Non-Proprietary Security Policy, Version 1.0 | June 15, 2007 |
1.7.3Key Storage
The RSA public/private key pair and Integrity Check Key are stored in the modules’ flash drives in plaintext form. The Session Key, IP Encryption Key, ISDN Encryption Key, DH public/private key pair, and PRNG seed are held in volatile memory in plaintext.
1.7.4Key Zeroization
The RSA key pair is zeroized by overwriting the flash image. The Session Key, IP Encryption Key, ISDN Encryption Key, Diffie-Hellman (DH) private/public key pair and PRNG seed are available only temporarily in volatile memory during video calls. These ephemeral keys and CSP are zeroized after the session is closed or whenever power is cycled.
1.8 Self-Tests
The VSX 3000, VSX 5000, and VSX 7000s perform the following self-tests at power-up:
∙Software integrity check using a DSA signature verification
∙Known Answer Tests (KATs)
oAES Known Answer Test (KAT) o Triple-DES KAT
o RSA pairwise consistency check
o FIPS 186-2 Appendix 3.1 PRNG KAT
The cryptographic modules also perform the following conditional self-tests:
∙Continuous RNG for FIPS 186-2 PRNG
∙Continuous RNG for non-approved RNG for entropy gathering
If any of the power-up self-test fails, the modules log the failure, and notification is provided to Crypto Officers through serial traces. Security relevant module functionality is not provided until all self-tests are passed. In case a self-test fails, the logged trace indicates which self-test failed, and the modules display a warning message indicating the required reboot for the system. Since these messages are not available through the Secure Telnet interface before all self-tests have passed, the messages are echoed to any connected monitor screen.
1.9 Design Assurance
Polycom uses automated Configuration Management (CM) of their source code modules, organizing source code into separate version-controlled depots. Polycom uses Accurev’s TimeSafe® Configuration Management System to perform automated source code control. Additionally, Microsoft Visual Source Safe (VSS) version 6.0 is used to provide configuration management for the module’s FIPS documentation. This CM software and Polycom’s process provides access control, versioning, and logging for all module source code and documentation.
Polycom VSX 3000, VSX 5000, and VSX 7000s | Page 19 of 23 |
© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
