User Guide
Page 1
Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Version 0.5 May, 2011 © Copyright 2007 Cisco Systems, Inc. 1 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Version 0.5 May, 2011 © Copyright 2007 Cisco Systems, Inc. 1 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
User Guide
Page 2
... ...20 2.7.1 Self-tests performed by the IOS image 20 3 SECURE OPERATION ...21 3.1 SYSTEM INITIALIZATION AND CONFIGURATION 21 3.2 PROTOCOLS ...22 3.3 REMOTE ACCESS ...22 © Copyright 2011 Cisco Systems, Inc. 2 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents 1 INTRODUCTION...3 1.1 PURPOSE ...3 1.2 MODULE VALIDATION LEVEL...
... ...20 2.7.1 Self-tests performed by the IOS image 20 3 SECURE OPERATION ...21 3.1 SYSTEM INITIALIZATION AND CONFIGURATION 21 3.2 PROTOCOLS ...22 3.3 REMOTE ACCESS ...22 © Copyright 2011 Cisco Systems, Inc. 2 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents 1 INTRODUCTION...3 1.1 PURPOSE ...3 1.2 MODULE VALIDATION LEVEL...
User Guide
Page 3
.... 3 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Security Requirements for the Cisco 7606S and 7609-S Routers with Supervisor SUP720-3B. Area Title 1 Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 3 Roles, Services...at http://csrc.nist.gov/groups/STM/index.html. 1.2 Module Validation Level The following table lists the level of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B. No. 1 Introduction 1.1 Purpose This document is the non-proprietary Cryptographic Module Security Policy...
.... 3 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Security Requirements for the Cisco 7606S and 7609-S Routers with Supervisor SUP720-3B. Area Title 1 Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 3 Roles, Services...at http://csrc.nist.gov/groups/STM/index.html. 1.2 Module Validation Level The following table lists the level of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B. No. 1 Introduction 1.1 Purpose This document is the non-proprietary Cryptographic Module Security Policy...
User Guide
Page 4
...groups/STM/cmvp/validation.html) contains contact information for answers to as additional references This document provides an overview of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B is part of operation. In addition to this document, the Submission Package contains: Vendor... 140-2 Submission Package. Section 3 specifically addresses the required configuration for the module. 1.4 Terminology In this document, the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B and explains the secure configuration and operation of the router. For access to the contacts listed...
...groups/STM/cmvp/validation.html) contains contact information for answers to as additional references This document provides an overview of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B is part of operation. In addition to this document, the Submission Package contains: Vendor... 140-2 Submission Package. Section 3 specifically addresses the required configuration for the module. 1.4 Terminology In this document, the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B and explains the secure configuration and operation of the router. For access to the contacts listed...
User Guide
Page 5
2 Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B The Cisco 7600-S Router is a compact, high-performance router designed in both enterprises and service providers. The following subsections describe the physical characteristics of both the residential and business services markets. Cisco 7606-S Router © Copyright 2011 Cisco Systems, Inc. 5 This document may be freely reproduced and distributed whole...
2 Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B The Cisco 7600-S Router is a compact, high-performance router designed in both enterprises and service providers. The following subsections describe the physical characteristics of both the residential and business services markets. Cisco 7606-S Router © Copyright 2011 Cisco Systems, Inc. 5 This document may be freely reproduced and distributed whole...
User Guide
Page 11
..., Router Authentication key, PPP authentication key, SSH private key N/A r: read, w: write, x: execute, z: zeroize Table 5 - If your Cisco 7606-S chassis is a multi-chip standalone cryptographic module. The FIPS 140-2 level 2 physical security requirements for securing and having control at all times of...The following sections illustrate the physical security provided by the use of opacity shields covering the front panels of operation. Model 7606-S 7609-S Tamper Evident Labels Opacity Shields 20 1 15 N/A 2.4.1 Module Opacity Table 6 - The tamper evident labels and opacity ...
..., Router Authentication key, PPP authentication key, SSH private key N/A r: read, w: write, x: execute, z: zeroize Table 5 - If your Cisco 7606-S chassis is a multi-chip standalone cryptographic module. The FIPS 140-2 level 2 physical security requirements for securing and having control at all times of...The following sections illustrate the physical security provided by the use of opacity shields covering the front panels of operation. Model 7606-S 7609-S Tamper Evident Labels Opacity Shields 20 1 15 N/A 2.4.1 Module Opacity Table 6 - The tamper evident labels and opacity ...
User Guide
Page 12
... too far into the opacity shield. • Open the envelope containing the disposable ESD wrist strap. Refer to Figure 5 for the Cisco 7606-S router (part number 800-26211). The kit contains the following items: • An opacity shield assembly for snap rivet fastener placement.... the corresponding threaded holes in the opacity shield (see Figure 5); Open the FIPS kit packaging (part number CVPN7600FIPS/KIT=). Proceed to your Cisco 7606-S chassis is already rack-mounted, proceed to step 4. Note: Verify that aligns correctly with 30 FIPS tamper evidence labels and a disposable ...
... too far into the opacity shield. • Open the envelope containing the disposable ESD wrist strap. Refer to Figure 5 for the Cisco 7606-S router (part number 800-26211). The kit contains the following items: • An opacity shield assembly for snap rivet fastener placement.... the corresponding threaded holes in the opacity shield (see Figure 5); Open the FIPS kit packaging (part number CVPN7600FIPS/KIT=). Proceed to your Cisco 7606-S chassis is already rack-mounted, proceed to step 4. Note: Verify that aligns correctly with 30 FIPS tamper evidence labels and a disposable ...
User Guide
Page 13
...shield installed, the chassis is especially dusty, inspect and replace the opacity shield more often. Installing the Opacity Shield on the Cisco 7606-S Router The 7609-S does not require any opacity shields. 2.4.2 Tamper Evidence Once the module has been configured to meet the short-term operations ...impacted. The CO shall inspect for FIPS 140-2 validation, short-term operation as depicted in the figures below. © Copyright 2011 Cisco Systems, Inc. 13 This document may be accessed without signs of the rack. To seal the system, apply serialized tamper-evidence labels...
...shield installed, the chassis is especially dusty, inspect and replace the opacity shield more often. Installing the Opacity Shield on the Cisco 7606-S Router The 7609-S does not require any opacity shields. 2.4.2 Tamper Evidence Once the module has been configured to meet the short-term operations ...impacted. The CO shall inspect for FIPS 140-2 validation, short-term operation as depicted in the figures below. © Copyright 2011 Cisco Systems, Inc. 13 This document may be accessed without signs of the rack. To seal the system, apply serialized tamper-evidence labels...
User Guide
Page 15
TEL placement for 7606-S © Copyright 2011 Cisco Systems, Inc. 15 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 16-17 18-20 Figure 5 -
TEL placement for 7606-S © Copyright 2011 Cisco Systems, Inc. 15 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 16-17 18-20 Figure 5 -