Security Rules - Avaya G250 User Manual

Avaya G250 and G250-BRI Branch Office Media Gateways w/FIPS Non-Proprietary Security Policy
Version 1.2

7. Security Rules

This section documents the security rules enforced by the cryptographic module to implement
the security requirements of this FIPS 140-2 Level 1 module.
When exiting FIPS-140-2 mode, the Crypto-Officer shall zeroize the CSP.
1.
2. The cryptographic module shall perform the Power up Self-Tests:
• Cryptographic algorithm tests:
- TDES Known Answer Test (DES KAT fulfilled in this test per IG9.2)
- AES Known Answer Test
- SHA-1 Known Answer Test
- HMAC-SHA-1 Known Answer Test
- DRNG Known Answer Test
- RSA Known Answer Test
• Gateway Software Integrity Test (32 bit CRC verification) and Booter Integrity Test (32
bit CRC verification).
• Critical Functions Tests:
- Non-Volatile Random Memory (NVRAM) Integrity test
- EEPROM Integrity Test
3. The cryptographic module shall perform the Conditional Self-Tests:
• Continuous Random Number Generator (RNG) test – performed on all RNGs supporting
crypto activities in FIPS Approved mode. Done for PRNG x9.31 and Random Seed
Generator.
• Bypass Test
• Firmware load test (RSA Signature Verification)
4. Status information shall not contain CSPs or sensitive data that if misused could lead to a
compromise of the module.
5. The module shall support concurrent operators and shall maintain separation of roles and
services.
6. The users of the system can plug-in and use any Avaya Media Module that does not support
cryptographic functionality without restriction.
7. Media modules with cryptographic functionality must be tested and validated separately
against the requirements FIPS 140-2.
© 2005 Avaya Inc. May be reproduced only in its original entirety [without revision].
Wednesday, 14 December, 2005
Page 20 of 23
CID 106595