cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

FIPS 140 - 2 for the Cisco 5921 ESR

565
Views
0
Helpful
5
Comments

This is a non-proprietary Cryptographic Module Security Policy for the Cisco 5921 ESR

from Cisco Systems, Inc., referred to in this document as the modules, routers, or by their  specific model name. This security policy describes how modules meet the security

requirements of FIPS 140 - 2 and how to run the modules in a FIPS 140 - 2 mode of operation. FIPS 140 - 2 (Federal Information Processing Standards Publication 140 - 2

Security Requirements for Cryptographic Modules) details the U.S. Government requirements for  cryptographic modules. More information about the FIPS 140 -2 standard and validation

program is available on the NIST website at

http://csrc.nist.gov/groups/STM/cmvp/index.html

Comments
Community Member

Glad to see that the 5921 is FIPS validated.  Do you have any instruction on how to implement the Zeroize function both in the IOS and the hardware?

Cisco Employee

Hi Wray,

Thank you for your question, I checked with our developers for the context of how the zeroize feature is implemented per FIPS 140. It is as follows:

For the certification purposes, we have tested the Crypto key zeroization for c5921.

This could be done by commands such as "crypto key zeroize".

Regards,

Frank Columbus

Technical Marketing Engineer, Embedded Products

Internet of Things Systems and Software Group

Cisco Systems, Inc.

Community Member

Thanks Frank. I thought maybe there was a hardware button that could have been implemented on a serial port. If the government is good with using an IOS command, then that’s good enough for me!

Thanks again.

Wray Upchurch

Manager, Product Management

wray.upchurch@datapath.com<mailto:%20wray.upchurch@datapath.com>

Office: +1 678 597 0423

<http://www.datapath.com/>

2205 Northmont Pkwy, STE 100

Duluth, GA 30096

This email and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains information that is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

Cisco Employee

Hi Wray,

Please remember that the 5921 is a software router.

A hardware button on the integrator's custom hardware combined with an application that monitors the button and programmatically logs into the router to issue the "crypto key zeroize" command could be done via a Linux TAP interface.

You could later in your custom app delete the router config file as it is located in the router's home directory, "/opt/cisco/c5921", depending upon how much you want to clear.

Regards,

Frank Columbus

Technical Marketing Engineer, Embedded Products

Internet of Things Systems and Software Group

Cisco Systems, Inc.

Community Member

Yep. Fully aware it’s a SW router.

Wray Upchurch

Manager, Product Management

wray.upchurch@datapath.com<mailto:%20wray.upchurch@datapath.com>

Office: +1 678 597 0423

<http://www.datapath.com/>

2205 Northmont Pkwy, STE 100

Duluth, GA 30096

This email and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains information that is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.