beautypg.com

4 roles and services – Polycom VSX 3000 User Manual

Page 16

background image

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 16 of 23

© 2007 Polycom, Inc. -

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

1.4 Roles and Services

The modules support two authorized roles (as required by FIPS 140-2) that operators may assume: a Crypto Officer
role and User role.

1.4.1

Crypto-Officer Role

The Crypto-Officer (CO) installs and uninstalls the cryptographic module. Also, the CO is responsible for
monitoring and configuring the modules and call settings.

The Crypto-Officer can manage the VSX modules over a Transport Layer Security (TLS) v1 session through a web
interface. Through this interface, the Crypto-Officer is able to configure the device and setup a call, change secure
mode of operation, monitor current status and perform virtually all of the management of the module. Configuration
of the modules and viewing of status can be performed with a Command Line Interface (CLI) over the local serial
port or remotely via Telnet over TLS. All the management and configuration capabilities are available via the
VSX’s web interface are also available via secure telnet over TLS. The telnet interface includes additional debug
commands that are not available over the web. The Crypto-Officer has access to the following services:

Table 7 - Mapping of Crypto-Officer’s Services to Inputs, Outputs, Critical Security Parameters (CSPs), and Access

Control

Service

Description

Input

Output

CSP and Access Control

Install

Assemble the systems
and setup network
configurations

Command

Result of installation

None

Uninstall

Disassemble the VSX
system

Command

Uninstalled module

None

Run Self-Test

Perform the self-test
on demand

Command

Status output

None

Room monitoring

Monitor meeting
rooms in or out of a
call using the Web
Director feature in
VSX Web.

Command

Status output

x.509 certificate – Read
Session key –Read/Write
CO password – Read

Remote diagnostics

Identify and correct
issues that affect the
user’s experience via
VSX Web interface.

Command

Status output

x.509 certificate – Read
Session key –Read/Write
CO password – Read

Call Detail Reports

Access the system’s
call history using local
or remote management
interface.

Command

Modules’ settings and
status output

x.509 certificate – Read
Session key –Read/Write
CO password – Read

System configuration

Run the system setup
wizard locally or
remotely to get the
system up and running.

Command

Modules’ settings and
status output

x.509 certificate – Read
Session key –Read/Write
CO password – Read

1.4.2

User Role

Users access teleconferencing services via the LAN port (for IP calls) or the Network Interface Bay port (ISDN
calls). Services provided for Users are given below in Table 8.

Table 8 - Mapping of User’s Services to Inputs, Outputs, CSPs, and Access Control

Service

Description

Input

Output

CSP

and

Access

Control

This manual is related to the following products:
See also other documents in the category Polycom Handset Cordless Phone: