 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1002 ‐ TEL Placement and Numbering 10 11 Top  (with  opacity  shield)  2 1 3 4 9 8 Page 29 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1002 ‐ TEL Placement and Numbering 1 8 Left  (with  opacity  shield)  2 9 Right  (with  opacity  shield)  Page 30 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1002 ‐ TEL Placement and Numbering Bottom  (with  opacity  shield)  6 5 Back  Figure 2. ASR 1002 TELs Installation Page 31 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1002‐X ‐ TEL Placement and Numbering 1 2 Front  (with  opacity  shield)  3 Front  (without  opacity  shield)  4 5 6 Page 32 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1002‐X ‐ TEL Placement and Numbering 2 7 3 8 1 Top  (with  opacity  shield)  9 10 Page 33 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1002‐X ‐ TEL Placement and Numbering 8 1 Left  (with  opacity  shield)  7 2 Right  (with  opacity  shield)  Page 34 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1002‐X ‐ TEL Placement and Numbering 5 4 Bottom  (with  opacity  shield)  Back  Figure 3. ASR1002X TELs Installation Page 35 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1004 ‐ TEL Placement and Numbering 1 Front  (with  opacity  shield)  2 5 4 6 2 7 8 9 10 Front  (without  opacity  shield)  11 12 13 14 15 Page 36 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1004 ‐ TEL Placement and Numbering 16 1 18 2 17 5 Top  (with  opacity  shield)  Page 37 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1004 ‐ TEL Placement and Numbering 19 18 20 Left  (with  opacity  shield)  21 18 22 Right  (with  opacity  shield)  Page 38 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1004 ‐ TEL Placement and Numbering 11 13 15 2 Bottom  (with  opacity  shield)  Page 39 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1004 ‐ TEL Placement and Numbering 22 23 21 19 20 Back  Figure 4. ASR 1004 TELs Installation VIEW  ASR 1006 ‐ TEL Placement and Numbering 1 Front  (with  opacity  shield)  2 Page 40 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1006 ‐ TEL Placement and Numbering 3 9 4 5 11 6 8 10 7 Front  (without  opacity  shield)  16 17 14 12 13 15 Page 41 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1006 ‐ TEL Placement and Numbering 18 19 Top  (with  opacity  shield)  1 9 21 20 5 Page 42 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1006 ‐ TEL Placement and Numbering 20 Left  (with  opacity  shield)  21 Right  (with  opacity  shield)  Page 43 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1006 ‐ TEL Placement and Numbering 22 23 Bottom  (with  opacity  shield)  14 2 17 Page 44 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1006 ‐ TEL Placement and Numbering 24 19 18 Back  (with  opacity  shield)  23 22 Figure 5. ASR 1006 TELs Installation Page 45 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1013 ‐ TEL Placement and Numbering 1 Front  (with  opacity  shield)  2 Page 46 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1013 ‐ TEL Placement and Numbering 3 4 5 6 7 8 9 10 11 13 14 12 Front  (without  opacity  shield)  21 19 15 17 18 25 23 26 16 20 22 24 27 Page 47 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1013 ‐ TEL Placement and Numbering Top  (with  opacity  shield)  8 28 13 29 Page 48 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1013 ‐ TEL Placement and Numbering 28 Left  (with  opacity  shield)  Page 49 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1013 ‐ TEL Placement and Numbering 29 Right  (with  opacity  shield)  Page 50 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1013 ‐ TEL Placement and Numbering 20 22 26 Bottom  (without  opacity  shield)  Page 51 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. VIEW  ASR 1013 ‐ TEL Placement and Numbering 31 32 30 33 34 Back  36 37 38 39 35 Figure 6. ASR 1013 TELs Installation Page 52 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 9 Secure Operation 9.1 System Initialization and Configuration Step1 - The value of the boot field must be 0x0102. This setting disables break from the console to the ROM monitor and automatically boots. From the “configure terminal” command line, the Crypto Officer enters the following syntax: config-register 0x0102 Step 2 - The Crypto Officer must create the “enable” password for the Crypto Officer role. Procedurally, the password must be at least 8 characters, including at least one letter and at least one number, and is entered when the Crypto Officer first engages the “enable” command. The Crypto Officer enters the following syntax at the “#” prompt: enable secret [PASSWORD] Step 3 - The Crypto Officer must set up the operators of the module. The Crypto Officer enters the following syntax at the “#” prompt: Username [USERNAME] Password [PASSWORD] Step 4 – For the created operators, the Crypto Officer must always assign passwords (of at least 8 characters, including at least one letter and at least one number) to users. Identification and authentication on the console/auxiliary port is required for Users. From the “configure terminal” command line, the Crypto Officer enters the following syntax: line con 0 password [PASSWORD] login local Step 5 - The Crypto Officer may configure the module to use RADIUS or TACACS+ for authentication. Configuring the module to use RADIUS or TACACS+ for authentication is optional. If the module is configured to use RADIUS or TACACS+, the Crypto-Officer must define RADIUS or TACACS+ shared secret keys that are at least 8 characters long, including at least one letter and at least one number. Step 6 - The Crypto Officer must apply tamper evidence labels as described earlier in this document. Step 7 - Dual IOS mode is not allowed. ROMMON variable IOSXE_DUAL_IOS must be set to 0. Page 53 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Step 8 - In service software upgrade (ISSU) is not allowed. The operator should not perform in service software upgrade of an ASR1000 FIPS validated firmware image Step 9 - Use of the debug.conf file is not allowed. The operator should not create the bootflash:/debug.conf file and use it for setting environment variables values. NOTE: The keys and CSPs generated in the cryptographic module during FIPS mode of operation cannot be used when the module transitions to non-FIPS mode and vice versa. While the module transitions from FIPS to non-FIPS mode or from non-FIPS to FIPS mode, all the keys and CSPs are to be zeroized by the Crypto Officer. 9.2 IPsec Requirements and Cryptographic Algorithms Step 1 - The only type of key management that is allowed in FIPS mode is Internet Key Exchange (IKE) (non-compliant). Step 2 - Although the IOS implementation of IKE allows a number of algorithms, only the following algorithms are allowed in a FIPS 140-2 configuration:  ah-sha-hmac  esp-sha-hmac  esp-3des  esp-aes  esp-aes-192  esp-aes-256 Step 3 - The following algorithms shall not be used:  MD-5 for signing  MD-5 HMAC  DES 9.3 Protocols Step 1 - SNMP v3 (non-compliant) over a secure IPsec tunnel may be employed for authenticated, secure SNMP gets and sets. Since SNMP v2C uses community strings for authentication, only gets are allowed under SNMP v2C. Step 2 - Secure DNS is not allowed in FIPS mode of operation and shall not be configured. Page 54 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 9.4 Remote Access SSH (non-compliant) access to the module is allowed in FIPS approved mode of operation, using SSH v2 and a FIPS approved algorithm. TLS communications with the module is allowed in FIPS approved mode. 9.5 Key Strength Key sizes with security strength of less than 112-bits may not be used in FIPS mode. 10 Related Documentation This document deals only with operations and capabilities of the security appliances in the technical terms of a FIPS 140-2 cryptographic device security policy. More information is available on the security appliances from the sources listed in this section and from the following source:  The NIST Cryptographic Module Validation Program website (http://csrc.nist.gov/groups/STM/cmvp/index.html) contains contact information for answers to technical or sales-related questions for the security appliances. 11 Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems. 11.1 Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/techsupport You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml 11.2 Product Documentation DVD Cisco documentation and additional literature are available in the Product Documentation DVD package, which may have shipped with your product. The Product Documentation DVD is updated regularly and may be more current than printed documentation. The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of Page 55 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available. The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD=) from Cisco Marketplace at this URL: http://www.cisco.com/go/marketplace/ 11.3 Ordering Documentation Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL: http://www.cisco.com/go/marketplace/ Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001. 12 Documentation Feedback You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com. You can send comments about Cisco documentation to bug-doc@cisco.com. You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address: Cisco Systems Attn: Customer Document Ordering 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments. 13 Cisco Product Security Overview Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Page 56 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. From this site, you can perform these tasks:  Report security vulnerabilities in Cisco products.  Obtain assistance with security incidents that involve Cisco products.  Register to receive security information from Cisco. A current list of security advisories and notices for Cisco products is available at this URL: http://www.cisco.com/go/psirt If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL: http://tools.cisco.com/security/center/rss.x?i=44 13.1 Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified vulnerability in a Cisco product, contact PSIRT:  Emergencies — security-alert@cisco.com An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.  Nonemergencies — psirt@cisco.com In an emergency, you can also reach PSIRT by telephone:  1 877 228-7302  1 408 525-6532 Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x. Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL: Page 57 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html The link on this page has the current PGP key ID in use. 14 Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller. 14.1 Cisco Technical Support & Documentation Website The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL: http://www.cisco.com/techsupport Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL: http://tools.cisco.com/RPF/register/register.do Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call. 14.2 Submitting a Service Request Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest Page 58 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly. To open a service request by telephone, use one of the following numbers: Asia-Pacific: +61 2 8446 7411 Australia: 1 800 805 227 EMEA: +32 2 704 55 55 USA: 1 800 553-2447 For a complete list of Cisco TAC contacts, go to this URL: http://www.cisco.com/techsupport/contacts 14.3 Definitions of Service Request Severity To ensure that all service requests are reported in a standard format, Cisco has established severity definitions. Severity 1 (S1) – Your network is “down,” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation. Severity 2 (S2) – Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation. Severity 3 (S3) – Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels. Severity 4 (S4) – You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. 15 Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources.  Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go/marketplace/ Page 59 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.  Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL: http://www.ciscopress.com  Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL: http://www.cisco.com/packet  Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/ipj  Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL: http://www.cisco.com/en/US/products/index.html  Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL: http://www.cisco.com/discuss/networking  World-class networking training is available from Cisco. You can view current offerings at this URL: http://www.cisco.com/en/US/learning/index.html Page 60 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 16 Definitions List AES – Advanced Encryption Standard ASR – Aggregation Services Router CMVP – Cryptographic Module Validation Program CSEC – Communications Security Establishment Canada CSP – Critical Security Parameter FIPS – Federal Information Processing Standard HMAC – Hash Message Authentication Code HTTP – Hyper Text Transfer Protocol KAT – Known Answer Test KDF – Key Derivation Function LED – Light Emitting Diode MAC – Message Authentication Code NIST – National Institute of Standards and Technology NVRAM – Non-Volatile Random Access Memory QoS – Quality of Service RAM – Random Access Memory RNG – Random Number Generator RSA – Rivest Shamir and Adleman method for asymmetric encryption SHA – Secure Hash Algorithm TDES – Triple Data Encryption Standard TEL – Tamper Evident Label Page 61 of 61 © Copyright 2013 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.