Cisco 7609-S User Guide - Page 21

Secure Operation - show commands

Get Cisco 7609-S PDF manuals and user guides View all Cisco 7609-S manuals
Add to My Manuals
Save this manual to your list of manuals

Page 21 highlights

ƒ DRBG Known Answer Test ƒ HMAC-SHA-1 Known Answer Test ƒ SHA-1/256/512 Known Answer Test ƒ Triple-DES Known Answer Test o Conditional tests ƒ Pairwise consistency test for RSA signature keys ƒ Continuous random number generation test for approved and non- approved RNGs 3 Secure Operation The module meets all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided below to place the module in FIPS-approved mode. Operating this router without maintaining the following settings will remove the module from the FIPS approved mode of operation. 3.1 System Initialization and Configuration 1. The Crypto Officer must perform the initial configuration. IOS version 15.1(2)S, filename: c7600s72033-adventerprisek9-mz.151-2.S.bin is the only allowable image; no other image should be loaded. 2. The value of the boot field must be 0x0102. This setting disables break from the console to the ROM monitor and automatically boots the IOS image. From the "configure terminal" command line, the Crypto Officer enters the following syntax: config-register 0x0102 3. The Crypto Officer must create the "enable" password for the Crypto Officer role. The password must be at least 8 characters (all digits; all lower and upper case letters; and all special characters except '?' are accepted) and is entered when the Crypto Officer first engages the "enable" command. The Crypto Officer enters the following syntax at the "#" prompt: enable secret [PASSWORD] 4. The Crypto Officer must always assign passwords (of at least 8 characters) to users. Identification and authentication on the console port is required for Users. From the "configure terminal" command line, the Crypto Officer enters the following syntax: line con 0 password [PASSWORD] login local 5. The Crypto Officer shall only assign users to a privilege level 1 (the default). 6. The Crypto Officer shall not assign a command to any privilege level other than its default. © Copyright 2011 Cisco Systems, Inc. 21 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
© Copyright 2011 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
21
±
DRBG Known Answer Test
±
HMAC-SHA-1 Known Answer Test
±
SHA-1/256/512 Known Answer Test
±
Triple-DES Known Answer Test
o
Conditional tests
±
Pairwise consistency test for RSA signature keys
±
Continuous random number generation test for approved and non-
approved RNGs
3
Secure Operation
The module meets all the Level 2 requirements for FIPS 140-2.
Follow the setting instructions
provided below to place the module in FIPS-approved mode. Operating this router without
maintaining the following settings will remove the module from the FIPS approved mode of
operation.
3.1
System Initialization and Configuration
1.
The Crypto Officer must perform the initial configuration. IOS version 15.1(2)S,
filename: c7600s72033-adventerprisek9-mz.151-2.S.bin is the only allowable image; no
other image should be loaded.
2.
The value of the boot field must be 0x0102. This setting disables break from the console
to the ROM monitor and automatically boots the IOS image. From the “configure
terminal” command line, the Crypto Officer enters the following syntax:
config-register 0x0102
3.
The Crypto Officer must create the “enable” password for the Crypto Officer role. The
password must be at least 8 characters (all digits; all lower and upper case letters; and all
special characters except ‘?’ are accepted) and is entered when the Crypto Officer first
engages the “enable” command. The Crypto Officer enters the following syntax at the
“#” prompt:
enable secret [PASSWORD]
4.
The Crypto Officer must always assign passwords (of at least 8 characters) to users.
Identification and authentication on the console port is required for Users. From the
“configure terminal” command line, the Crypto Officer enters the following syntax:
line con 0
password [PASSWORD]
login local
5.
The Crypto Officer shall only assign users to a privilege level 1 (the default).
6.
The Crypto Officer shall not assign a command to any privilege level other than its
default.