Corporate Headquarters:

Copyright © 2004 Cisco Systems, Inc. All rights reserved.

Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

FIPS 140-2 Nonproprietary Security Policy for
Cisco 7206VXR NPE-400 Router with VAM

Introduction

This is a non-proprietary Cryptographic Module Security Policy for Cisco Systems. This security policy
describes how the 7206 VXR NPE-400 with VPN Acceleration Module (VAM) (Hardware Version:
7206-VXR; VAM: Hardware Version 1.0, Board Version A0; Firmware Version: Cisco IOS software
Version12.3(3d)) meets the security requirements of FIPS 140-2 and how to run the module in a secure
FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module.

Note

This document may be copied in its entirety and without modification. All copies must include the
copyright notice and statements on the last page.

FIPS 140-2 (Federal Information Processing Standards Publication 140-2 — Security Requirements for
Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More
information about the FIPS 140-2 standard and validation program is available on the NIST website at

http://csrc.nist.gov/cryptval/

.

This document includes the following sections:

•

Introduction, page 1

•

FIPS 140-2 Submission Package, page 2

•

Overview, page 2

•

Cryptographic Module, page 3

•

Module Interfaces, page 3

•

Roles and Services, page 6

•

Physical Security, page 8

•

Cryptographic Key Management, page 9

•

Self-Tests, page 15

•

Secure Operation, page 16

•

Obtaining Documentation, page 17