Cisco 2620XM Operations - Page 17
Browse online or download pdf Operations for Network Router Cisco 2620XM. Cisco 2620XM 25 pages. Modular access routers with aim-vpn/ep fips 140-2 non-proprietary security policy
•
Self-tests performed by the AIM-VPN/EP (cryptographic accelerator):
•
•
Secure Operation of the Cisco 2621XM/2651XM Router
The Cisco 2621XM and 2651XM Modular Access Routers with AIM-VPN/EP meet all the Level 2
requirements for FIPS 140-2. Follow the setting instructions provided below to place the module in FIPS
mode. Operating this router without maintaining the following settings will remove the module from
the FIPS approved mode of operation.
Initial Setup
•
•
•
•
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
OL-6262-01
Conditional tests
Conditional bypass test
–
Pairwise consistency test on RSA signature
–
Continuous random number generator tests
–
Power-up tests
Firmware integrity test
–
DES KAT
–
TDES KAT
–
–
SHA-1 KAT
Conditional tests
–
Continuous random number generator test
The Crypto Officer must ensure that the AIM-VPN/EP cryptographic accelerator card is installed in
the module by opening the chassis and visually confirming the presence of the AIM-VPN/EP. Please
refer to the Cisco publication Installing Advanced Integration Modules in Cisco 2600 Series, Cisco
3600 Series, and Cisco 3700 Series Routers for detailed instructions on chassis disassembly and
reassembly, and AIM-VPN/EP identification. This document may be accessed on the web at:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/hw_inst/aim_inst/aims
_ins.pdf
The Crypto Officer must apply tamper evidence labels as described in the
section of this document.
Only a Crypto Officer may add and remove Network Modules. When removing the tamper evidence
label, the Crypto Officer should remove the entire label from the router and clean the cover of any
grease, dirt, or oil with an alcohol-based cleaning pad. The Crypto Officer must re-apply tamper
evidence labels on the router as described in the
Only a Crypto Officer may add and remove WAN Interface Cards. When removing the tamper
evidence label, the Crypto Officer should remove the entire label from the router and clean the cover
of any grease, dirt, or oil with an alcohol-based cleaning pad. The Crypto Officer must re-apply
tamper evidence labels on the router as described in the
document.
Secure Operation of the Cisco 2621XM/2651XM Router
"Physical Security"
"Physical Security"
section of this document.
"Physical Security"
section of this
17