© Copyright 2011 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
22
7. The Crypto Officer may configure the module to use RADIUS or for
authentication. Configuring the module to use RADIUS or for authentication
is optional. RADIUS and shared secret key sizes must be at least 8 characters
long.
8. Loading any IOS image onto the router is not allowed while in FIPS mode of operation.
3.2
Protocols
1. SNMPv3 is allowed in FIPS mode of operation. SNMPv3 uses FIPS approved
cryptographic algorithms however from a FIPS perspective SNMPv3 is considered to be
a plaintext session since the key derivation used as by SNMPv3 is not FIPS compliant.
3.3
Remote Access
1.
SSH access to the module is only allowed if SSH is configured to use a FIPS-approved
algorithm. The Crypto officer must configure the module so that SSH uses only FIPS-
approved algorithms. Note that all users must still authenticate after remote access is
granted.