Roles and Services, Crypto-Officer Role, User Role

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

1.4 Roles and Services

The modules support two authorized roles (as required by FIPS 140-2) that operators may assume: a Crypto Officer role and User role.

1.4.1Crypto-Officer Role

The Crypto-Officer (CO) installs and uninstalls the cryptographic module. Also, the CO is responsible for monitoring and configuring the modules and call settings.

The Crypto-Officer can manage the VSX modules over a Transport Layer Security (TLS) v1 session through a web interface. Through this interface, the Crypto-Officer is able to configure the device and setup a call, change secure mode of operation, monitor current status and perform virtually all of the management of the module. Configuration of the modules and viewing of status can be performed with a Command Line Interface (CLI) over the local serial port or remotely via Telnet over TLS. All the management and configuration capabilities are available via the VSX’s web interface are also available via secure telnet over TLS. The telnet interface includes additional debug commands that are not available over the web. The Crypto-Officer has access to the following services:

Table 7 - Mapping of Crypto-Officer’s Services to Inputs, Outputs, Critical Security Parameters (CSPs), and Access

Control

Service	Description	Input	Output	CSP and Access Control
Install	Assemble the systems	Command	Result of installation	None
	and setup network
	configurations
Uninstall	Disassemble the VSX	Command	Uninstalled module	None
	system
Run Self-Test	Perform the self-test	Command	Status output	None
	on demand
Room monitoring	Monitor meeting	Command	Status output	x.509 certificate – Read
	rooms in or out of a			Session key –Read/Write
	call using the Web			CO password – Read
	Director feature in
	VSX Web.
Remote diagnostics	Identify and correct	Command	Status output	x.509 certificate – Read
	issues that affect the			Session key –Read/Write
	user’s experience via			CO password – Read
	VSX Web interface.
Call Detail Reports	Access the system’s	Command	Modules’ settings and	x.509 certificate – Read
	call history using local		status output	Session key –Read/Write
	or remote management			CO password – Read
	interface.
System configuration	Run the system setup	Command	Modules’ settings and	x.509 certificate – Read
	wizard locally or		status output	Session key –Read/Write
	remotely to get the			CO password – Read
	system up and running.

1.4.2User Role

Users access teleconferencing services via the LAN port (for IP calls) or the Network Interface Bay port (ISDN calls). Services provided for Users are given below in Table 8.

Table 8 - Mapping of User’s Services to Inputs, Outputs, CSPs, and Access Control

Service

Description

Input

Output

CSP and Access Control

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 16 of 23

Polycom VSX 3000, VSX 5000, VSX 7000s manual Roles and Services, Crypto-Officer Role, User Role

Models: VSX 5000

1.4 Roles and Services

1.4.1Crypto-Officer Role

1.4.2User Role