Cisco 2620 User Guide - Page 17

Self-tests performed by the AIM-VPN/EP (cryptographic accelerator): - network modules

Get Cisco 2620 PDF manuals and user guides
UPC - 746320181783
View all Cisco 2620 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

Secure Operation of the Cisco 2621XM/2651XM Router • Conditional tests - Conditional bypass test - Pairwise consistency test on RSA signature - Continuous random number generator tests Self-tests performed by the AIM-VPN/EP (cryptographic accelerator): • Power-up tests - Firmware integrity test - DES KAT - TDES KAT - SHA-1 KAT • Conditional tests - Continuous random number generator test Secure Operation of the Cisco 2621XM/2651XM Router The Cisco 2621XM and 2651XM Modular Access Routers with AIM-VPN/EP meet all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided below to place the module in FIPS mode. Operating this router without maintaining the following settings will remove the module from the FIPS approved mode of operation. Initial Setup • The Crypto Officer must ensure that the AIM-VPN/EP cryptographic accelerator card is installed in the module by opening the chassis and visually confirming the presence of the AIM-VPN/EP. Please refer to the Cisco publication Installing Advanced Integration Modules in Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers for detailed instructions on chassis disassembly and reassembly, and AIM-VPN/EP identification. This document may be accessed on the web at: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/hw_inst/aim_inst/aims _ins.pdf • The Crypto Officer must apply tamper evidence labels as described in the "Physical Security" section of this document. • Only a Crypto Officer may add and remove Network Modules. When removing the tamper evidence label, the Crypto Officer should remove the entire label from the router and clean the cover of any grease, dirt, or oil with an alcohol-based cleaning pad. The Crypto Officer must re-apply tamper evidence labels on the router as described in the "Physical Security" section of this document. • Only a Crypto Officer may add and remove WAN Interface Cards. When removing the tamper evidence label, the Crypto Officer should remove the entire label from the router and clean the cover of any grease, dirt, or oil with an alcohol-based cleaning pad. The Crypto Officer must re-apply tamper evidence labels on the router as described in the "Physical Security" section of this document. Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
17
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
OL-6262-01
Secure Operation of the Cisco 2621XM/2651XM Router
Conditional tests
Conditional bypass test
Pairwise consistency test on RSA signature
Continuous random number generator tests
Self-tests performed by the AIM-VPN/EP (cryptographic accelerator):
Power-up tests
Firmware integrity test
DES KAT
TDES KAT
SHA-1 KAT
Conditional tests
Continuous random number generator test
Secure Operation of the Cisco 2621XM/2651XM Router
The Cisco 2621XM and 2651XM Modular Access Routers with AIM-VPN/EP meet all the Level 2
requirements for FIPS 140-2.
Follow the setting instructions provided below to place the module in FIPS
mode.
Operating this router without maintaining the following settings will remove the module from
the FIPS approved mode of operation.
Initial Setup
The Crypto Officer must ensure that the AIM-VPN/EP cryptographic accelerator card is installed in
the module by opening the chassis and visually confirming the presence of the AIM-VPN/EP.
Please
refer to the Cisco publication Installing Advanced Integration Modules in Cisco 2600 Series, Cisco
3600 Series, and Cisco 3700 Series Routers for detailed instructions on chassis disassembly and
reassembly, and AIM-VPN/EP identification. This document may be accessed on the web at:
_ins.pdf
The Crypto Officer must apply tamper evidence labels as described in the
“Physical Security”
section of this document.
Only a Crypto Officer may add and remove Network Modules. When removing the tamper evidence
label, the Crypto Officer should remove the entire label from the router and clean the cover of any
grease, dirt, or oil with an alcohol-based cleaning pad. The Crypto Officer must re-apply tamper
evidence labels on the router as described in the
“Physical Security”
section of this document.
Only a Crypto Officer may add and remove WAN Interface Cards. When removing the tamper
evidence label, the Crypto Officer should remove the entire label from the router and clean the cover
of any grease, dirt, or oil with an alcohol-based cleaning pad. The Crypto Officer must re-apply
tamper evidence labels on the router as described in the
“Physical Security”
section of this
document.