Chapter 22: FIPS
This chapter provides information about (i) the Avaya Branch Office Media Gateways (G250,
G250-BRI, and G350) cryptographic modules' compliance with the Federal Information
Processing Standard (FIPS-140-2) for cryptographic modules, and (ii) how to configure the
module to work in FIPS mode. This chapter includes the following sections:
Overview
●
Security rules
●
security requirements of FIPS
Password guidelines
●
Managing the module in FIPS-compliant mode
●
module working in FIPS-approved mode of operation
Administration procedures
●
scenarios, repair actions, and error states
Overview
The G250, G250-BRI, and G350 are multi-chip stand-alone cryptographic modules in
commercial grade metal cases. The modules provide:
VPN, Voice over Internet Protocol (VoIP) media-gateway services, Ethernet switching, IP
●
routing, and data security for IP traffic
Status output via LEDs and logs available through the module's management interface
●
Network interfaces for data input and output
●
A console port
●
The cryptographic boundary includes all of the components within the physical enclosure of the
branch gateway chassis, without any expansion modules. The figures below illustrate these
modules and their interfaces:
G250 (refer to
●
G250-BRI (refer to
●
G350 (refer to
●
— an overview of the Media Gateway (relating to FIPS compliance)
— the security rules enforced by the cryptographic module to implement the
— the general guidelines for defining passwords
— step-by-step instructions on how to enter FIPS mode, failure
Figure
51)
Figure
52)
Figure
53)
— a description of the behavior of the
Issue 1.1 June 2005
483