![9.Crypto Officer Guidance](/images/new-backgrounds/124175/12417531x1.webp)
MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
B.Conditional
a.Continuous Random Number Generator (RNG) test on
b.Firmware load test – RSA signature verification of externally loaded code.
c.Alternating bypass tests – when enabling FRF.17 and IPsec encryption.
d.
e.Manual key entry test
4.At any time the MNR S2500 router is in an idle state, the operator can command the router to perform the
5.Data output is inhibited during key generation,
6.Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module.
7.The operator shall not modify any IPsec selector lists.
9.Crypto Officer Guidance
On initial installation, perform the following steps:
1.Power on the module and verify successful completion of
2.Authenticate to the module using the default user acting as the Crypto Officer with the default password and username.
3.Verify that the Hardware and Firmware P/Ns and version numbers of the module are the FIPS approved versions.
4.Change the Network Manager (Crypto Officer) and User passwords using the SysPassWord command.
5.Initialize the Key Encryption Key (KEK) with the KEKGenerate command. Account passwords and certain keys are persistent across reboots and are encrypted with the Key Encryption Key (KEK). This key can be reinitialized at any time.
The module supports a minimum password length of 7 characters and a maximum length of 15 characters. The Crypto Officer controls the minimum password length through the PwMinLength parameter:
SETDefault
Before entering or exiting the Maintenance Role or
Page 16