Carrier Access user manual Broadmore 1750 Release 11-3

Security Management (FIPS Mode)

Security Guidance

Additional security-relevant features include:

Enable/disable SNMP and ICMP messages

SNMPv3 USM/VACM

Log-in Banner for special user instructions

Security Guidance

Receipt and Inspection – Broadmore components containing FIPS 140-2 validated software are packaged and sealed at the factory with tamper-proof security tape. Upon receipt, carefully examine the security sealing tapes on the shipping containers for any signs of tampering. (See “Receipt” on page 3-2.)

Security – Broadmore components containing FIPS 140-2 validated software (CPU modules, memory modules, and storage media) should be handled in accordance with applicable security procedures.

Initial Login – The Broadmore is shipped with a default username and password for logging in the first time. A SuperUser (Crypto Officer) should log in the first time to configure the Broadmore for secure operation.

For maximum security, perform the following steps:

(1)configure IP access (via ethernet, LANE, or CIP)

(2)install security keys

(3)create a temporary SuperUser account

(4)delete the public SYSADMIN account

(5)enable FIPS mode and reboot the system

(6)after logging in securely, you can safely create user accounts and configure the Broadmore for secure operation.

Security Modes – The Broadmore is shipped with security turned off. Only a SuperUser can change the FIPS and SecurID modes (see “Changing Security Modes” on page 11-17).