Cisco Systems 7206VXR NPE-400 manual Obtaining Documentation, Protocols, Remote Access, Cisco.com

Page 17

Obtaining Documentation

If the Crypto Officer loads any IOS image onto the router, this will put the router into a non-FIPS mode of operation.

IPSec Requirements and Cryptographic Algorithms

There are two types of key management method that are allowed in FIPS mode: Internet Key Exchange (IKE) and IPSec manually entered keys.

Although the IOS implementation of IKE allows a number of algorithms, only the following algorithms are allowed in a FIPS 140-2 configuration:

ah-sha-hmac

esp-des

esp-sha-hmac

esp-3des

esp-aes

The following algorithms are not FIPS approved and should be disabled:

MD-4 and MD-5 for signing

MD-5 HMAC

Protocols

All SNMP operations must be performed within a secure IPSec tunnel.

Remote Access

Telnet access to the module is only allowed via a secure IPSec tunnel between the remote system and the module. The Crypto Officer must configure the module so that any remote connections via telnet are secured through IPSec.

SSH access to the module is only allowed if SSH is configured to use a FIPS-approved algorithm. The Crypto Officer must configure the module so that SSH uses only FIPS-approved algorithms.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM

 

OL-3959-01

17

 

 

 

Page 16 Page 18
Image 17
Page 16 Page 18
Contents Introduction Overview Fips 140-2 Submission PackageModule Interfaces Cryptographic ModuleIndication Description IO Power OKBoot EnableError LED Label Color State FunctionRouter Physical Interface Fips 140-2 Logical Interface Roles and ServicesUser Role Crypto Officer RolePhysical Security Cryptographic Key Management Cryptographic Key ManagementCSP Name Description Storage CSP15 CSP14CSP16 CSP17CSP26 CSP25CSP27 CSP28Role and Service Access to CSPs Cryptographic Key Management Key Zeroization Self-TestsDES KAT Tdes KAT AES KAT SHA-1 KAT Prng KAT HMAC-SHA-1 KATSecure Operation Initial SetupSystem Initialization and Configuration Obtaining Documentation Remote AccessIPSec Requirements and Cryptographic Algorithms ProtocolsOrdering Documentation Documentation FeedbackObtaining Technical Assistance Cisco Technical Support Website Submitting a Service RequestDefinitions of Service Request Severity Obtaining Additional Publications and Information Obtaining Additional Publications and Information OL-3959-01
Top Page Image Contents