Fips appendix, 1 fips overview, 2 initial configuration of handsets for fips – SpectraLink h340 User Manual
Page 60: Fips overview, Initial configuration of handsets for fips
SpectraLink Corporation
Configuration and Administration—NetLink e340/h340/i640 Wireless Telephone
with SIP
PN: 72-1089-02-D.doc
Page 60
12. FIPS Appendix
The Federal Information Processing Standards (FIPS) are standards and guidelines
developed and published by the National Institute of Standards and Technology
(NIST) for Federal computer systems. The aspect of FIPS most relevant to wireless
telephone systems is the FIPS 140 series of publications specifying requirements for
cryptographic modules including both hardware and software components,
specifically FIPS 140-2 Security Requirements for Cryptographic Modules.
12.1 FIPS Overview
There are four levels of security classification under FIPS 140-2. FIPS-compliant
NetLink Wireless Telephones are classified at Security Level 2, which requires role-
based or identity-based operator authentication (passwords) and tamper-evident
handsets (glued case and/or tamper-evident seals). The crypto officer is the name
assigned to the role of the administrator who manages FIPS settings in the handset.
FIPS-handsets
NetLink Wireless Telephones certified for FIPS 140-2 bear a unique logo and are
labeled
FIPS 140-2
. The certified handsets are 802.11i-compliant and must be
configured to use WPA2-PSK security setting and a six-or-more character
administrative password for FIPS compliance. Known answer tests (KATs) are run
at every power up. KAT failure will cause the handset to repair and restart or shut
down.
FIPS-software
The FIPS software is delivered already installed in the handsets. For security and to
ensure code integrity, the over-the-air download feature is disabled in FIPS handsets.
When upgrades become available, they may be loaded into the handsets using the
Config Cradle following instructions to be provided at that time.
12.2 Initial Configuration of Handsets for FIPS
SpectraLink’s FIPS-capable handsets ship in a state that is not FIPS compliant. The
crypto officer must configure each handset for FIPS mode. There are two critical
settings that ensure FIPS mode is operational.
1.
WPA-PSK2
is a
Security
setting on the
Admin
menu under the
Network
Config
option.
2.
Admin
Password
is under the
Phone
Config
option. The handset requires a
password of six or more characters. It must be entered twice. Keep a secure
record of the password. If the password is lost or forgotten the handset must be
returned to manufacturing for a reset to the default (RMA).
If the crypto officer and the system administrator are two different people,
SpectraLink recommends that the system administrator configure all
Admin
menu
settings and then turn the handsets over to the crypto office to configure the security
settings and password before they are deployed. The Config Cradle may be used for
all configuration options. See the earlier section NetLink Wireless Telephone
Configuration and the NetLink Configuration Cradle Administration Guide.