FIPS 140-2 Non-Proprietary Security Policy, Version 0.8
March 17, 2016
Sonus SBC 7000 Session Border Controller
© 2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 26 of 32
7. Configure the network management interface from the BMC GUI and connect the management cables
to the router. Disconnect your PC from the BMC and connect to the IP network that can reach the
management IP address range.
8. Launch the Platform Manager (PM) from the BMC either by clicking the link from the BMC or by typing
the https://<mgtport_ip>:444 in the web browser.
9. Install the SBC 7000 Series application software using the Platform Manager. For stand-alone installation
and configuration guide, see section "Sonus SBC Portfolio 5.0 Documentation Set".
After successful installation, configure the module per the configuration instructions in the "Sonus SBC Portfolio
5.0 Documentation Set" document. Once the network settings are correctly configured for the module, continue
to Section 3.1.3 in this document to configure SBC module for the FIPS-Approved mode.
3.1.3 SBC FIPS-Approved Mode Configuration and Status
During the initial setup of the SBC, as described in section 3.1 above, it is the responsibility of the Crypto Officer
to enable FIPS mode during the SBC initial configuration. To set the FIPS mode to enabled via CLI after logging in,
the CO shall run the set of CLI commands documented in "Sonus SBC Portfolio 5.0 Documentation Set" where it
ends with commands:
a. set system admin <system name> fips-140-2 mode enabled
b. commit
After completion of the above steps the system will reboot. After this reboot, and on all subsequent reboots,
the module is in its FIPS-Approved mode of operation.
At any point of time, the status of the module (i.e. FIPS Mode status) can be viewed on the CLI management
interfaces by performing the following steps:
a. show configuration system admin <systemName> fips-140-2 mode -> "mode enabled"
The status of the module can also be viewed using EMA GUI navigator.
3.2
Crypto Officer Guidance
The Crypto Officer shall receive the module from Sonus via trusted couriers (e.g. United Parcel Service, Federal
Express, and Roadway). On receipt, the Crypto Officer should check the package for any irregular tears or
openings. Prior to use, the Crypto Officer shall perform physical inspection of the unit in accordance with the
procedure described in section 3.1.1 and if there are any signs of damage, the Crypto Officer should immediately
contact Sonus.
The SBC supports multiple Crypto Officers. This role is assigned when the first CO logs into the system using the
default username and password. The CO is required to change the default password as part of initial
configuration. Only the CO can create other operators and configure the SBC module to operate in FIPS-
Approved mode.