background image
HP Atalla Cryptographic Subsystem Security Policy
Part Number AJ558-9002A
____________________________________________________________________________________
Proprietary Information © 2015 Hewlett-Packard Company
Page
11
This document may be reproduced only in its original entirety, without revision.
Rule 6:
Before performing any non-status or non-self-test service the operator must present the correct
authorization. Where several stages are required to assemble the authorization, all the steps must be
performed on the same connection.
Rule 7:
The ACS does not support maintenance and bypass modes.
Rule 8:
Failure of self-tests result in the module entering an error state.
Rule 9:
Power-up self-tests initiated after power up or power cycle do not require input or operator intervention.
5. Services
The following services provide user authentication and/or cryptographic functionality as well as
diagnostics capabilities. The available services depend on defined roles.
5.1. Getstatus
Limited status information shall always be available. This command is used to read and display the
status of the Platform, such as tamper information, personality application load status, and mode of
operation (Approved versus non-Approved). To fully determine whether the module is operating in a
FIPS-approved mode of operation, the mode of operation status must return Approved and the version
information given in the output of the command must correspond to the version specified in this Security
Policy. The status output is broken into four parts: basic status, which customers can use for simple
problem diagnosis; network status, for diagnosing network issues; extended status, which is used by HP
Atalla for problem analysis; and event status, which is a date-and-time stamped record of all events
which have taken place with the ACS, also for use by HP Atalla for problem analysis. There is an
optional parameter for basic getstatus service to display the other status information. None of the status
information can compromise the security of the module in any way.
5.2. Version
The version command is used to retrieve the loader name, product type, software version, and build date
and time.
5.3. Help
The help command simply returns a list of the available commands. Help is context sensitive; i.e., it
shows only the commands valid at the current time, so the responses are different in normal, error, and
tamper states. It does not provide any syntax help.