Table of Contents
Advertisement
Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
Key Zeroization
All the keys and CSPs of the module can be zeroized. Please refer to the Description column of
for information on methods to zeroize each key and CSP.
Self-Tests
In order to prevent any secure data from being released, it is important to test the cryptographic
components of a security module to insure all components are functioning correctly. The router includes
an array of self-tests that are run during startup and periodically during operations. If any of the self-tests
fail, the router transitions into an error state. Within the error state, all secure data transmission is halted
and the router outputs status information indicating the failure.
Self-tests performed by the IOS image:
•
•
Secure Operation of the Cisco 1721, 1760, 2621XM, 2651XM, 2691,
3725, 3745, and 7206 VXR NPE-400 Routers
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Modular Access
Routers meet all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided
below to place the module in FIPS mode. Operating these routers without maintaining the following
settings will remove the module from the FIPS approved mode of operation.
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
42
Power-up tests:
Firmware integrity test
–
RSA signature KAT (both signature and verification)
–
DES KAT
–
–
TDES KAT
–
AES KAT
SHA-1 KAT
–
PRNG KAT
–
Power-up bypass test
–
Diffie-Hellman self-test
–
HMAC-SHA-1 KAT
–
Conditional tests:
Conditional bypass test
–
–
Pairwise consistency test on RSA signature
–
Continuous random number generator tests
Table 18
OL-6083-01
Hide quick links:
Advertisement
Table of Contents
