38
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
OL-6083-01
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
The services accessing the CSPs, the type of access and which role accesses the CSPs are listed in
Table 19
.
25
CSP 25
This key is used by the router to authenticate itself to the peer. The
key is identical to #22 except that it is retrieved from the local
database (on the router itself). Issuing the “no username
password” zeroizes the password (that is used as this key) from
the local database.
NVRAM
(plaintext)
26
CSP 26
This is the SSH session key. It is zeroized when the SSH session
is terminated.
DRAM
(plaintext)
27
CSP 27
The password of the User role. This password is zeroized by
overwriting it with a new password.
NVRAM
(plaintext)
28
CSP 28
The plaintext password of the CO role. This password is zeroized
by overwriting it with a new password.
NVRAM
(plaintext)
29
CSP 29
The ciphertext password of the CO role. However, the algorithm
used to encrypt this password is not FIPS approved. Therefore,
this password is considered plaintext for FIPS purposes. This
password is zeroized by overwriting it with a new password.
NVRAM
(plaintext)
30
CSP 30
The RADIUS shared secret. This shared secret is zeroized by
executing the “no” form of the RADIUS shared secret set
command.
NVRAM
(plaintext),
DRAM
(plaintext)
31
CSP 31
The shared secret. This shared secret is zeroized by
executing the “no” form of the shared secret set
command.
NVRAM
(plaintext),
DRAM
(plaintext)
Table 18
Critical Security Parameters (Continued)
Table 19
Role and Service Access to CSPs
SRDI/Role/Service Access Policy
Ro
le
/Se
rvic
e
Us
e
r R
o
le
S
ta
tus Fu
nc
ti
o
n
s
N
e
tw
or
k Fu
nc
ti
o
n
s
Te
rm
in
a
l Fu
n
c
tio
n
s
Di
re
ct
or
y Se
rv
ic
es
Cr
yp
to
-O
ffi
c
e
r Ro
le
C
o
nf
ig
ur
e t
h
e
Ro
ut
e
r
D
e
fin
e
Ru
le
s a
n
d
Filte
rs
S
ta
tus Fu
nc
ti
o
n
s
M
a
na
ge
t
h
e
R
o
u
ter
Se
t E
n
c
ryp
tio
n
s/B
yp
a
ss
C
h
an
ge
W
A
N
I
n
te
rf
a
c
e
C
a
rd
s
Security Relevant Data Item
CSP 1
r
d
r
w
d
CSP 2
r
r
w
d