Fips appendix, 1 fips overview, 2 initial configuration of handsets for fips – SpectraLink h340 User Manual

SpectraLink Corporation

Configuration and Administration—NetLink e340/h340/i640 Wireless Telephone

with SIP

PN: 72-1089-02-D.doc

Page 60

12. FIPS Appendix

The Federal Information Processing Standards (FIPS) are standards and guidelines
developed and published by the National Institute of Standards and Technology
(NIST) for Federal computer systems. The aspect of FIPS most relevant to wireless
telephone systems is the FIPS 140 series of publications specifying requirements for
cryptographic modules including both hardware and software components,
specifically FIPS 140-2 Security Requirements for Cryptographic Modules.

12.1 FIPS Overview

There are four levels of security classification under FIPS 140-2. FIPS-compliant
NetLink Wireless Telephones are classified at Security Level 2, which requires role-
based or identity-based operator authentication (passwords) and tamper-evident
handsets (glued case and/or tamper-evident seals). The crypto officer is the name
assigned to the role of the administrator who manages FIPS settings in the handset.

FIPS-handsets
NetLink Wireless Telephones certified for FIPS 140-2 bear a unique logo and are

labeled

FIPS 140-2

. The certified handsets are 802.11i-compliant and must be

configured to use WPA2-PSK security setting and a six-or-more character
administrative password for FIPS compliance. Known answer tests (KATs) are run
at every power up. KAT failure will cause the handset to repair and restart or shut
down.

FIPS-software
The FIPS software is delivered already installed in the handsets. For security and to
ensure code integrity, the over-the-air download feature is disabled in FIPS handsets.
When upgrades become available, they may be loaded into the handsets using the
Config Cradle following instructions to be provided at that time.

12.2 Initial Configuration of Handsets for FIPS

SpectraLink’s FIPS-capable handsets ship in a state that is not FIPS compliant. The
crypto officer must configure each handset for FIPS mode. There are two critical
settings that ensure FIPS mode is operational.
1.

WPA-PSK2

is a

Security

setting on the

Admin

menu under the

Network

Config

option.

2.

Admin

Password

is under the

Phone

Config

option. The handset requires a

password of six or more characters. It must be entered twice. Keep a secure
record of the password. If the password is lost or forgotten the handset must be
returned to manufacturing for a reset to the default (RMA).

If the crypto officer and the system administrator are two different people,

SpectraLink recommends that the system administrator configure all

Admin

menu

settings and then turn the handsets over to the crypto office to configure the security
settings and password before they are deployed. The Config Cradle may be used for
all configuration options. See the earlier section NetLink Wireless Telephone
Configuration and the NetLink Configuration Cradle Administration Guide.