Cisco 7206VXR NPE-400 User Manual

12

FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM

OL-3959-01

Cryptographic Key Management

The services accessing the CSPs, the type of access and which role accesses the CSPs are listed in the

Figure 6

.

25

CSP25

This key is used by the router to authenticate
itself to the peer. The key is identical to #22
except that it is retrieved from the local
database (on the router itself). Issuing the no
username password command zeroizes the
password (that is used as this key) from the
local database.

NVRAM
(plaintext)

26

CSP26

This is the SSH session key. It is zeroized
when the SSH session is terminated.

DRAM
(plaintext)

27

CSP27

The password of the User role. This
password is zeroized by overwriting it with a
new password.

NVRAM
(plaintext)

28

CSP28

The plaintext password of the Crypto Officer
role. This password is zeroized by
overwriting it with a new password.

NVRAM
(plaintext)

29

CSP29

The ciphertext password of the Crypto
Officer role. However, the algorithm used to
encrypt this password is not FIPS approved.
Therefore, this password is considered
plaintext for FIPS purposes. This password
is zeroized by overwriting it with a new
password.

NVRAM
(plaintext)

30

CSP30

The RADIUS shared secret. This shared
secret is zeroized by executing the “no” form
of the RADIUS shared secret set command.

DRAM
(plaintext),
NVRAM
(plaintext)

31

CSP31

The TACACS+ shared secret. This shared
secret is zeroized by executing the “no” form
of the TACACS+ shared secret set command.

DRAM
(plaintext),
NVRAM
(plaintext)

Table 2

Critical Security Parameters (Continued)

#

CSP Name

Description

Storage