Nexus 7000 18 Slot FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Document Version: Version 1.1 April 12, 2011 © Copyright 2010 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. INTRODUCTION Purpose This is a non-proprietary Cryptographic Module Security Policy for the Nexus 7000 18 Slot from Cisco Systems, Inc., referred to in this document as the module, appliance, or as previously stated. This security policy describes how modules meet the security requirements of FIPS 140-2 and how to run the modules in a FIPS 140-2 mode of operation. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the Nexus 7000 18 Slot. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 — Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST website at http://csrc.nist.gov/groups/STM/cmvp/ References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: • The Cisco Systems, Inc. website (http://www.cisco.com) contains information on the full line of products from Cisco Systems, Inc. • The NIST Cryptographic Module Validation Program website (http://csrc.nist.gov/groups/STM/cmvp/index.html) contains contact information for answers to technical or sales-related questions for the module. Document Organization The Security Policy document is one document in the FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: • Vendor Evidence • Finite State Machine • Other supporting documentation as additional references With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Cisco Systems, Inc. and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Cisco Systems, Inc. © Copyright 2009 Cisco Systems, Inc. Page 2 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. NEXUS 7000 18 SLOT FROM CISCO SYSTEMS, INC. General Overview The Cisco Nexus 7000 18 Slot is a highly scalable in the Data Center end-to-end 10 Gigabit Ethernet switch for mission-critical data center operations. The fabric architecture scales beyond 15 terabits per second (Tbps), with future support for 40-Gbps and 100- Gbps Ethernet. Powered by Cisco NX-OS, a state of the art modular operating system, the platform is designed for exceptional scalability, continuous system operation, serviceability, and transport flexibility. The Cisco Nexus 7000 18 Slot provides comprehensive security features supported by a robust control plane and wire-rate encryption and decryption, allowing security controls that are less complex and more transparent to the protocols and applications in the data center. It supports Cisco TrustSec, a new architecture from Cisco for a converged policy framework to create role-aware networks and pervasive integrity and confidentiality. FIPS 140-2 Overview The Nexus 7000 18 Slot as defined within the scope of the FIPS 140-2 requirements is a multi-chip standalone Hardware device. The cryptographic boundary is the exterior Nexus 7000 18 Slot chassis which encompasses all components of the Nexus 7000 18 Slot (see figure 1), therefore ensuring that all components have undergone a thorough FIPS 140-2 testing and also are physically protected such that unauthorized access is detected. © Copyright 2009 Cisco Systems, Inc. Page 3 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 1 – Front and Back of the Nexus 7000 (18-slot chassis) Module Validation Level The Nexus 7000 18 Slot meets FIPS 140-2 Level 1 overall security. In addition to an overall security claim FIPS 140-2 allows the specification of security Level within each FIPS 140-2 category of validation. The following table lists the level of validation for each FIPS 140-2 testing area/category: No. Area Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 2 4 Finite State Model 1 5 Physical Security 1 6 Operational Environment N/A 7 Cryptographic Key management 1 8 Electromagnetic Interface/Electromagnetic Compatibility 1 9 Self-Tests 1 10 Design Assurance 2 11 Mitigation of Other Attacks 1 Overall Overall module validation level 1 Table 1 – Validation Level by Section © Copyright 2009 Cisco Systems, Inc. Page 4 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Module Physical Ports and Interfaces The Nexus 7000 18 Slot module provides a number of physical ports over which logical interfaces may be accessed. The physical ports and logical interfaces are provided by four major physical components, which are all included within the Nexus 7000 18 Slot cryptographic boundary. These components are the Supervisor Card, the Line Card, Power Supply, and the Fan Tray. The module was validated with two (2) Supervisor cards in slots 9 and 10, and sixteen (16) Line cards in slots 1 through 8 and 11 through 18. These cards are a part of the cryptographic boundary. The physical ports provided by the module are mapped to four high level FIPS 140-2 defined logical interfaces: Data Input Interface, Data Output Interface, Control Input Interface, and status output. The logical interfaces and their mapping are described in the following tables: Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Data Input Supervisor 10/100/1000 Ethernet 1 RJ45 Management (IEEE 802.1AE) Interface Ethernet port • Data Output Interface • Control Input Interface • Status Output Interface • • Data Input Auxiliary RS-232 (Serial) 1 8 Position 8 Interface Contact (8P8C) • Data Output Interface • Control Input Interface • Status Output Interface • • Data Input Console RS-232 (Serial) 1 8 Position 8 Interface Contact (8P8C) • Data Output Interface • Control Input Interface • Status Output Interface • • Compact Flash Port Compact Flash Data Input 2 Compact Flash Interface • Data Output Interface • Status Output Interface • • Light Emitting Diodes N/A Status Output 7 Light (LED) Interface • • Reset Switch N/A Control Input 1 Mechanical Interface switch Table 2 – Supervisor Card Ports and Interfaces © Copyright 2009 Cisco Systems, Inc. Page 5 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. NOTE: Each Supervisor card also includes two USB ports and one Connectivity Management Processor (CMP) port. However, two USB ports are functionally disabled and the two CMP ports are disabled by covering them with labels while operating in FIPS-mode. Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Data Input Ethernet 10/100/1000 Ethernet 32 (SFP+ pluggable Interface optic module) • Data Output Interface • Control Input Interface • Status Output Interface • • Status Output Light Emitting Diodes N/A 34 Light (LED) Interface Table 3 – N7K-M132XP-12 32 Port- 10Gb Ethernet Line Card Ports and Interfaces Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Data Input Ethernet 10/100/1000 Ethernet 32 (SFP+ pluggable Interface optic module) • Data Output Interface • Control Input Interface • Status Output Interface • • Status Output Light Emitting Diodes N/A 34 Light (LED) Interface Table 4 – N7K-M132XP-12L 32 Port- 10Gb Ethernet Line Card Ports and Interfaces © Copyright 2009 Cisco Systems, Inc. Page 6 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Data Input Ethernet 10/100/1000 Ethernet 48 RJ45 Interface • Data Output Interface • Control Input Interface • Status Output Interface • • Status Output Light Emitting Diodes N/A 50 Light (LED) Interface Table 5 – N7K-M148GS-11 48 Port- 10/100/1000c Ethernet Line Card Ports and Interfaces Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Data Input Ethernet 10/100/1000 Ethernet 48 SFP optics Interface • Data Output Interface • Control Input Interface • Status Output Interface • • Status Output Light Emitting Diodes N/A 50 Light (LED) Interface Table 6 – N7K-M148GS-11L 48 Port- 10/100/1000c Ethernet Line Card Ports and Interfaces Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Data Input Ethernet 10Gb Ethernet 8 X2 Interface • Data Output Interface • Control Input Interface • Status Output Interface © Copyright 2009 Cisco Systems, Inc. Page 7 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. • • Light Emitting Diodes N/A Status Output 10 Light (LED) Interface Table 7 – N7K-M108X2-12L 8 Port- 10Gb Ethernet Line Card Ports and Interfaces Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Data Input Ethernet 10/100/1000 Ethernet 8 RJ45 Interface • Data Output Interface • Control Input Interface • Status Output Interface • • Data Input Ethernet 10Gb Ethernet 10 RJ45 Interface • Data Output Interface • Control Input Interface • Status Output Interface • • Status Output Light Emitting Diodes N/A 10 Light (LED) Interface Table 8 – N7K-F132XP-15 32-Port 1 and 10 Gigabit Ethernet Line Card Ports and Interfaces Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Status Output Light Emitting Diodes N/A 2 Light (LED) Interface Table 9 – Fan Tray Ports and Interfaces © Copyright 2009 Cisco Systems, Inc. Page 8 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Port Name Quantity Physical Port Physical Layer Interfaces FIPS 140-2 Logical Interfaces • • Control Input On/Off Switch N/A 1 Physical switch Interface • • Power port N/A Power Input 2 110 or 220 AC Input • • Light Emitting Diodes N/A Status Output 5 Light (LED) Interface Table 10 –Power Ports and Interfaces © Copyright 2009 Cisco Systems, Inc. Page 9 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Roles, Services and Authentication As required by FIPS 140-2, the module supports role-based authentication. There are six roles (Table 11) in the module that operators may assume: Network Administrator, which is the Crypto-Officer, also Network Operator, Virtual Device Administrator, Virtual Device User, and CTS Supplicant, which are defined as the User role. In addition, the module also supports Unauthenticated User role. Table 11 provides a list and description of all six predefined roles provided by the module. FIPS Role Role Name Role Description Crypto- Network Administrator (NA) Compete read-and-write access to the entire NX-OS device (only Officer available in the default VDC) Network Operator (NO) Complete read access to the entire NX-OS device(only available in the default VDC) User Virtual Device Administrator (VDCA) Read-and-write access to a Virtual Device Context (VDC) Virtual Device User (VDCU) Read access to a Virtual Device Context (VDC) CTS Supplicant Cisco TrustSec Network entity Unauthentic Unauthenticated User View the status output from the module’s LED and cycle power. ated User Table 11 Roles and Services Services provided by the Nexus 7000 18 Slot are provided via the ports and interfaces described in Table 12. All other ports and interfaces do not provide FIPS 140-2 defined services. Port Name Interfaces • Command Line Interpreter (CLI) Supervisor Management Ethernet port o SSH • NETCONF (XML over SSH ) • Auxiliary Command Line Interpreter (CLI) o SS • NETCONF (XML) over SSH o SSH • Console Command Line Interpreter (CLI) • Reset switch N/A – provides reset via physical signal alteration • On/Off Switch N/A – provides reset via physical signal alteration • LEDs NA – provides a status output service • Compact Flash Port Command Line Interpreter (CLI) Table 12 – Ports to Operator access interface mapping Authentication Mechanisms The module supports password and public key based authentication methods for operator’s authentication, including CO role and User roles. To log on to the modules for management purposes, an operator must connect to it through one of the management interfaces (Console port, MGMT port, or SSH,) and provide a password. Additionally, the module also supports public key based authentication method for each role, which is detailed in Table 13 below. © Copyright 2009 Cisco Systems, Inc. Page 10 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Authentication Type Strength Username Password mechanism Passwords must be a minimum of 8 characters, with a maximum (RADIUS, TACACS+) of 64 characters (see “Secure Operation” section of this document). The probability of a false positive for a random password guess is less than 1 in 1,000,000. Certificate based authentication The module supports a public key based authentication with 1024 to 4096 bits keys, and thus the probability of a false positive from a random correct guess s greater than 1 in 1,000,000. Table 13 – Estimated Strength of Authentication Mechanisms Table 14 provides a complete list and description of all services provided by the Nexus 7000 18 Slot. In addition, this table also provides a mapping of the services to each role. The columns on the left show the six predefined roles supported by the module. An “X” in the role column signifies that the identified role is allowed to access the corresponding service. Unauthen CTS NA VDCA VDCU -ticated NO Service Name Service Description Supplicant User Authentication, Allows the configuration of AAA Authorization, relevant functionality. The following is and Accounting a bulleted description of the (AAA) functionality provided by the AAA Configuration service: • RADIUS server group configuration • 802.1x server group X X configuration • AAA authentication configuration (TACACS+, RADIUS, Username and Password) • MSCHAPv2 • Radius Authentication Configures authentication for various protocols which support it (i.e. OSPF, X X RIP, etc.) Also, allows specification of the authentication mode, MD5 or clear text. Absolute Specifies a time range which can be X X applied to rule enforcement. Accept-Lifetime Specifies an interval within which the X X device accepts a key during key exchange with another device. Address Configures the address type of a X X particular protocol (IPv4, IPv6, unicast, multicast. Arp access-list Creates an Address Resolution Protocol (ARP) access control list X X (ACL) or allows entry to ARP access list configuration mode. X X Bandwidth Sets bandwidth values for an interface. Border Gateway Configures and manages Boarder X X Protocol (BGP) Gateway Protocol policies. © Copyright 2009 Cisco Systems, Inc. Page 11 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Unauthen CTS NA VDCA VDCU -ticated NO Service Name Service Description Supplicant User Class Specifies a control plane class map for a control plane policy map. X X Class-Map type Creates or specifies a control plane X X control-plane class map or allows entry to the class map configuration mode. Clear Clears various data from the device, X X for example logs, 802.1x authenticator instances, policies, etc. Cisco TrustSec Configuration of Cisco TrustSec X X (CTS) parameters. X Cisco TrustSec Authenticates to the module that has authentication been authenticated in Cisco TrustSec Network. Deadtime Allows the specification of RADIUS or X X TACAS+ deadtime Deny Allows the denial of traffic based on X X configured parameters. Description Allows the operator to provide a description that describes a particular X X objects within the system (e.g. User role, identity policy, etc.). Device Allows the addition of a supplicant device to the Extensible Authentication X X X Protocol over User Datagram Protocol (EAPoUDP) X X Dot1x Configuration of 802.1x parameters. Embedded Event Allows the configuration and viewing of Manager (EEM) various log related objects and logging parameters. Embedded Event Manager is a powerful tool integrated X X X with Cisco NX-OS Software for monitoring and management from within the device itself. EIGRP Configures and manages Enhanced X X Interior Gateway Routing Protocol (EIGRP) EOU Configuration of Extensible X X Authentication Protocol over User Datagram Protocol. EQ Specifies equal port as a group member in an IP port object group. An X X equal group member matches port numbers that are equal to the port number specified in the member. Feature Allows the enablement of paticular X X features (e.g. CTS, dot1x, dhcp, etc.) Flexible NetFlow Allows the configuration of Cisco X X Flexible NetFlow related parameters. Cisco NetFlow provides IP monitoring © Copyright 2009 Cisco Systems, Inc. Page 12 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Unauthen CTS NA VDCA VDCU -ticated NO Service Name Service Description Supplicant User and reporting. Gateway Load Configuration of GLBP groups. X X Balancing Protocol (GLBP) DHCP Configures and managers DHCP on X X the module. GT Specifies a greater-than group member for an IP port object. A X X greater-than group member matches port numbers that are greater than the port number specified in the member. Host Specifies hosts as either an IPv4 or X X IPv6 member. Hot Standby Allows the configuration of HSRP X X Router Protocol policies and groups. (HSRP) Identity Configures the identity policy profiles X X X for end point devices for which LPIP validation is no enforced. Interface Provides interface configuration and X X X management services. X X IP Configuration of IP related parameters. IS-IS Configures Intermediate System-to- X X Intermediate System (IS-IS) interface policies Key Creates or removes a Key or allows X X entry to the configuration mode of an existing key. Key-string Allows the entry of a key using manual entry. Allows both encrypted and X X plaintext entry of the manually entered key material. Key chain Creates a group of keys with a single X X description. X X X X X L.E.D. Observe the operation of the L.E.D.’s Link Aggregation To configure and manage the LACP X X Control Protocol port channeling service. (LACP) License Provide License Management X X X services(i.e., clear, install, show, update) LT Specifies a less-than group member for an IP port object. A less-than group X X member matches port numbers that are less than the port number specified in the member. Logging Allows the configuration and viewing of various log related objects and logging parameters (i.e. enable logging during X X X certain conditions, log file management, Syslog source interface ) © Copyright 2009 Cisco Systems, Inc. Page 13 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Unauthen CTS NA VDCA VDCU -ticated NO Service Name Service Description Supplicant User MAC Configuration of MAC related X X parameters Match Redistributes routes from one routing X X protocol to another and also enables policy routing. Maximum-Paths Configures the maximum number of routes based on a particular metric within a particular protocol (i.e. the X X maximum number of equal cost parallel routes RIP will install into the routing table). X X NAC enable Enables NAC on an interface. NEQ T specify an not-equal group member for an IP port object group. A not-equal X X group member matches port numbers that are not equal to the port number specified in the member. Object-group Configuration of Object-group related parameters. An object-group is a MAC X X X access control list applied to an identity policy. Open Shortest Enables, configures, and manages the X X Path First (OSPF) OSPF protocol. Periodic Specifies a periodic (one or more X X times per week) time range which can be applied for rule enforcement. Permit Allows traffic based on configured X X parameters. Platform Configure how supervisor modules update I/O modules with changes to X X access-control lists. Configures rate limits in packets per second on egress traffic. Police Configure policing for a class map in a X X control plane policy map. Policy Manually configure a Cisco TrustSec authentication policy on an interface. X X This can also be used to specify a control plane policy map. Port-channel Configure and manage load-balancing X X load-balance among the interfaces in the channel- ethernet group bundle. X X Power Cycle Physically Cycle the power of the X X X module Private-VLAN Configuration and management of X X VLAN services. RADUIS Configuration of RADIUS server X X parameters. Range Specifies a range of ports as a group X X member in an IIP port object-group. Remark Allows the entry of a comment into a X X IPv4 or MAC access control list. © Copyright 2009 Cisco Systems, Inc. Page 14 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Unauthen CTS NA VDCA VDCU -ticated NO Service Name Service Description Supplicant User Replay-Protection Enable data-path replay protection X X feature for the Cisco TrustSec authentication on an interface. Resequence Reassign sequence numbers to all X X rules in an access control list or a time range. Role Allows configuration of role related X X parameters. Routing Allows the configuration and X X Information management of Routing Protocol Protocol (RIP) polices. Route-Map Configure and manage route-map X X policies. SAP PMK Manually configures the Cisco X X TrustSec Security Association Protocol (SAP) pairwise master key (PMK). SAP modelist Configures Cisco TrustSec SAP encryption and authentication modes. Allows encryption and authentication, X X Authentication only, or no encryption or authentication. Also, specifies whether the Security group tag (SGT) encapsulation is used. Send Lifetime Specifies the time interval within which X X the device send the key during the key exchange with another device. Server Adds or deletes a RADIUS or X X TACACS+ server group. X X Service DHCP Enables the DHCP relay agent Service-policy Attached a control plan policy map to X X input the control plane Set COS Sets the IEEE 802.Q Class Of Service X X (COS) value for a control plane policy map. Spanning Tree Configures and manage Spanning X X Tree Services (i.e. cost, link-type, mode, MST) X X SSH Creates a Secure Shell (SSH) session. SSH Key Creates an SSH server key for a virtual device context (VDC). Can specify the length of the SSH server X X key from 768 to 2048. Please note for FIPS mode the key length must be greater than 1024 bits (default). SSH server Enables SSH server for a VDC. X X enable Storm Control Sets the suppression level for traffic X X storm control. Switchport Configures a port as either a Layer 2 X X switched or Layer 3 routed interface. Interfaces are layer 3 by default. X X Switchport port Enables port security on a Layer 2 © Copyright 2009 Cisco Systems, Inc. Page 15 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Unauthen CTS NA VDCA VDCU -ticated NO Service Name Service Description Supplicant User security interface and configuration (e.g. aging time, aging type, mac address, etc.). Show Shows the current configuration of X X X specified service parameters, policies, and logs. TACACS + Configuration of TACACS+ server X X parameters. X Telnet Configuration of Telnet server X X X parameters. Time range Specifies a time range which can be X X applied for rule enforcement. Tunnel Provides tunnel configuration and X X management. Username Creats and configures a user ccount in X X a VDC. VLAN Configuration and management of X VLAN objects and parameters. VFR Configuration of Virtual Routing and X X Forwarding (VRF) parameters. VRRP Configuration and management of the X Virtual Router Redundancy Protocol (VRRP). Table 14 – Access Control Policy © Copyright 2009 Cisco Systems, Inc. Page 16 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Critical Security Parameters Used by the Module The module securely administers both cryptographic keys and other critical security parameters. All keys are protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto Officer. All zeroization consists of overwriting the memory that stored the key. The module does not output keys or key components in plaintext form. Table 15 below is a complete list of CSPs used by various services and protocols. CSP CSP Algorithm/Gener Description Storage Zeroization # ation 1 RNG Seed X9.31 RNG Seed is a 128- DRAM Resetting or rebooting the module bit seed for ANSI (plaintext) X9.31 Appendix A.2.4 Using AES Algorithms implemented on Openssl-fips-1.2 2 RNG Seed Key X9.31 RNG Seed Key is a DRAM Resetting or rebooting the module 128-bit seed key for (plaintext) ANSI X9.31 Appendix A.2.4 Using AES Algorithms implemented on Openssl-fips-1.2. 3 Diffie-Hellman DH Used in Diffie- DRAM Resetting or rebooting the module private Hellman (DH) (plaintext) exponent exchange 4 Diffie-Hellman DH used in Diffie- DRAM Resetting or rebooting the module private Hellman (DH) (plaintext) exponent exchange. 5 RADIUS AES AES 256 bit AES Key DRAM Resetting or rebooting the module KEK wrap Key used for protecting (plaintext) the confidentiality of the traffics in/out from RADIUS 6 RADIUS AES HMAC-SHA1 Used for protecting DRAM Resetting or rebooting the module KEK wrap integrity of traffics (plaintext) MACK in/out from RADIUS 7 EAP-FAST Shared Secret This is a 256-bit Flash Overwrite with new secret PAC KEY shared secret (plaintext) between the EAP- FAST client and authentication server. Used to secure an EAP- FAST tunnel 8 EAP-FAST AES Used to protect the DRAM Automatically when EAP-FAST ENCRYPTION data confidentiality (plaintext) Session is terminated KEY during EAP-FAST protocol implementation. 9 EAP-FAST HMAC-SHA1 used to protection DRAM Automatically when EAP-FAST Integrity KEY the data integrity (plaintext) Session is terminated © Copyright 2008 Cisco Systems, Inc. Page 17 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. during EAP-FAST protocol implementation 10 EAP-FAST Shared Secret 512-bit session key DRAM Automatically when EAP-FAST Master Session generated by the (plaintext) Session is terminated Key EAP-FAST authentication method. It is then used as PMK for CTS. 11 SAP Pairwise AES used to derive other DRAM Automatically when SAP Session is Master key cryptographic keys (plaintext) terminated (PMK) used in SAP protocol implementation. 12 SAP Pairwise Shared Secret Concatenation of DRAM Concatenation of KCK, KEK and TK. Transient Key KCK, KEK and TK. (plaintext) See individual sections for details on (PTK) See individual each. sections for details on each. 13 SAP Key AES used to encrypt DRAM Automatically when SAP Session is Encryption Key SAP payloads (plaintext) terminated (KEK) during SAP protocol implementations. 14 SAP Key HMAC-SHA1 used to protect SAP DRAM Automatically when SAP Session is Confirmation payloads integrity (plaintext) terminated Key (KCK) during SAP protocol implementations. 15 SAP Temporal AES 128 bit AES key DRAM Automatically when SAP Session is Key (TK) used to encrypt the (plaintext) terminated data between SAP peers 16 SSH RSA RSA 1024-2048-bit NVRAM crypto key zeroize rsa private Key private key used in (encrypted) SSH protocol 17 SSH session TDES / AES This is the SSH DRAM Zeroized when SSH session is key session key. It is (plaintext) terminated used to encrypt all SSH data traffics traversing between the SSH client and SSH server. 18 SSH session HMAC-SHA-1 This key is used to DRAM Zeroized when SSH session is authentication perform the (plaintext) terminated key authentication between the SSH client and SSH server. 19 User Password Shared Secret Minimum of 8 NVRAM Overwrite with new characters, used for (encrypted) password User role authentication. 20 RADIUS Shared Secret Minimum of 8 NVRAM “# no radius-server Secret characters. Used (encrypted) key” as shared secret in © Copyright 2011 Cisco Systems, Inc. Page 18 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. RADIUS 21 TACACS+ Shared Secret Minimum of 8 NVRAM “# no tacacs-server Secret characters. Used (encrypted) key” as shared secret in TACACS+ Table 15 – CSP’s Used by the Module The services accessing the Critical Service Parameters (CSPs), the type of access and which role accesses the CSPs are listed in the Table 16 Critical Security Parameter CSP/Role/Service Access Policy CSP 10 CSP 11 CSP 12 CSP 13 CSP 14 CSP 15 CSP 16 CSP 17 CSP 18 CSP 19 CSP 20 CSP 21 CSP 1 CSP 2 CSP 3 CSP 4 CSP 5 CSP 6 CSP 5 CSP 6 CSP 7 CSP 8 CSP 9 Role/Service User role Status Functions Network Functions r w d Directory Services Crypto Officer Role Configure the Module r r r r r r r r r r r r r r r r r r r r r r r wwwwww wwwwwwwwwwwwwwwww ddddd d ddddddddddddddddd Define Rules and Filters rrrrr r rrrrrrrrrrrrrrrrr wwwwww wwwwwwwwwwwwwwwww ddddd d ddddddddddddddddd Manage the Module rrrrr r rrrrrrrrrrrrrrrrr wwwwww wwwwwwwwwwwwwwwww ddddd d ddddddddddddddddd Set Encryption/Bypass rrrrr r rrrrrrrrrrrrrrrrr wwwwww wwwwwwwwwwwwwwwww ddddd d ddddddddddddddddd Install Service Module r = read w = write d = delete Table 16 – Role and Service Access to Security Relevant Data Items © Copyright 2011 Cisco Systems, Inc. Page 19 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Approved Cryptographic Algorithms The appliance supports many different cryptographic algorithms; however, only FIPS approved algorithms may be used. The following cryptographic algorithms are to be used: • AES encryption/decryption • Triple-DES encryption/decryption • SHA-1/224/256/384/512 hashing • HMAC-SHA1/HMAC-SHA224/HMAC-SHA256/HMAC-SHA384/HMAC-SHA512 for hashed message authentication • RSA signing and verifying • DSA signing and verifying • X9.31 for RNG The modules cryptographic implementations have achieved the following certifications: Algorithm Openssl-fips-1.2 ASIC Renesas AE45C AES 1602 1024 1275 N/A 1197 1276 1426 1427 Triple-DES 1047 N/A N/A DSA 495 N/A N/A SHS 1415 N/A 1307 HMAC 938 N/A 847 RNG 859 N/A N/A RSA 784 N/A N/A Table 17 – Algorithm Certificates Note: Pursuant to the DES Transition Plan and the approval of the Withdrawal of Federal Information Processing Standard (FIPS) 46-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation, the DES algorithm should not be used in FIPS approved mode of operation. The DES algorithm must not be used when the Triple-DES/AES licenses are installed. Non-FIPS Approved Algorithms allowed for use in FIPS-mode • Diffie-Hellman (allowed for use in FIPS mode) (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength; non-compliant less than 80-bits of equivalent strength). Non-FIPS Approved Algorithms The modules implement the following non-FIPS-approved cryptographic algorithms: • DES • RC4 © Copyright 2011 Cisco Systems, Inc. Page 20 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. • MD5 • MD5 HMAC • Non-Approved RNG Note: Non-FIPS approved algorithms cannot be used in FIPS mode of operation. Self-Tests The modules include an array of self-tests that are run during startup and periodically during operations to prevent any secure data from being released and to insure all components are functioning correctly. The modules implement the following power-on self-tests: Implementation Tests Performed • Software Integrity Test Openssl-fips-1.2 • DSA KAT (signature/verification) • RSA KAT (signature/verification) • Triple-DES KAT • HMAC SHA-1 KAT • HMAC SHA-224 KAT • HMAC-SHA-256 KAT • HMAC-SHA-384 KAT • HMAC-SHA-512 KAT • RNG KAT • AES-GCM KAT ASIC • HMAC SHA-1 KAT Renesas AE45C Table 18 - Module Power On Self -Tests The modules perform all power-on self-tests automatically at boot. All power-on self-tests must be passed before a User/Crypto Officer can perform services. The power-on self-tests are performed after the cryptographic systems are initialized but prior to the initialization of the network ports; this prevents the module from passing any data during a power-on self-test failure. In the unlikely event that a power-on self- test fails, an error message is displayed on the console followed by a module reboot. The module supports cryptographic bypass functionality. In addition, the modules also perform the following conditional self-tests: Implementation Tests Performed • Pairwise consistency test for RSA Openssl-fips-1.2 • Pairwise consistency test for DSA • Continuous Random Number Generator Test for the all RNGs • Bypass Test Table 19 - Module Conditional Self Tests Mitigation of Other Attacks The labels shall be installed for the module to operate in a FIPS Approved mode of operation. The Crypto Officer is responsible for properly placing two (2) labels to cover each CMP port on each Supervisor card. © Copyright 2011 Cisco Systems, Inc. Page 21 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The labels recommended for FIPS 140-2 compliance are provided in the FIPS Kit (Cisco-FIPS-KIT=). These labels are very fragile and cannot be removed without clear signs of damage to the labels. The Crypto Officer should inspect the labels periodically to verify they are intact and the serial numbers on the applied labels match the records in the security log. Application of the serialized labels is as follows: Nexus 7000 – 18 Slot Chassis 1. Turn off and unplug the system before cleaning the chassis and applying labels. 2. For each supervisor module installed, place a label to cover Connectivity Management Processor port (CMP) port. 3. Record the serial numbers of the labels applied to the system in a security log. © Copyright 2011 Cisco Systems, Inc. Page 22 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 2– Nexus 7000 – 18 Slot Chassis Front Label Placement © Copyright 2011 Cisco Systems, Inc. Page 23 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SECURE OPERATION The Nexus 7000 18 Slot meets FIPS 140-2 Level 1 requirements. This section describes how to place and keep the module in a FIPS-approved mode of operation. Operating the module without maintaining the following settings will remove the modules from the FIPS-approved mode of operation. Crypto Officer Guidance – System Initialization The modules were validated with NX-OS version 5.1.1a. This is the only allowable image for FIPS- approved mode of operation. Please note that software update is not allowed in FIPS mode. The Crypto Officer must configure and enforce the following initialization procedures: 1. Disable diagnostic output to the console/VTY switch# no debug all 2. Define a User role password and a Crypto Officer role password. 3. Ensure passwords are at least 8 characters long. 4. Reboot the module. Crypto Officer Guidance – System Configuration To operate in FIPS mode, the Crypto Officer must: • follow the above “Mitigation of Other Attacks” instructions • Configure terminal • fips mode enable • exit • show fips status • copy running-config startup-config • reload © Copyright 2011 Cisco Systems, Inc. Page 24 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Identifying Operation in an Approved Mode The following activities are required to verify that that the module is operating in an Approved mode of operation. 1. Verify that the labels have been properly placed on the module based on the instructions specified in the “Mitigation of Other Attacks” section of this document 2. Verify that the length of User and Crypto Officer passwords and all shared secrets are at least eight (8) characters long, as specified in the “Crypto Officer Guidance – System Initialization” section of this document. 3. Issue the command: ‘show fips status’ and verify that “FIPS status is enabled” is shown on Command Line Interface. © Copyright 2011 Cisco Systems, Inc. Page 25 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. DEFINITION LIST AES Advanced Encryption Standard AT Abbreviation for Authenticators (see Authenticators) Authenticators Devices that are already part of a Cisco TrustSec network COS Class of Service CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTS Cisco TrustSec protocol DES Data Encryption Standard EAP Extensible Authentication Protocol FIPS Federal Information Processing Standard HTTP Hyper Text Transfer Protocol KAT Known Answer Test LAN Local Area Network LED Light Emitting Diode LPIP LAN Port IP Traffic MST Multiple Spanning Tree NA Network Administrator NAC Network Admission Control NIST National Institute of Standards and Technology NO Network Operator NVLAP National Voluntary Laboratory Accreditation Program PMK Pairwise Master Key PPP Point-to-Point Protocol RAM Random Access Memory RSA Rivest Shamir and Adleman method for asymmetric encryption SAN Storage Area Network SGT Security group tag SAP Security Association Protocol SHA Secure Hash Algorithm SSH Secure Shell SSL Secure Sockets Layer SM Service Module Supplicants Devices that attempt to join a Cisco TrustSec network. TLS Transport Layer Security VDC Virtual Device Control VDCA Virtual Device Administrator VDCU Virtual Device User VLAN Virtual LAN VRF Virtual Routing and Forwarding © Copyright 2011 Cisco Systems, Inc. Page 26 of 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.