Enterasys Networks XSR-1805, XSR-1850, XSR-3250 manual Purpose, References, Document Organization

Page 3

Introduction

Purpose

This document is a nonproprietary Cryptographic Module Security Policy for the Enterasys Networks XSR-1805, XSR-1850, and XSR-3250 appliances. This security policy describes how the XSR-1805, XSR-1850, and XSR-3250 meet the security requirements of FIPS 140-2 and how to run the modules in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module.

FIPS 140-2 (Federal Information Processing Standards Publication 140-2

Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST Web site at http://csrc.nist.gov/cryptval/.

The Enterasys Networks XSR-1805, XSR-1850, and XSR-3250 appliances are referenced in this document as X-Pedition Security Routers, XSR modules, and the modules. The XSR-1805 and XSR-1850 modules are also referenced as the XSR-18xx modules. The differences between the three modules are cited where appropriate.

References

This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:

The Enterasys Networks Web site (http://www.enterasys.com/) contains information on all Enterasys Networks products.

The NIST Validated Modules Web site (http://csrc.ncsl.nist.gov/cryptval/) contains contact information for answers to technical or sales-related questions for the module.

Document Organization

The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:

Vendor Evidence document

Finite State Machine

Other supporting documentation as additional references

© Copyright 2003 Enterasys Networks Page 3 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 2 Page 4
Image 3
Page 2 Page 4
Contents Fips 140-2 Non-Proprietary Security Policy Table of Contents Copyright 2003 Enterasys Networks Page 3 PurposeReferences Document OrganizationCopyright 2003 Enterasys Networks Page 4 Copyright 2003 Enterasys Networks Page 5 OverviewCryptographic Module Copyright 2003 Enterasys Networks Page 7 Copyright 2003 Enterasys Networks Page 8 Module InterfacesEMI/EMC Self-tests Design Assurance Mitigation of Other AttacksCopyright 2003 Enterasys Networks Page 9 Copyright 2003 Enterasys Networks Page 10 Module Physical Ports Fips 140-2 Logical InterfaceCopyright 2003 Enterasys Networks Page 11 Roles and ServicesSnmp SSHVPN Authenticate to the module during IKE. This IKECopyright 2003 Enterasys Networks Page 14 Mechanism is as strong as the RSA Algorithm using a 1024 bit key pairPhysical Security Operational EnvironmentCryptographic Key Management Fips 186-2 Prng Copyright 2003 Enterasys Networks Page 18 Copyright 2003 Enterasys Networks Page 19 Copyright 2003 Enterasys Networks Page 20 Self-TestsDesign Assurance Mitigation of Other AttacksCopyright 2003 Enterasys Networks Page 21 Copyright 2003 Enterasys Networks Page 22 Crypto Officer GuidanceCopyright 2003 Enterasys Networks Page 23 Enter copy running-config startup-configCopyright 2003 Enterasys Networks Page 24 User GuidanceCopyright 2003 Enterasys Networks Page 25 XSR
Top Page Image Contents