Cryptographic Key Management

Table 2

Critical Security Parameters (Continued)

 

 

 

 

 

#

CSP Name

Description

Storage

 

 

 

 

25

CSP25

This key is used by the router to authenticate

NVRAM

 

 

itself to the peer. The key is identical to #22

(plaintext)

 

 

except that it is retrieved from the local

 

 

 

database (on the router itself). Issuing the no

 

 

 

username password command zeroizes the

 

 

 

password (that is used as this key) from the

 

 

 

local database.

 

 

 

 

 

26

CSP26

This is the SSH session key. It is zeroized

DRAM

 

 

when the SSH session is terminated.

(plaintext)

 

 

 

 

27

CSP27

The password of the User role. This

NVRAM

 

 

password is zeroized by overwriting it with a

(plaintext)

 

 

new password.

 

 

 

 

 

28

CSP28

The plaintext password of the Crypto Officer

NVRAM

 

 

role. This password is zeroized by

(plaintext)

 

 

overwriting it with a new password.

 

 

 

 

 

29

CSP29

The ciphertext password of the Crypto

NVRAM

 

 

Officer role. However, the algorithm used to

(plaintext)

 

 

encrypt this password is not FIPS approved.

 

 

 

Therefore, this password is considered

 

 

 

plaintext for FIPS purposes. This password

 

 

 

is zeroized by overwriting it with a new

 

 

 

password.

 

 

 

 

 

30

CSP30

The RADIUS shared secret. This shared

DRAM

 

 

secret is zeroized by executing the “no” form

(plaintext),

 

 

of the RADIUS shared secret set command.

NVRAM

 

 

 

(plaintext)

 

 

 

 

31

CSP31

The TACACS+ shared secret. This shared

DRAM

 

 

secret is zeroized by executing the “no” form

(plaintext),

 

 

of the TACACS+ shared secret set command.

NVRAM

 

 

 

(plaintext)

 

 

 

 

The services accessing the CSPs, the type of access and which role accesses the CSPs are listed in the Figure 6.

FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM

12

OL-3959-01

 

 

Page 12
Image 12
Cisco Systems 7206VXR NPE-400 manual CSP25, CSP26, CSP27, CSP28, CSP29, CSP30, CSP31