Cisco 2621XM 사용자 설명서 - 페이지 42
{카테고리_이름} Cisco 2621XM에 대한 사용자 설명서을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 2621XM 48 페이지. Non-proprietary security policy
Cisco 2621XM에 대해서도 마찬가지입니다: 운영 (25 페이지), 사용자 설명서 (20 페이지)
페이지 인쇄
Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
Key Zeroization
All the keys and CSPs of the module can be zeroized. Please refer to the Description column of
for information on methods to zeroize each key and CSP.
Self-Tests
In order to prevent any secure data from being released, it is important to test the cryptographic
components of a security module to insure all components are functioning correctly. The router includes
an array of self-tests that are run during startup and periodically during operations. If any of the self-tests
fail, the router transitions into an error state. Within the error state, all secure data transmission is halted
and the router outputs status information indicating the failure.
Self-tests performed by the IOS image:
•
•
Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691,
3725, 3745, and 7206 VXR NPE-400 Routers
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Modular Access
Routers meet all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided
below to place the module in FIPS mode. Operating these routers without maintaining the following
settings will remove the module from the FIPS approved mode of operation.
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
42
Power-up tests:
Firmware integrity test
–
RSA signature KAT (both signature and verification)
–
DES KAT
–
–
TDES KAT
–
AES KAT
SHA-1 KAT
–
PRNG KAT
–
Power-up bypass test
–
Diffie-Hellman self-test
–
HMAC-SHA-1 KAT
–
Conditional tests:
Conditional bypass test
–
–
Pairwise consistency test on RSA signature
–
Continuous random number generator tests
Table 18
OL-6083-01