14
Cisco 2691 and 3725 Modular Access Routers with AIM-VPN/EP II and Cisco 3745 Modular Access Router with AIM-VPN/HP II FIPS 140-2
OL-6084-01
The Cisco 2691, 3725 and 3745 Routers
·
Terminal Functions--adjust the terminal session (e.g., lock the terminal, adjust flow control)
·
Directory Services--display directory of files kept in flash memory
Physical Security
The router is entirely encased by a thick steel chassis. The rear of the unit provides Network Module
slots, 3 WIC slots, on-board LAN connectors, Console/Auxiliary connectors, Compact Flash slot, the
power cable connection and a power switch. The top portion of the chassis may be removed to allow
access to the motherboard, memory, and expansion slots.
Any NM or WIC slot, which is not populated with a NM or WIC, must be populated with an appropriate
slot cover in order to operate in a FIPS compliant mode. The slot covers are included with each router,
and additional covers may be ordered from Cisco. The same procedure mentioned below to apply tamper
evidence labels for NMs and WICs must also be followed to apply tamper evidence labels for the slot
covers.
Once the router has been configured in to meet FIPS 140-2 Level 2 requirements, the router cannot be
accessed without signs of tampering. To seal the system, apply serialized tamper-evidence labels as
follows:
To apply tamper-evidence labels to the Cisco 2691:
Step 1
Clean the cover of any grease, dirt, or oil before applying the tamper evidence labels. Alcohol-based
cleaning pads are recommended for this purpose. The temperature of the router should be above 10 C.
Step 2
Place the first label on the router as shown in Figure 6. The tamper evidence label should be placed so
that the one half of the tamper evidence label covers the enclosure and the other half covers the right side
of the router. Any attempt to remove the enclosure will leave tamper evidence.
Step 3
Place the second label on the router as shown in Figure 6. The tamper evidence label should be placed
so that the one half of the tamper evidence label covers the enclosure and the other half covers the left
side of the router. Any attempt to remove the enclosure will leave tamper evidence.
Step 4
Place the third label on the router as shown in Figure 6. The tamper evidence label should be placed so
that the one half of the label covers the enclosure and the other half covers the Network Module slot.
Any attempt to remove a Network Module will leave tamper evidence.
Step 5
Place the fourth label on the router as shown in Figure 6. The tamper evidence label should be placed so
that the half of the label covers the enclosure and the other half covers the left WAN interface card slot.
Any attempt to remove a WAN interface card will leave tamper evidence.
Step 6
Place the fifth label on the router as shown in Figure 6. The tamper evidence label should be placed so
that one half of the label covers the enclosure and the other half covers the middle WAN interface card
slot. Any attempt to remove a WAN interface card will leave tamper evidence.
Step 7
Place the sixth label on the router as shown in Figure 6. The tamper evidence label should be placed so
that one half of the label covers the enclosure and the other half covers the right WAN interface card slot.
Any attempt to remove a WAN interface card will leave tamper evidence.
Step 8
Place the seventh label on the router as shown in Figure 6. The tamper evidence label should be placed
so that one half of the label covers the enclosure and the other half covers the Compact Flash slot. Any
attempt to remove a CF card will leave tamper evidence.
Step 9
The labels completely cure within five minutes.