Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Sun Microsystems Sun StorageTek T9840D
Summary of Contents for Sun Microsystems Sun StorageTek T9840D
-
Page 1: Tape Drive
Sun StorageTek T9840D Tape Drive Security Policy Part Number 316055201 Revision: AA Sun Microsystems, Inc. February 5, 2010 Copyright Sun Microsystems 2009. May be reproduced only in its original entirety [without revision]. -
Page 2: Table Of Contents
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy February 5, 2010 TABLE OF CONTENTS 1 MODULE OVERVIEW ..........................4 2 SECURITY LEVEL ........................... 5 3 MODES OF OPERATION (AREA 1) ......................6 3.1 A ..........................6 PPROVED LGORITHMS 3.2 N... -
Page 3: Matt Ball Page
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy February 5, 2010 TABLE OF TABLES TABLE 1: MODULE SECURITY LEVEL SPECIFICATION................5 TABLE 2: PORTS AND INTERFACES DESCRIPTION................10 TABLE 3: ROLES AND REQUIRED IDENTIFICATION AND AUTHENTICATION........12 TABLE 4: STRENGTHS OF AUTHENTICATION MECHANISMS............13 TABLE 5: DESCRIPTION OF CRITICAL SECURITY PARAMETERS (CSPS)........14... -
Page 4: Module Overview
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy 1 Module Overview The Sun StorageTek T9840D Tape Drive (“Encrypting Tape Drive”, or ETD) (HW P/N:315479501; Firmware Version: 1.44.710) is a hardware cryptographic module with a multi-chip standalone physical embodiment as defined by FIPS 140-2. The primary purpose of this device is to provide FIPS 140-2 Level 1 security to data on magnetic tape. -
Page 5: Security Level
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Figure 1.2: Back, side and bottom cover of T9840D Note: Figure 1.2 appears to be upside-down to show bottom plate. 2 Security Level The ETD meets the overall requirements applicable to Level 1 security of FIPS 140-2, as is detailed in Table 1. -
Page 6: Modes Of Operation (Area 1)
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Security Requirements Section Level Self-Tests Design Assurance Mitigation of Other Attacks 3 Modes of Operation (Area 1) 3.1 Approved Algorithms Once configured per the procedures as defined in Section 3.4 the module is only able to operate in a FIPS 140-2 Approved Mode of operation. -
Page 7: Determining Fips Mode
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy key establishment methodology provides 256 bits of strength) • RSAES-PKCS1-V1_5 supporting 2048-bit keys, for RSA public key encryption used to provide FIPS 140-2 allowed key transport within the TLS protocol. Key establishment methodology provides 112 bits of security. -
Page 8: Configuring The Drive In Fips Mode
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Figure 3.1: VOP: View Current Drive Settings 3.4 Configuring the Drive in FIPS mode An ETD can only be configured for FIPS mode as a one-time decision taken during the encryption enrollment process. - Page 9 Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Both the Sun service representative and the customer (in the role of the Crypto-Officer) shall perform the following actions to enable FIPS mode through VOP: 1. The service representative shall examine the hardware part number on the rear label of the Tape Drive to ensure that it matches the part number as listed in Section 1 of this document.
-
Page 10: Table 2: Ports And Interfaces Description
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Figure 3.2: VOP: "Configure Drive Parameters" Window 4 Ports and Interfaces This section describes all ports and interfaces supported by the Encrypting Tape Drive. Table 2 below provides a listing of the following physical ports and logical interfaces(see [ETDOG] for details). - Page 11 Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Physical Port Logical interface Technical Specification definition Host Interface data input, This interface is used to transfer user data between the data output, ETD and the host. When the host transfers user data to...
-
Page 12: Identification And Authentication Policy
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Physical Port Logical interface Technical Specification definition Drive Status LED status output Provides status on the overall state of the ETD Encryption Status status output Provides status on the encryption configuration of the ETD. - Page 13 Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Table 4: Description of Critical Security Parameters (CSPs) Description/Usage Preset The Preset Communication Key is a 256-bit AES key loaded into the ETD during Communication Key manufacturing and is used for encryption licensing.
-
Page 14: Definition Of Public Keys
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy 6.1 Definition of Public Keys Table 5 describes the public keys stored with the ETD. Table 5: Description of Public Keys within the ETD Public Key Name Description CA_Cert CA Certificate public key self-signed by a KMS 2.x cluster. Contains a 2048-bit RSA Public Key for each appliance in a KMS 2.x cluster. - Page 15 Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Name of Service Description Available Available in Available Role Access to Service FIPS mode in non- Keys/CSPs FIPS mode License This service is used in RJ45(Ether C.O. Uses PCKey; the VOP to enable the...
- Page 16 Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Name of Service Description Available Available in Available Role Access to Service FIPS mode in non- Keys/CSPs FIPS mode Establish Establishes a TLS 1.0 RJ45(Ether User Uses and (Transport Layer...
- Page 17 Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Name of Service Description Available Available in Available Role Access to Service FIPS mode in non- Keys/CSPs FIPS mode Error Log Allows the viewing, RJ45(Ether C.O. Not Applicable downloading, deletion...
-
Page 18: Operational Environment (Area 6)
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy Name of Service Service Description Available On: Fibre Channel Interface Provides non-security relevant ETD management Host Interface Management and status output (see [ETDIM]). Library Management Provides non-security relevant ETD management DB15 (RS232) and status output of the ETD. -
Page 19: Physical Security
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy The operator can determine whether the power-on self-tests tests have passed or failed by observing the Operator Panel (See [ETDOG], Table 2-1 “Operator Panel Indicators”). If the Power Indicator is solid green, then all the power-on self tests have completed successfully. -
Page 20: Definitions And Acronyms
Sun Microsystems Sun StorageTek ™ T9840D Tape Drive Security Policy [VOPUG] Virtual Operator Panel User's Guide (Customer) rev JA, Sun Microsystems, Part Number 96179JA, April 2008. Available at http://docs.sun.com/app/docs/doc/96179revJA. 13 Definitions and Acronyms Advanced Encryption Standard Crypto-Officer Data-At-Rest Data that is stored on non-network attached media. Data-At-Rest in the context of the EDRS system is data stored on magnetic tape.
Need help?
Do you have a question about the Sun StorageTek T9840D and is the answer not in the manual?
Questions and answers