Cisco 7609-S User Guide - Page 22

7. The Crypto Officer may configure the module to use RADIUS or TACACS+ for authentication. Configuring the module to use RADIUS or TACACS+ for authentication is optional. RADIUS and TACACS+ shared secret key sizes must be at least 8 characters long. 8. Loading any IOS image onto the router is not allowed while in FIPS mode of operation. 3.2 Protocols 1. SNMPv3 is allowed in FIPS mode of operation. SNMPv3 uses FIPS approved cryptographic algorithms however from a FIPS perspective SNMPv3 is considered to be a plaintext session since the key derivation used as by SNMPv3 is not FIPS compliant. 3.3 Remote Access 1. SSH access to the module is only allowed if SSH is configured to use a FIPS-approved algorithm. The Crypto officer must configure the module so that SSH uses only FIPSapproved algorithms. Note that all users must still authenticate after remote access is granted. © Copyright 2011 Cisco Systems, Inc. 22 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.