Cisco 7206VXR NPE-400 User Manual
Page 11
11
FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM
OL-3959-01
Cryptographic Key Management
14
CSP14
The IPSec encryption key. Zeroized when
IPSec session is terminated.
DRAM
(plaintext)
15
CSP15
The IPSec authentication key. The
zeroization is the same as above.
DRAM
(plaintext)
16
CSP16
The RSA public key of the CA. The no
crypto ca trust <label> command
invalidates the key and it frees the public key
label which in essence prevent use of the key.
This key does not need to be zeroized
because it is a public key.
NVRAM
(plaintext)
17
CSP17
This key is a public key of the DNS server.
Zeroized using the same mechanism as
above. The no crypto ca trust <label>
command invalidates the DNS server public
key and it frees the public key label which in
essence prevent use of that key. This label is
different from the label in the above key.
This key does not need to be zeroized
because it is a public key.
NVRAM
(plaintext)
18
CSP18
The SSL session key. Zeroized when the SSL
connection is terminated.
DRAM
(plaintext)
19
CSP19
The ARAP key that is hardcoded in the
module binary image. This key can be
deleted by erasing the Flash.
Flash
(plaintext)
20
CSP20
This is an ARAP user password used as an
authentication key. A function uses this key
in a DES algorithm for authentication.
DRAM
(plaintext)
21
CSP21
The key used to encrypt values of the
configuration file. This key is zeroized when
the no key config-key command is issued.
NVRAM
(plaintext)
22
CSP22
This key is used by the router to authenticate
itself to the peer. The router itself gets the
password (that is used as this key) from the
AAA server and sends it onto the peer. The
password retrieved from the AAA server is
zeroized upon completion of the
authentication attempt.
DRAM
(plaintext)
23
CSP23
The RSA public key used in SSH. Zeroized
after the termination of the SSH session.
This key does not need to be zeroized
because it is a public key; However, it is
zeroized as mentioned here.
DRAM
(plaintext)
24
CSP24
The authentication key used in PPP. This key
is in the DRAM and not zeroized at runtime.
One can turn off the router to zeroize this key
because it is stored in DRAM.
DRAM
(plaintext)
Table 2
Critical Security Parameters (Continued)
#
CSP Name
Description
Storage