MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
Page
15
7. Operational Environment
The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the
MNR S2500 router does not contain a modifiable operational environment.
8. Security Rules
The example cryptographic module’s design corresponds to the example cryptographic module’s
security rules. This section documents the security rules enforced by the cryptographic module to
implement the security requirements of this FIPS 140-2 Level 1 module.
1. The MNR S2500 router provides five distinct operator roles: Crypto Officer (SuperUser),
Admin, Network Manager, User, and Maintenance. The Crypto Officer role uses the root
account.
2. The MNR S2500 router encrypts message traffic using the AES or TDES algorithm.
3. The MNR S2500 router performs the following tests:
A. Power up Self-Tests:
1. Cryptographic algorithm tests:
Hardware
Implementation:
a.
AES-CBC Known Answer Test
b.
TDES-CBC Known Answer Test
c.
HMAC-SHA-1 Known Answer Test (Includes SHA-1 KAT)
Firmware Implementation
a.
AES-CBC Known Answer Test
b.
TDES-CBC Known Answer Test
c.
HMAC -SHA-1 Known Answer Test (Includes SHA-1 KAT)
d.
ANSI X9.31 DRNG Known Answer Test
e.
RSA Known Answer Test
f.
DSA Known Answer Test
2. Firmware Integrity Test (16 bit CRC)