Cisco 2651 Manuel de l'utilisateur - Page 42

Parcourez en ligne ou téléchargez le pdf Manuel de l'utilisateur pour {nom_de_la_catégorie} Cisco 2651. Cisco 2651 48 pages. Non-proprietary security policy

Cisco 2651 Manuel de l'utilisateur
Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
Key Zeroization
All the keys and CSPs of the module can be zeroized. Please refer to the Description column of
for information on methods to zeroize each key and CSP.

Self-Tests

In order to prevent any secure data from being released, it is important to test the cryptographic
components of a security module to insure all components are functioning correctly. The router includes
an array of self-tests that are run during startup and periodically during operations. If any of the self-tests
fail, the router transitions into an error state. Within the error state, all secure data transmission is halted
and the router outputs status information indicating the failure.
Self-tests performed by the IOS image:
Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691,
3725, 3745, and 7206 VXR NPE-400 Routers
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Modular Access
Routers meet all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided
below to place the module in FIPS mode. Operating these routers without maintaining the following
settings will remove the module from the FIPS approved mode of operation.
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
42
Power-up tests:
Firmware integrity test
RSA signature KAT (both signature and verification)
DES KAT
TDES KAT
AES KAT
SHA-1 KAT
PRNG KAT
Power-up bypass test
Diffie-Hellman self-test
HMAC-SHA-1 KAT
Conditional tests:
Conditional bypass test
Pairwise consistency test on RSA signature
Continuous random number generator tests
Table 18
OL-6083-01