Cisco 7206VXR NPE-400 User Manual
Page 12
12
FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM
OL-3959-01
Cryptographic Key Management
The services accessing the CSPs, the type of access and which role accesses the CSPs are listed in the
25
CSP25
This key is used by the router to authenticate
itself to the peer. The key is identical to #22
except that it is retrieved from the local
database (on the router itself). Issuing the no
username password command zeroizes the
password (that is used as this key) from the
local database.
NVRAM
(plaintext)
26
CSP26
This is the SSH session key. It is zeroized
when the SSH session is terminated.
DRAM
(plaintext)
27
CSP27
The password of the User role. This
password is zeroized by overwriting it with a
new password.
NVRAM
(plaintext)
28
CSP28
The plaintext password of the Crypto Officer
role. This password is zeroized by
overwriting it with a new password.
NVRAM
(plaintext)
29
CSP29
The ciphertext password of the Crypto
Officer role. However, the algorithm used to
encrypt this password is not FIPS approved.
Therefore, this password is considered
plaintext for FIPS purposes. This password
is zeroized by overwriting it with a new
password.
NVRAM
(plaintext)
30
CSP30
The RADIUS shared secret. This shared
secret is zeroized by executing the “no” form
of the RADIUS shared secret set command.
DRAM
(plaintext),
NVRAM
(plaintext)
31
CSP31
The TACACS+ shared secret. This shared
secret is zeroized by executing the “no” form
of the TACACS+ shared secret set command.
DRAM
(plaintext),
NVRAM
(plaintext)
Table 2
Critical Security Parameters (Continued)
#
CSP Name
Description
Storage