Cisco 7609-S User Guide - Page 21
Secure Operation - show commands
View all Cisco 7609-S manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 21 highlights
DRBG Known Answer Test HMAC-SHA-1 Known Answer Test SHA-1/256/512 Known Answer Test Triple-DES Known Answer Test o Conditional tests Pairwise consistency test for RSA signature keys Continuous random number generation test for approved and non- approved RNGs 3 Secure Operation The module meets all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided below to place the module in FIPS-approved mode. Operating this router without maintaining the following settings will remove the module from the FIPS approved mode of operation. 3.1 System Initialization and Configuration 1. The Crypto Officer must perform the initial configuration. IOS version 15.1(2)S, filename: c7600s72033-adventerprisek9-mz.151-2.S.bin is the only allowable image; no other image should be loaded. 2. The value of the boot field must be 0x0102. This setting disables break from the console to the ROM monitor and automatically boots the IOS image. From the "configure terminal" command line, the Crypto Officer enters the following syntax: config-register 0x0102 3. The Crypto Officer must create the "enable" password for the Crypto Officer role. The password must be at least 8 characters (all digits; all lower and upper case letters; and all special characters except '?' are accepted) and is entered when the Crypto Officer first engages the "enable" command. The Crypto Officer enters the following syntax at the "#" prompt: enable secret [PASSWORD] 4. The Crypto Officer must always assign passwords (of at least 8 characters) to users. Identification and authentication on the console port is required for Users. From the "configure terminal" command line, the Crypto Officer enters the following syntax: line con 0 password [PASSWORD] login local 5. The Crypto Officer shall only assign users to a privilege level 1 (the default). 6. The Crypto Officer shall not assign a command to any privilege level other than its default. © Copyright 2011 Cisco Systems, Inc. 21 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.