Page 4

Non-Proprietary Security Policy, Brocade VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX 6740T and VDX 8770 Switches

V1.0

Brocade Communications Systems, Inc.

Page 4 of 50

1 Module Overview

The VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX6740T and VDX 8770 are multi-chip standalone

cryptographic modules, as defined by FIPS 140-2. The module(s) are available in multiple configurations that

vary based on the hardware enclosure. Each module is enclosed in a hard opaque commercial grade metal

chassis with removable cover. For the VDX 6710, VDX 6720, VDX 6730, VDX 6740, and VDX 6740T the power

supply and fan assemblies are not part of the cryptographic boundary. For VDX 8770 modules the power

supply and fan assemblies are part of the cryptographic boundary. The module is a Gigabit Ethernet routing

switch that provides secure network services and network management.

For each module to operate in a FIPS Approved mode of operation, the tamper evident seals supplied in

Brocade XBR-000195 must be installed, as defined in Appendix A.

The security officer is responsible for storing and controlling the inventory of any unused seals. The unused

seals shall be stored in plastic bags in a cool, dry environment between 60° and 70° F (15° to 20° C) and

less than 50% relative humidity. Rolls should be stored flat on a slit edge or suspended by the core.

The security officer shall maintain a serial number inventory of all used and unused tamper evident seals. The

security officer shall periodically monitor the state of all applied seals for evidence of tampering. A seal serial

number mismatch, a seal placement change, a checkerboard destruct pattern that appears in peeled film and

adhesive residue on the substrate are evidence of tampering. The security officer shall periodically view each

applied seal under a UV light to verify the presence of a UV wallpaper pattern. The lack of a wallpaper pattern is

evidence of tampering. The security officer is responsible for returning a module to a FIPS approved state after

any intentional or unintentional reconfiguration of the physical security measures.

Table 1 Firmware Version

Firmware

Part Number

Network OS (NOS) v4.1.1 63-1001271-01

Table 2 Validated VDX 6710 Configurations

SKU/MFG Part Number

Product Description

Firmware

FIPS KIT

SKU: BR-VDX6710-54-F

P/N: 80-1004843-04

VDX 6710,48P GBE,6P

SFP+,AC, NON-PORT SIDE

EXHAUST1

NOS v4.1.1

XBR-000195

SKU: BR-VDX6710-54-R

P/N: 80-1004702-04

VDX 6710,48P GBE,6P

SFP+,AC, PORT SIDE

EXHAUST1

NOS v4.1.1

XBR-000195

Table 2 Notes:

1. Port side and non-port side exhaust indicates whether the external fan direction causes air to be

draw into the non-port side air vents and exhausted from the port side air vents or vice versa.

Table 3 Validated VDX 6720 Configurations

SKU/MFG Part Number

Product Description

Firmware

FIPS KIT

SKU: BR-VDX6720-16-F3

P/N: 80-1004566-071,

80-1006701-022

VDX 6720,16P,SFP+,AC, NON-

PORT SIDE EXHAUST4

NOS v4.1.1

XBR-000195

SKU: BR-VDX6720-16-R3

P/N: 80-1004567-071,

80-1006702-022

VDX 6720,16P,SFP+,AC, PORT

SIDE EXHAUST4

NOS v4.1.1

XBR-000195