Cryptographic Key Management - Cisco 3825 Non Proprietary Security Policy

Tamper evidence labels F, G, H and I should be placed so that one half of each label covers the top side
Step 5
of HWIC modules and the other half covers the enclosure.
Tamper evidence label J should be placed over the CF slot.
Step 6
Allow the labels five minutes to completely cure.
Step 7
Figure 9
Figure 9
Figure 10
The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any
attempt to open the router will damage the tamper evidence seals or the material of the module cover.
Since the tamper evidence seals have non-repeated serial numbers, they can be inspected for damage and
compared against the applied serial numbers to verify that the module has not been tampered. Tamper
evidence seals can also be inspected for signs of tampering, which include the following: curled corners,
bubbling, crinkling, rips, tears, and slices. The word "OPEN" may appear if the label was peeled back.

Cryptographic Key Management

The router securely administers both cryptographic keys and other critical security parameters such as
passwords. The tamper evidence seals provide physical protection for all keys. All keys are also
protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto
Officer. All zeroization consists of overwriting the memory that stored the key. Keys are exchanged and
entered electronically or via Internet Key Exchange (IKE).
OL-8662-01
and Figure 10 show the tamper evidence label placements for the Cisco 3845.
Cisco 3845 Tamper Evident Label Placement (Front View)
Cisco 3845 Tamper Evident Label Placement (Back View)
Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy
Cisco 3825 and Cisco 3845 Routers
15