Cisco 7206VXR NPE-400 User Manual

Page 11

Advertising
background image

11

FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM

OL-3959-01

Cryptographic Key Management

14

CSP14

The IPSec encryption key. Zeroized when
IPSec session is terminated.

DRAM
(plaintext)

15

CSP15

The IPSec authentication key. The
zeroization is the same as above.

DRAM
(plaintext)

16

CSP16

The RSA public key of the CA. The no
crypto ca trust <label> command
invalidates the key and it frees the public key
label which in essence prevent use of the key.
This key does not need to be zeroized
because it is a public key.

NVRAM
(plaintext)

17

CSP17

This key is a public key of the DNS server.
Zeroized using the same mechanism as
above. The no crypto ca trust <label>
command invalidates the DNS server public
key and it frees the public key label which in
essence prevent use of that key. This label is
different from the label in the above key.
This key does not need to be zeroized
because it is a public key.

NVRAM
(plaintext)

18

CSP18

The SSL session key. Zeroized when the SSL
connection is terminated.

DRAM
(plaintext)

19

CSP19

The ARAP key that is hardcoded in the
module binary image. This key can be
deleted by erasing the Flash.

Flash
(plaintext)

20

CSP20

This is an ARAP user password used as an
authentication key. A function uses this key
in a DES algorithm for authentication.

DRAM
(plaintext)

21

CSP21

The key used to encrypt values of the
configuration file. This key is zeroized when
the no key config-key command is issued.

NVRAM
(plaintext)

22

CSP22

This key is used by the router to authenticate
itself to the peer. The router itself gets the
password (that is used as this key) from the
AAA server and sends it onto the peer. The
password retrieved from the AAA server is
zeroized upon completion of the
authentication attempt.

DRAM
(plaintext)

23

CSP23

The RSA public key used in SSH. Zeroized
after the termination of the SSH session.
This key does not need to be zeroized
because it is a public key; However, it is
zeroized as mentioned here.

DRAM
(plaintext)

24

CSP24

The authentication key used in PPP. This key
is in the DRAM and not zeroized at runtime.
One can turn off the router to zeroize this key
because it is stored in DRAM.

DRAM
(plaintext)

Table 2

Critical Security Parameters (Continued)

#

CSP Name

Description

Storage

Advertising
See also other documents in the category Cisco Hardware: