Physical Security

Physical Security

The router is encased in a steel chassis. The front of the router includes six port adapter slots. The rear of the router includes on-board LAN connectors, PC Card slots, and Console/Auxiliary connectors, power cable connection, a power switch, and access to the Network Processing Engine.

Any port adapter slot not populated with a port adapter must be populated with a slot cover (blank port adapter) to operate in FIPS compliant mode. Slot covers are included with each router; additional covers may be ordered from Cisco. You apply the same procedure for labeling port adapters covers as for the port adapters.

Once the router has been configured to meet FIPS 140-2 Level 2 requirements, the router cannot be accessed without signs of tampering. The word ‘Open’ may appear on the label if it was peeled away from the surface of the module. The Crypto Officer should be instructed to record serial numbers, and to inspect for signs of tampering or changed numbers periodically.

To seal the system, apply serialized tamper-evidence labels as described below, and as shown in Figure 4 and Figure 5:

Step 1 Clean the cover of any grease, dirt, or oil before applying the tamper evidence labels. Alcohol-based cleaning pads are recommended for this purpose. The ambient air must be above 10C, otherwise the labels may not properly cure.

Step 2 The tamper evidence label should be placed so that the one half of the label covers the enclosure and the other half covers the 7206 VXR NPE-400 Input/Output Controller.

Step 3 The tamper evidence label should be placed over the Flash PC Card slots on the Input/Output Controller.

Step 4 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 1.

Step 5 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 2.

Step 6 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 3.

Step 7 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 4.

Step 8 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 5.

Step 9 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 6.

Step 10 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the network processing engine.

Step 11 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the power supply plate.

Step 12 The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the redundant power supply plate.

Step 13 Allow the labels to cure for five minutes.

FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM

8

OL-3959-01

 

 

Page 7 Page 9
Page 8
Image 8
Cisco Systems 7206VXR NPE-400 manual Physical Security
Page 7 Page 9
Top Page Image Contents