18
Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy
OL-8663-01
Cisco 2811 and Cisco 2821 Routers
Note All RSA operations are prohibited by policy, and commands that can be executed by Officer are shown
“# command”.
.
Enable secret Shared
Secret
The ciphertext password of the CO role. However,
the algorithm used to encrypt this password is not
FIPS approved. Therefore, this password is
considered plaintext for FIPS purposes. This
password is zeroized by overwriting it with a new
password.
NVRAM
(plaintext)
Overwrite with new
password
RADIUS secret Shared
Secret
The RADIUS shared secret. This shared secret is
zeroized by executing the “no radius-server key”
command.
NVRAM
(plaintext),
DRAM
(plaintext)
“# no radius-server key”
TACACS+
secret
Shared
Secret
The TACACS+ shared secret. This shared secret is
zeroized by executing the “no tacacs-server key”
command.
NVRAM
(plaintext),
DRAM
(plaintext)
“# no tacacs-server key”
Table 10 Role and Service Access to CSP
Note: An empty entry indicates that a particular SRDI is not accessible by the corresponding service
SRDI/Role/Service Access Policy
Role/Service
User Role
Status Functions
Network Functions
Terminal Functions
Directory Services
Crypto-Officer Role
Configure the Router
Define Rules and Filters
Status Functions
Manage the Router
Set Encryptions/Bypass
Change WAN Interface Cards
Security Relevant Data Item
PRNG Seed r d r
w
d
DH private exponent r r
w
d
DH public key r r
w
d
Table 9 Cryptographic Keys and CSPs (Continued)
To Next Page
Loading...
Need help?
General
Weight and Dimensions
