Operational Environment; Assumptions Of Roles - Avaya G250 Administration

Operational environment

The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the
device does not support the loading and execution of un-trusted code. Avaya digitally signs
firmware images of the crypto module using RSA SHA1 digital signature. Through this
signature, the crypto module verifies the authenticity of any update to its firmware image.

Assumptions of roles

The cryptographic module supports eight distinct operator roles: Cryptographic-Officer, Read/
Write User, Read-only User, RADIUS Server, OSPF Router Peer, PPPoE Client, IKE Peer, and
Serial Number Peer.
The cryptographic module enforces the separation of roles using operator authentication. Refer
to Table 85 for further information.
Table 85: Roles and required identification and authentication
Role
Cryptographic-
Officer
(Admin User)
User
(Read/Write User)
Read-only User
Type of
authentication
Identity-based operator
authentication
Identity-based operator
authentication
Identity-based operator
authentication
Authentication data
Username and
Password. The module
stores user identity
information internally
through the use of an
external Radius Server
database.
Username and
Password. The module
stores user identity
information internally
through the use of an
external Radius Server
database.
Username and
Password. The module
stores user identity
information internally
through the use of an
external Radius Server
database.
Description
The owner of the
cryptographic module
who has full access to the
module's services
An assistant to the Admin
User who has read/write
access to a subset of
configuration and status
indications
An assistant to the Admin
User who has read-only
access to a subset of
module configuration and
status indications
Issue 3 February 2007
1 of 2
593