Page 1
Oracle StorageTek T10000D Tape Drive FIPS 140-2 – Level 1 Validation Non-Proprietary Security Policy Hardware Part #: 7042136, 7314405 Firmware Version RB411111 Security Policy Revision 0.12...
Page 2
Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice.
This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. The StorageTek T10000D Tape Drive may also be referred to in this document as the Encrypting Tape Drive, the ETD , the crypto module, or the module.
Page 7
Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Acumen Security under contract to Oracle. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to Oracle and is releasable only under appropriate non-disclosure agreements.
This mode of operation provides a non FIPS-140-2 Approved method for encrypting the tape cartridge contents for customers who do not require FIPS 140 protected content. The StorageTek T10000D Tape Drive is featured in Figure 1 below. MB – Megabytes sec – Second AES –...
(OKM), which provides centralized key management. The OKM, an external system component, creates, stores, and manages the keys used for encryption and decryption of data stored in the tape cartridge used by the ETD. An Oracle Key Manager (formerly called the Key Management System or KMS) cluster consists...
2.2 Module Specification The StorageTek T10000D Tape Drive is validated at the FIPS 140-2 section levels shown in Table 1 for all FIPS-Approved modes of operation. Table 1 – Security Level per FIPS 140-2 Section Section Section Title Level Cryptographic Module Specification...
(Encryption Disabled Approved Mode Set-Up). 2.2.4 Mixed Mode The StorageTek T10000D Tape Drive is capable of operating in a Mixed mode of operation. The Mixed mode of operation is defined as a mode of operation that allows both FIPS approved and non-approved services. Mixed mode of operation supports the following approved services, SSH and firmware update.
It does not provide access to the interior of the module. Figure 3 - StorageTek T10000D Tape Drive (Front) Figure 4 shows the rear of the StorageTek T10000D Tape Drive. It provides the following physical interfaces: ...
Figure 4 - StorageTek T10000D Tape Drive (Rear) The bottom of the StorageTek T10000D Tape Drive (Figure 5) provides one additional physical interface; the Operator Panel Port. This port is used to provide general module status as well as additional control input access when the drive is rack-mounted.
Figure 5 – StorageTek T10000D Tape Drive (Bottom) Table 2 provides a mapping of all of the physical interfaces of the StorageTek T10000D Tape Drive listed above to their respective FIPS 140-2 Logical Interfaces. The functionality and logical interface mappings of these physical interfaces do not change between Approved modes.
Table 2 – Mapping of FIPS 140-2 Logical Interfaces to StorageTek T10000D Tape Drive Physical Interfaces FIPS 140-2 Physical Interface Quantity Logical Interfaces Description Supported Provides the interface to the magnetic tape media, where the user data to be encrypted is written to, and where the data to be decrypted is read from.
RFID located on the tape cartridge 2.3.2 StorageTek T10000D Tape Drive VOP Status Information The module outputs status information via the Ethernet Port to the VOP to provide a more detailed drive and encryption status to the operator. Drive statuses include whether the ETD has a tape, is online, or has encountered an error.
2.4.1 Crypto-Officer Role The CO is in charge of the initial configuration of the StorageTek T10000D Tape Drive which includes placing the module into one of the modes of operations. A list of services available to the CO, and the Approved mode the service is available in, is provided in Table 3.
Approved mode of operation. 2.4.3 User Role The User of the StorageTek T10000D Tape Drive is the everyday user of the module. The User is responsible for importing the encryption and decryption keys when operating in one of the Approved modes with encryption enabled.
Security Policy. These documents are freely available at http://docs.oracle.com. 2.5 Physical Security The StorageTek T10000D Tape Drive satisfies level 1 physical security requirements by being constructed of a hard, production-grade metal exterior. The module provides an opening, which is required for the insertion of media (tape cartridges).
Permanent Encryption Approved Mode or Encryption Enabled Approved Mode. The cryptographic algorithms available in these Approved modes are listed inTable 6. Table 6 – FIPS-Approved Algorithms in StorageTek T10000D Tape Drive (Permanent Encryption and Encryption Enabled Modes) Certificate...
Table 6. A list of cryptographic algorithms used by the module while operating in the Encryption Disabled Mode is provided as Table 7. Table 7 – FIPS-Approved Algorithms in StorageTek T10000D Tape Drive (Encryption Disabled Mode) Certificate...
Approved mode. All test run without requiring operator intervention. 2.9.1 Integrity Tests An integrity test is the first operation performed by the StorageTek T10000D Tape Drive after power has been supplied. The module performs a 32-bit CRC on the firmware and hardware/FPGA images as its approved integrity technique.
Page 42
If the CRNGT fails on the second attempt, the dump file is discarded and the module will then reboot. The StorageTek T10000D Tape Drive performs a Pairwise Consistency Test on each Asymetric key pair (RSA and Elliptic Curve) generated in support of establishing a SSH session.
Page 43
SP 800-90A CTR DRBG. Critical functions tests are crucial for the proper and secure operation of the DRBG. These tests will ensure the DRBG always produces random information. The StorageTek T10000D Tape Drive performs the following critical function self-tests: SP 800-90A DRBG Instantiate Test SP 800-90A DRBG Generate Test ...
Oracle Key Manager: Administration Guide (Part #: E41579-05; September 2015) Prior to setting up the StorageTek T10000D Tape Drive for first use, the CO shall use the instructions provided in these guides to install the latest versions of Oracle Key Manager and the Virtual Operator Panel onto a trusted system.
Page 45
After pressing the “Commit” button, the ETD will reboot to normal operation. 3.1.2 Encryption Disabled Approved Mode Set-Up The StorageTek T10000D Tape Drive is initially delivered to an Oracle customer with the Encryption Disabled Mode configured. Upon first receiving the ETD,...
Approved or Mixed modes. 3.1.5 Mixed Mode Set-Up The CO can place the StorageTek T10000D Tape Drive into the Mixed Mode after initially receiving the ETD. The CO shall perform the following steps: 1. Follow the steps outlined in Section 3.1.1 (Initial Set-Up) 2.
3.2 Cryptographic Officer Guidance (Normal Operation) This section assumes the StorageTek T10000D Tape Drive has been placed into one of the FIPS-Approved modes or the Mixed Mode. Instructions on how to place the drive into another mode are provided in this section. The CO is responsible for placing the ETD into one of the Approved modes of operation.