12
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
OL-6262-01
The 2621XM/2651XM Router
18 CSP 18 The SSL session key. Zeroized when the SSL connection is
terminated.
DRAM
(plaintext)
19 CSP 19 The ARAP key that is hardcoded in the module binary image.
This key can be deleted by erasing the Flash.
Flash
(plaintext)
20 CSP 20 This is an ARAP user password used as an authentication key. A
function uses this key in a DES algorithm for authentication.
DRAM
(plaintext)
21 CSP 21 The key used to encrypt values of the configuration file. This key
is zeroized when the “no key config-key” is issued.
NVRAM
(plaintext)
22 CSP 22 This key is used by the router to authenticate itself to the peer. The
router itself gets the password (that is used as this key) from the
AAA server and sends it onto the peer. The password retrieved
from the AAA server is zeroized upon completion of the
authentication attempt.
DRAM
(plaintext)
23 CSP 23 The RSA public key used in SSH. Zeroized after the termination
of the SSH session. This key does not need to be zeroized because
it is a public key; However, it is zeroized as mentioned here.
DRAM
(plaintext)
24 CSP 24 The authentication key used in PPP. This key is in the DRAM and
not zeroized at runtime. One can turn off the router to zeroize this
key because it is stored in DRAM.
DRAM
(plaintext)
25 CSP 25 This key is used by the router to authenticate itself to the peer. The
key is identical to #22 except that it is retrieved from the local
database (on the router itself). Issuing the “no username
password” zeroizes the password (that is used as this key) from
the local database.
NVRAM
(plaintext)
26 CSP 26 This is the SSH session key. It is zeroized when the SSH session
is terminated.
DRAM
(plaintext)
27 CSP 27 The password of the User role. This password is zeroized by
overwriting it with a new password.
NVRAM
(plaintext)
28 CSP 28 The plaintext password of the CO role. This password is zeroized
by overwriting it with a new password.
NVRAM
(plaintext)
29 CSP 29 The ciphertext password of the CO role. However, the algorithm
used to encrypt this password is not FIPS approved. Therefore,
this password is considered plaintext for FIPS purposes. This
password is zeroized by overwriting it with a new password.
NVRAM
(plaintext)
30 CSP 30 The RADIUS shared secret. This shared secret is zeroized by
executing the “no” form of the RADIUS shared secret set
command.
NVRAM
(plaintext),
DRAM
(plaintext)
31 CSP 31 The TACACS+ shared secret. This shared secret is zeroized by
executing the “no” form of the TACACS+ shared secret set
command.
NVRAM
(plaintext),
DRAM
(plaintext)
Table 4 Critical Security Parameters (continued)
To Next Page
Loading...
Need help?
General
