Carrier Access user manual Broadmore 1750 Release 11-5

Security Management (FIPS Mode)

Security Guidance

User Administration – The Broadmore authenticates users by identification and role-based access privilege levels and maintains an audit trail activity log. Only a SuperUser can assign users and access levels, set the minimum number of characters required for user names and passwords (user ID rules), and clear the system log. The security officer must ensure that all users change their passwords periodically in accordance with local security practice.

(1)It is recommended that passwords be changed at least once every 6 months. Users must be instructed to use a random combination of all the usable characters for passwords.

(2)It is recommended that all users, access privileges, and role assignments be reviewed periodically or whenever a personnel termination, transfer, or role change occurs.

Audit Trails – Audit trails must be enabled for FIPS mode.

The cryptographic module provides a system log and user audit log. The audit log (audit.txt) records user actions while the system log (sys.log) records system events and configuration changes.

A SuperUser has access to pSOS shell commands that can overwrite the system and audit log files. This misuse of shell commands to corrupt the audit trail is strictly prohibited and removes the Broadmore from the evaluated configuration. It is recommended that user audit trails be examined periodically in accordance with local security practice to determine if the Broadmore is being accessed by unauthorized users or during nonstandard hours, or if the configuration is being accessed or altered in an inappropriate manner. For example, every third consecutive attempted login failure produces an entry in the system log.

Decomissioning and Sanitizing – The zeroize command is not intended for normal operational use. It is intended as a security measure (per FIPS 140-2 requirements) to allow a SuperUser to completely remove all security-sensitive data that may be required before decommissioning a CPU. Turning off FIPS mode will erase Critical Security Parameters (CSPs) but does not erase the FIPS validated operating software. For additional information on sanitizing the equipment, see “Residual Data and Memory Volatility” on page 11-50.