Security Management (FIPS Mode)
Authentication and Identification
Authentication and Identification
The cryptographic module supports distinct operator roles and enforces the separation of these roles using
The SecurID option has no effect on FIPS
A username and password are always required to log in, whether or not SecurID is enabled. The mandatory username is an alphanumeric string of characters whose minimum length can be set by the Security Officer. The password is a string of characters from the 94 printable and
Passwords be changed at least once every 6 months and that users be instructed to use a random combination of all the usable characters for passwords.
Upon successful authentication, the role and privilege level are selected based on the identity (username) of the operator. At the end of a session, the operator should log off, though the user is automatically logged off after a configurable period of inactivity.
Role | Privilege Level | Authorized Functions |
User | Browser | User is able to look at most all data plane information but is not able to |
|
| affect anything. To protect security data, no file access is permitted. |
|
| This role cannot access the security settings. |
|
|
|
| Operations | User is able to perform data plane configurations, such as defining |
|
| PVCs, SVCs, configuring service card parameters. To protect security |
|
| data, no file access is permitted under this privilege level. This role |
|
| cannot access the security settings. |
|
|
|
| SysAdmin | User is able to perform global configuration operations such as |
|
| redundancy. To protect security data, no file access is permitted. This |
|
| role cannot access the security settings. |
|
|
|
Crypto | SuperUser | This role is required to manage system accounts, use SFTP, and alter |
Officer |
| security settings. Only users at this privilege level may turn FIPS |
|
| mode on or off. |
|
|
|
Broadmore 1750 - Release 4.6 |
