All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Ruckus FastIron ICX ™ 7550/7650/7850 Series Switch/Router

Certificate#4836StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorRuckus Wireless LLC
High review priority  ·  no TCB surface named  ·  last validated 21 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/10/2029
CaveatWhen installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode
VendorRuckus Wireless LLC

Approved Algorithms (30)

AlgorithmACVP Cert
AES-CBCA2345
AES-CFB128A2345
AES-CMACA2345
AES-CTRA2345
AES-ECBA2345
AES-ECBAES 4550
AES-GCMA2345
AES-GCMAES 4550
AES-KWA2345
AES-KWPA2345
Counter DRBGA2345
ECDSA KeyGen (FIPS186-4)A2345
ECDSA SigGen (FIPS186-4)A2345
ECDSA SigVer (FIPS186-4)A2345
HMAC-SHA-1A2345
HMAC-SHA2-256A2345
HMAC-SHA2-384A2345
KAS-ECC-SSC Sp800-56Ar3A2345
KAS-FFC-SSC Sp800-56Ar3A2345
KDF SNMPA2345
KDF SP800-108A2345
KDF SSHA2345
KDF TLSA2345
RSA KeyGen (FIPS186-4)A2345
RSA SigGen (FIPS186-4)A2345
RSA SigVer (FIPS186-4)A2345
Safe Primes Key GenerationA2345
SHA-1A2345
SHA2-256A2345
SHA2-384A2345

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Ruckus FastIron ICX ™ 7550/7650/7850 Series Switch/Router
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>Firmware Load</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Ruckus FastIron ICX ™ 7550/7650/7850 Series Switch/Router
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>Firmware Load</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Ruckus FastIron ICX™ 7550/7650/7850 Series Switch/Router Firmware Version: IronWare OS 09.0.10 Document Version: 1.5 Last Update Date: 10-07-2024 Prepared by: Ruckus Wireless LLC Salarpuria Supreme, #137, Marathahalli Bangalore, Karnataka 560037 India www.commscope.com

Page 2
Table of Contents
#SectionPage
Page 3
  1. General This is a non-proprietary cryptographic module security policy for Ruckus FastIron ICX™ 7550/7650/7850 Series Switch/Router (hereinafter referred to as the module). The firmware version running on each module is IronWare OS 09.0.10. This security policy describes how the module meets the FIPS 140-3 Level 1 security requirements, and how to operate the module in a FIPS 140-3 mode. This security policy may be freely distributed. FIPS 140-3 (Federal Information Processing Standards Publication 140-3 — Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the NIST website at https://csrc.nist.gov/projects/cryptographic-module-validation-program. Table 1 below indicates the actual security levels for each area of the module. ISO/IEC 24759 Section
  2. FIPS 140-3 Section Title Security [Number Below] Level
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 2
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security 1
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks N/A

Table 1 - Security Levels The module is designed to meet an overall security level 1.

Page 4

2. Cryptographic Module Specification Cryptographic Boundary The module is a hardware, multi-chip standalone cryptographic module. The cryptographic boundary is defined as the module’s chassis unit encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case representing the module’s physical perimeter. This section illustrates the module hardware with the help of photographs. Ruckus ICX-7550 Series Figure 1 - ICX7550 Series Figure 2 - ICX 7550

Page 5

Figure 4 - ICX 7550-24P Figure 5 - ICX 7550-24ZP Figure 6 - ICX 7550-48 Figure 7 - ICX 7550-48F Figure 8 - ICX 7550-48P

Page 6

Figure 9 - ICX 7550-48ZP Figure 10 - ICX 7550-Rear View Please note that Ruckus ICX 7550 Series switches offer up to 2 redundant power supplies (AC or DC), one RJ-45 Ethernet port for out of band network management, one USB Type-C port for console management, and one RJ-45 port for serial console management. Ruckus ICX-7650 Series Figure 11 - ICX7650 Series Figure 12 - ICX 7650-48ZP Figure 13 - ICX 7650-48P Figure 14 - ICX7650-48F

Page 7

Figure 15 - ICX7650 Rear View Please note that Ruckus ICX 7650 Series switches offer dual power supply slots, one RJ-45 Ethernet port for out-of-band network management, one USB Type-C port for console management, and one RJ-45 port for serial console management. Ruckus ICX-7850 Series Figure 16 - ICX7850 Series Figure 17

Page 8

Figure 20 - ICX7850-48C Please note that Ruckus ICX 7850 Series switches offer dual power supply slots, one RJ-45 Ethernet port for out-of-band network management, one USB Type-C port for console management, and one RJ-45 port for serial console management. The module delivers the performance, flexibility, and scalability required for enterprise access deployment. Table 2 below lists the model and firmware version included in this validation. Hardware Hardware Distinguishing [Part Numbers and Firmware Version Model Features Versions]

Page 9

Hardware Hardware Distinguishing [Part Numbers and Firmware Version Model Features Versions] See Cryptographic Module Interfaces section for more information

Page 10

Hardware Hardware Distinguishing [Part Numbers and Firmware Version Model Features Versions]

Page 11

Mode/Method Description / Key Use / Function /Notes CAVP Algorithm and Size(s) / Key Cert Standard Strength(s) #A2345 AES AES-ECB 128 and 256 bits Data

Page 12

Mode/Method Description / Key Use / Function /Notes CAVP Algorithm and Size(s) / Key Cert Standard Strength(s) #A2345 KAS-FFC-SSC KAS-FFC-SSC MODP-2048, MODP- KAS-FFC Shared Secret

128 bits of encryption MACSec

strength #A2345 KTS (SSH) KTS (AES Cert. Key establishment Key Transport using AES SP800-38F #A2345 and methodology provides and HMAC in SSH HMAC Cert. 128 or 256 bits of #A2345) encryption strength #A2345 KTS (TLS) KTS (AES Cert. Key establishment Key Transport using AES

128 or 256 bits of

encryption strength #A2345 SHS SHA-1 N/A Secure hashing

Page 13

Mode/Method Description / Key Use / Function /Notes CAVP Algorithm and Size(s) / Key Cert Standard Strength(s)

Page 14

Mode/Method Description / Key Use / Function /Notes CAVP Algorithm and Size(s) / Key Cert Standard Strength(s) AES AES AES-ECB 128 bits ECB is a pre-requisite #4550

5288 for TLS. The module is compatible with TLSv1.2 and provides support for the

acceptable GCM cipher suites from SP 800-52 Rev1, Section 3.3.1. The operations of one of the two parties involved in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the module being validated. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.

Page 15

3. Cryptographic Module Interfaces The module provides a number of physical and logical interfaces to the device, and the physical interfaces provided by the module are mapped to the following FIPS 140-3 defined logical interfaces: Data Input, Data Output, Control Input, Control Output (N/A) and Status Output. The logical interfaces and their mapping are described in the Tables 5-7 below. Please note that the module doesn’t support Control Output logical interface. Physical Port Logical Interface Data that passes over port/interface Console port, Mgmt port, Ethernet ports Data Input SSH, TLS, SNMPv3, or SFP/SFP+ ports, RJ-45 POE+ ports, MACSec traffic Uplink/Stack QSFP+ ports Console port, Mgmt port, Ethernet ports Data Output SSH, TLS, SNMPv3, or SFP/SFP+ ports, RJ-45 POE+ ports, MACSec traffic Uplink/Stack QSFP+ ports Console port, Mgmt port, Ethernet ports Control Input Control Input SFP/SFP+ ports, RJ-45 POE+ ports, Uplink/Stack QSFP+ ports Console port, Mgmt port, Ethernet ports Status Output Status information SFP/SFP+ ports, RJ-45 POE+ ports, Uplink/Stack QSFP+ ports, and LEDs N/A Control Output N/A Power N/A Provides the power supply to the module Table 5 - Ports and Interfaces for ICX 7550 Physical Port Logical Interface Data that passes over port/interface Console port, Mgmt port, Ethernet ports Data Input SSH, TLS, SNMPv3, or SFP/SFP+ ports, RJ-45 POE+ ports MACSec traffic Console port, Mgmt port, Ethernet ports Data Output SSH, TLS, SNMPv3, or SFP/SFP+ ports, RJ-45 POE+ ports MACSec traffic Console port, Mgmt port, Ethernet ports Control Input Control Input SFP/SFP+ ports, RJ-45 POE+ ports Console port, Mgmt port, Ethernet ports Status Output Status information SFP/SFP+ ports, RJ-45 POE+ ports, and LEDs N/A Control Output N/A Power N/A Provides the power supply to the module Table 6

Page 16

Console port, Mgmt port, Ethernet ports, Status Output Status information SFP+ ports, SFP28 ports, QSFP28 ports, and LEDs N/A Control Output N/A Power N/A Provides the power supply to the module Table 7– Ports and Interfaces for ICX7850

  1. Roles, Services, and Authentication The module supports role-based authentication. In approved mode, the cryptographic module supports the following roles:
  2. Crypto Officer Role: The Crypto Officer role has complete access to the system. The Crypto Officer is the only role that can perform firmware loading, security functions configuration (SSHv2, TLSv1.1/1.2, SNMPv3, and MACSec) and account management. A crypto officer can create additional accounts thereby creating additional crypto officers.
  3. Port Config Admin Role: The Port Config Admin role has read and write access for configuring specific ports but not for global (system‐wide) parameters.
  4. User Role: The User role on the device has read-only privileges and no configuration mode access. The module does not support the maintenance role. The services for someone without an authorized role are to view the status output from the module’s LEDs and to cycle power the module. For all other services, an operator must authenticate to the module as described in Table below. The module provides services for remote communication (SSHv2 and SNMPv3) for management and configuration of cryptographic functions. The following subsections describe services available to operators based on role. Role Service Input Output Crypto Officer Perform Self-test Command to trigger self-test The self-tests completion status information Crypto Officer Perform Zeroization Command to zeroize the The zeroization completion status module information Crypto Officer Update Firmware Command to upload a new The firmware update completion validated firmware status information Crypto Officer CO Authentication CO role authentication request Status of the CO role authentication Crypto Officer Configuration Commands to configure the Status of the completion of network Management module related configuration Crypto Officer Configure RADIUS Commands to configure Status of the completion of RADIUS Server RADIUS Server Server configuration Crypto Officer Configure SSHv2 Commands to configure Status of the completion of SSHv2 Function SSHv2 function configuration Crypto Officer Configure SSL over Commands to configure SSL Status of the completion of SSL over TLSv1.1/1.2 Function over TLSv1.1/2 function TLSv1.1/1.2 configuration Crypto Officer Configure SNMPv3 Commands to configure Status of the completion of SNMPv3 Function SNMPv3 function configuration
Page 17

Role Service Input Output Crypto Officer Configure MACSec Commands to configure Status of the completion of MACSec Function MACSec function configuration Crypto Officer Account management Command to create user The status of the new user accounts account Crypto Officer Show Version Command to show version Module’s name and versioning information Crypto Officer Show Status Command to get the status of Module’s current status information the module Crypto Officer Port Configuration Commands to configure the Port configuration completion status Management port parameters of information switch/router Crypto Officer Run SSHv2 Function Initiate SSHv2 tunnel Status of SSHv2 tunnel establishment request establishment Crypto Officer Run SSL over Initiate SSL over Status of TLSv1.1/v1.2 tunnel TLSv1.1/v1.2 Function TLSv1.1/v1.2 tunnel establishment establishment request Crypto Officer Run SNMPv3 Function Initiate SNMPv3 tunnel Status of SNMPv3 tunnel establishment request establishment Crypto Officer Run MACSec Function Initiate MACSec tunnel Status of MACSec tunnel establishment request establishment Table 8 - Roles, Service Commands, Input and Output (Crypto Officer role) Role Service Input Output User Show Version Command to show version Module’s name and versioning information User Show Status Command to get the status of Module’s current status information the module User User Authentication User role authentication Status of the User role authentication request User Run SSHv2 Function Initiate SSHv2 tunnel Status of SSHv2 tunnel establishment request establishment Table 9 - Roles, Service Commands, Input and Output (User role) Role Service Input Output Port Config Admin Show Version Command to show version Module’s name and versioning information Port Config Admin Show Status Command to get the status of Module’s current status information the module Port Config Admin Port Config Admin Port Config Admin role Status of the Port Config Admin role Authentication authentication request authentication Port Config Admin Port Configuration Commands to configure the Port configuration completion status Management port parameters of information switch/router Port Config Admin Run SSHv2 Function Initiate SSHv2 tunnel Status of SSHv2 tunnel establishment request establishment Table 10 - Roles, Service Commands, Input and Output (Port Config Admin role) Authentication Role Authentication Strength Method Crypto Officer, Password-based The minimum length is eight (8) characters (94 possible characters). The User, Port authentication probability that a random attempt will succeed or a false acceptance will occur is Config Admin 1/(948) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(948), which is less than 1/100,000. The configuration supports at most ten failed attempts to authenticate in a one-minute period. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52

Page 18

alphabetic characters, and 32 special characters providing 94 characters to choose from in total Crypto Officer, RSA-based The minimum length is eight (8) characters (94 possible characters). The User, Port authentication probability that a random attempt will succeed or a false acceptance will occur is Config Admin 1/(948) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(948), which is less than 1/100,000. The configuration supports at most ten failed attempts to authenticate in a one-minute period. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total Crypto Officer, ECDSA-based RSA key pair has modulus size of 2048 bits, thus providing 112 bits of strength, User, Port authentication which means an attacker would have a 1 in 2112 chance of randomly obtaining Config Admin the key, which is much stronger than the one in a million chances required by FIPS 140-3. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 8.65x10^31 (2112 /60 = 8.65 x 1031) attempts per second, which is less than 1/100,000 Table 11

Page 19

Service Description Approved Keys and/or SSPs Roles Access rights Indicator Security to Keys Functions and/or SSPs HMAC-SHA- SSH ECDSA Public Key, 1, SSH RSA Private Key, HMAC- SSH RSA Public Key, SHA2-256, SSH DH Private Key, KAS-ECC- SSH DH Public Key, SSC, SSH DH Shared Secret Key, SSH ECDH Private Key, KAS (ECC), SSH ECDH Public Key, KAS-FFCSSH ECDH Shared Secret SSC, Key, KAS (FFC), SSH Session Encryption KTS, Key, ECDSA SSH Session Integrity Key KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGen Configure SSL Configure AES-ECB, DRBG Entropy Input, Crypto R, W, G Global over TLSv1.1/1.2 AES-CBC, DRBG Seed, Officer indicator and TLSv1.1/1.2 Function AES-GCM, DRBG Internal State V TLS Function CKG, value, connection DRBG Key, success log CTR_DRBG, TLS ECDSA Private Key, message KDF TLS, TLS ECDSA Public Key, HMAC-SHA- TLS RSA Private Key, 1, TLS RSA Public Key, HMAC- TLS DH Private Key, SHA2-256, TLS DH Public key, HMAC- TLS DH Shared Secret, SHA2-384, TLS ECDH Private Key, KAS-ECC- TLS ECDH Public key, SSC, TLS ECDH Shared Secret, KAS (ECC), TLS Pre-Master Secret, KAS-FFC- TLS Master Secret, SSC, TLS Session Encryption Key, KAS (FFC), TLS Session Integrity Key KTS, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGen SNMPv3 Configure AES- SNMPv3 User Crypto R, W, G Global Function SNMPv3 CFB128, Authentication Secret, Officer indicator and Configuration Function KDF SNMP, SNMPv3 Session Encryption SNMPv3 Key, connection

Page 20

Service Description Approved Keys and/or SSPs Roles Access rights Indicator Security to Keys Functions and/or SSPs HMAC-SHA- SNMPv3 Session Integrity success log 1, Key message HMACSHA2-256, HMACSHA2-384 Configure Configure AES-CMAC, MACSec CAK, Crypto R, W, G Global MACSec MACSec AES-GCM, MACSec ICK, Officer indicator and Function Function AES-KW, MACSec KEK, MACSec AES-KWP, MACSec SAK connection KTS, success log KBKDF message Port Perform Port N/A Crypto Officer Password, Crypto R, E N/A Configuration Configuration Port Config Admin Password Officer, Management Port Config Admin Account Account N/A Crypto Officer Password, Crypto W N/A management Creation User Password, Officer Port Config Admin Password Run SSHv2 Negotiation and AES-CBC, DRBG Entropy Input, Crypto R, E Global Function encrypted data AES-CTR, DRBG Seed, Officer, indicator and transport via CKG, DRBG Internal State V User, SSH SSH CTR_DRBG, value, Port Config connection DRBG Key, Admin success log KDF SSH, SSH ECDSA Private Key, message HMAC-SHASSH ECDSA Public Key, 1, SSH RSA Private Key, HMAC- SSH RSA Public Key, SHA2-256, SSH DH Private Key, KAS-ECC- SSH DH Public Key, SSC, SSH DH Shared Secret Key, KAS (ECC), SSH ECDH Private Key, KAS-FFC- SSH ECDH Public Key, SSC, SSH ECDH Shared Secret KAS (FFC), Key, KTS, SSH Session Encryption Key, ECDSA SSH Session Integrity Key KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGen Run SSL over Negotiation and AES-ECB, DRBG Entropy Input, Crypto R, E Global TLSv1.1/1.2 encrypted data AES-CBC, DRBG Seed, Officer indicator and Function transport via SSL AES-GCM, DRBG Internal State V TLS (TLSv1.1/1.2) CKG, value, connection DRBG Key, success log CTR_DRBG, TLS ECDSA Private Key, message KDF TLS, TLS ECDSA Public Key, HMAC-SHA- TLS RSA Private Key, 1, TLS RSA Public Key, TLS DH Private Key,

Page 21

Service Description Approved Keys and/or SSPs Roles Access rights Indicator Security to Keys Functions and/or SSPs HMAC- TLS DH Public key, SHA2-256, TLS DH Shared Secret, HMAC- TLS ECDH Private Key, SHA2-384, TLS ECDH Public key, KAS-ECC- TLS ECDH Shared Secret, SSC, TLS Pre-Master Secret, TLS Master Secret, KAS (ECC), TLS Session Encryption KAS-FFCKey, SSC, TLS Session Integrity Key KAS (FFC), KTS, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGen Run SNMPv3 Negotiation and AES- SNMPv3 User Crypto R, E Global Function encrypted data CFB128, Authentication Secret, Officer indicator and transport via KDF SNMP, SNMPv3 Session Encryption SNMPv3 SNMPv3 HMAC-SHA- Key, connection 1, SNMPv3 Session Integrity success log HMAC- Key, message SHA2-256, HMACSHA2-384 Run MACSec Negotiation and AES-CMAC, MACSec CAK, Crypto R, E Global Function encrypted data AES-GCM, MACSec ICK, Officer indicator and transport via AES-KW, MACSec KEK, MACSec MACSec AES-KWP, MACSec SAK connection success log KTS, message KBKDF Table 12 - Approved Services G = Generate: The module generates or derives the SSP R = Read: The SSP is read from the module (e.g. the SSP is output) W = Write: The SSP is updated, imported, or written to the module E = Execute: The module uses the SSP in performing a cryptographic operation Z = Zeroise: The module zeroises the SSP

Page 22

5. Software/Firmware Security Integrity Techniques The module performs the Firmware Integrity tests by using CRC-32 during the Pre-Operational Self-Test. At Module’s initialization, the integrity of the runtime executable binary file is verified using the following two integrity check mechanisms to ensure that the module has not been tampered:

256 (RSA Cert. #A2345) for the new validated firmware to be uploaded into the module. A

Firmware Load Test Key was preloaded to the module’s binary at the binary the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate into the module before loading any firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails. Integrity Test On-Demand Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the module to initiate the firmware integrity test on-demand. This automatically performs the integrity test of all firmware components included within the boundary of the module.

  1. Operational Environment The module is a hardware module. The module’s operational environment is limited as the modules include a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into these modules is out of the scope of this validation and requires a separate FIPS 140-3 validation. The module’s firmware version running on each model is IronWare OS 09.0.10.
  2. Physical Security The module is a multi-chip standalone hardware cryptographic module. The module meets the FIPS 140-3 Level 1 security requirements as production grade equipment.
  3. Non-Invasive Security No approved non-invasive attack mitigation test metrics are defined at this time.
Page 23

9. Sensitive Security Parameter Management Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number DRBG 384 bits N/A Generated from Import: No N/A DRAM Zeroized by Used to seed Entropy noise source (plaintext) SSP the DRBG Input Export: No (CSP/PSP) Zeroization Command DRBG Seed 256 bits DRBG Internally Derived Import: No N/A DRAM Zeroized by Used DRBG from entropy input (plaintext) SSP generation Cert. #A2345 string as defined by Export: No (CSP/PSP) SP800-90Arev1 Zeroization Command DRBG 256 bits DRBG Internally Derived Import: No N/A DRAM Zeroized by Used DRBG Internal from entropy input (plaintext) SSP generation State V Cert. #A2345 string as defined by Export: No (CSP/PSP) value SP800-90Arev1 Zeroization Command DRBG Key 256 bits DRBG Internally Derived Import: No N/A DRAM Zeroized by Used DRBG from entropy input (plaintext) SSP generation Cert. #A2345 string as defined by Export: No (CSP/PSP) SP800-90Arev1 Zeroization Command Port Config 8 to 60 N/A N/A Import: MD/EE Flash Zeroized by Used for Port Admin Characters Encrypted (plaintext) SSP Config Admin Password by SSH (CSP/PSP) authentication session key Zeroization Command Export: No Crypto 8 to 60 N/A N/A Import: MD/EE Flash Zeroized by Used for Officer Characters Encrypted (plaintext) SSP Crypto Password by SSH (CSP/PSP) Officer session key Zeroization authentication Command Export: No User 8 to 60 N/A N/A Import: MD/EE Flash Zeroized by Used for User Password Characters Encrypted (plaintext) SSP authentication by SSH (CSP/PSP) session key Zeroization Command Export: No RADIUS 8 to 64 N/A N/A Import: MD/EE Flash Zeroized by Used for Secret Characters Encrypted (plaintext) SSP RADIUS by SSH (CSP/PSP) Server session key Zeroization authentication Command Export: No SSH P-256, P- CKG, Internally generated Import: No N/A Flash Zeroized by Used for SSH ECDSA 384 DRBG, conformant to (plaintext) SSP authentication Private Key ECDSA KeyGen, SP800-133r2 Export: No (CSP/PSP) ECDSA SigGen (CKG) using FIPS Zeroization 186-4 ECDSA key Command Cert. #A2345 generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG SSH P-256, P- ECDSA SigVer Internally derived Import: No N/A Flash Zeroized by Used for SSH ECDSA 384 per the FIPS 186-4 (plaintext) SSP authentication Public Key Cert #A2345 ECDSA key Export: to (CSP/PSP) generation method SSH peer Zeroization application Command

Page 24

Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number SSH RSA 2048 bits CKG, Internally generated Import: No N/A Flash Zeroized by Used for SSH Private Key DRBG, conformant to (plaintext) SSP authentication RSA KeyGen, SP800-133r2 Export: No (CSP/PSP) RSA SigGen (CKG) using FIPS Zeroization 186-4 RSA key Command Cert. #A2345 generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG SSH RSA 2048 bits RSA SigVer Internally derived Import: No N/A Flash Zeroized by Used for SSH Public Key per the FIPS 186-4 (plaintext) SSP authentication Cert #A2345 RSA key generation Export: to (CSP/PSP) method SSH peer Zeroization application Command SSH DH MODP- CKG, Internally Import: No N/A DRAM Zeroized by Used to derive Private Key 2048, DRBG, generated. (plaintext) SSP SSH DH 4096, KAS-FFC-SSC conformant to Export: No (CSP/PSP) Shared secret

8192 bits SP800-133r2 Zeroization

Cert. #A2345 (CKG) using Command SP800-56Arev3 Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG SSH DH MODP- KAS-FFC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Public Key 2048, internally per the (plaintext) SSP SSH DH 4096, Cert. #A2345 Diffie-Hellman key Export: to (CSP/PSP) Shared secret

8192 bits agreement SSH peer Zeroization

(SP800-56Arev3) application Command SSH DH MODP- KAS-FFC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Shared 2048, 4096, using (plaintext) SSP SSH Session Secret 8192 bits Cert. #A2345 SP800-56A rev3 Export: No (CSP/PSP) Encryption EC Diffie-Hellman Zeroization Key, SSH shared secret Command Session computation Integrity Key SSH ECDH P-256, CKG, Internally Import: No N/A DRAM Zeroized by Used to derive Private Key P-384, DRBG, generated. (plaintext) SSP SSH ECDH P-521 KAS-ECC-SSC conformant to Export: No (CSP/PSP) Shared secret SP800-133r2 Zeroization Cert. #A2345 (CKG) using Command SP800-56Arev3 EC Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG SSH ECDH P-256, KAS-ECC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Public Key P-384, internally per the (plaintext) SSP SSH ECDH P-521 Cert. #A2345 (CSP/PSP) Shared secret

Page 25

Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number EC Diffie-Hellman Export: to Zeroization key agreement SSH peer Command (SP800-56Arev3) application SSH ECDH P-256, KAS-ECC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Shared P-384, using (plaintext) SSP SSH Session Secret P-521 Cert. #A2345 SP800-56A rev3 Export: No (CSP/PSP) Encryption EC Diffie-Hellman Zeroization Key shared secret Command SSH Session computation Integrity Key SSH Session 128, 256 AES-CTR, Internally derived Import: No N/A DRAM Zeroized by Used for SSH Encryption bits KDF SSH, via key derivation (plaintext) SSP session Key KTS function defined in Export: No (CSP/PSP) confidentiality SP800-135rev1 Zeroization protection Cert. #A2345 KDF (SSHv2) Command SSH Session At least HMAC-SHA-1, Internally derived Import: No N/A DRAM Zeroized by Used for SSH Integrity 160 bits HMAC-SHA2- via key derivation (plaintext) SSP session Key 256, function defined in Export: No (CSP/PSP) integrity KDF SSH SP800-135rev1 Zeroization protection KDF (SSHv2) Command Cert. #A2345 SNMPv3 8 to 20 N/A Please see Import: MD/EE Flash Zeroized by SNMPv3 User User characters Establishment Encrypted by (plaintext) SSP Authentication Authenticati SSH session (CSP/PSP) on Secret key Zeroization Command Export: No SNMPv3 128 bits AES-CFB128, Internally derived Import: No N/A DRAM Zeroized by Used for Session KDF SNMP via key derivation (plaintext) SSP SNMPV3 Encryption function defined in Export: No (CSP/PSP) session Key Cert. #A2345 SP800-135rev1 Zeroization confidentiality KDF (SNMPv3) Command protection SNMPv3 At least 160 HMAC-SHA-1, Internally derived Import: No N/A DRAM Zeroized by Used for Session bits KDF SNMP via key derivation (plaintext) SSP SNMPv3 Integrity function defined in Export: No (CSP/PSP) session Key Cert. #A2345 SP800-135rev1 Zeroization integrity KDF (SNMPv3) Command protection

Page 26

Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number TLS ECDSA P-256, P- CKG, Internally generated Import: No N/A Flash Zeroized by Used for TLS Private Key 384 DRBG, conformant to (plaintext) SSP authentication ECDSA KeyGen, SP800-133r2 Export: No (CSP/PSP) ECDSA SigGen (CKG) using Zeroization FIPS 186-4 ECDSA Command Cert. #A2345 key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG TLS ECDSA P-256, P- ECDSA SigVer Internally derived Import: No N/A Flash Zeroized by Used for TLS Public Key 384 per the FIPS 186-4 (plaintext) SSP authentication Cert. #A2345 ECDSA key Export: to (CSP/PSP) generation method TLS peer Zeroization application Command TLS RSA 2048 bits CKG, Internally generated Import: No N/A Flash Zeroized by Used for TLS Private Key DRBG, conformant to (plaintext) SSP authentication RSA KeyGen, SP800-133r2 Export: No (CSP/PSP) RSA SigGen (CKG) using Zeroization FIPS 186-4 RSA Command Cert. #A2345 key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG TLS RSA 2048 bits RSA SigVer Internally derived Import: No N/A Flash Zeroized by Used for TLS Public Key per the FIPS 186-4 (plaintext) SSP authentication Cert. #A2345 RSA key generation Export: to (CSP/PSP) method TLS peer Zeroization application Command TLS DH MODP- CKG, Internally Import: No N/A DRAM Zeroized by Used to derive Private Key 2048 DRBG, generated. (plaintext) SSP TLS DH KAS-FFC-SSC conformant to Export: No (CSP/PSP) Shared secret SP800-133r2 Zeroization Cert. #A2345 (CKG) using Command SP800-56Arev3 Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG TLS DH MODP- KAS-FFC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Public Key 2048 internally per the (plaintext) SSP TLS DH Cert. #A2345 Diffie-Hellman key Export: to (CSP/PSP) Shared secret agreement TLS peer Zeroization (SP800-56Arev3) application Command TLS DH MODP- KAS-FFC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Shared 2048 using (plaintext) SSP TLS Session Secret Cert. #A2345 SP800-56A rev3 Export: No (CSP/PSP) Encryption

Page 27

Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number Diffie-Hellman Zeroization Key, TLS shared Command Session secret Integrity Key computation TLS ECDH P-256, P- CKG, Internally Import: No N/A DRAM Zeroized by Used to derive Private Key 384 DRBG, generated. (plaintext) SSP TLS ECDH KAS-ECC-SSC conformant to Export: No (CSP/PSP) Shared Secret SP800-133r2 Zeroization Cert. #A2345 (CKG) using Command SP800-56Arev3 EC Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG TLS ECDH P-256, P- KAS-ECC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Public key 384 internally per the (plaintext) SSP TLS ECDH Cert. #A2345 EC Diffie-Hellman Export: to (CSP/PSP) Shared secret key agreement TLS peer Zeroization (SP800-56Arev3) application Command TLS ECDH P-256, P- KAS-ECC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Shared 384 using (plaintext) SSP TLS Session Secret Cert. #A2345 SP800-56A rev3 Export: No (CSP/PSP) Encryption EC Diffie-Hellman Zeroization Key, TLS shared Command Session Integrity Key secret computation TLS Pre- 256 bits N/A Internally derived Import: No N/A DRAM Zeroized by Used to derive Master via key derivation (plaintext) SSP TLS Session Secret function defined in Export: No (CSP/PSP) Encryption SP800-135rev1 Zeroization Key, TLS KDF (TLSv1.1/1.2) Command Session Integrity Key TLS Master 48 bytes N/A Internally derived Import: No N/A DRAM Zeroized by TLS pre Secret via key derivation (plaintext) SSP master secret, function defined in Export: No (CSP/PSP) TLS SP800-135rev1 Zeroization Encryption KDF (TLSv1.1/1.2) Command Key TLS Session Integrity Key TLS Session 128 or 256 AES-ECB, Internally derived Import: No N/A DRAM Zeroized by Used for TLS Encryption bits AES-CBC, via key derivation (plaintext) SSP session Key AES-GCM, function defined in Export: No (CSP/PSP) confidentiality KDF TLS, SP800-135 rev1 Zeroization protection KTS KDF TLSv1.1/1.2 Command KDF Cert. #A2345 TLS Session At least 160 KDF TLS Internally derived Import: No N/A DRAM Zeroized by Used for TLS Integrity bits HMAC-SHA2- via key derivation (plaintext) SSP session Key 256, function defined in Export: No (CSP/PSP) integrity HMAC-SHA2- SP800-135 rev1 Zeroization protection

384 KDF TLSv1.1/1.2 Command

Cert. #A2345 MACSec 128 bits N/A N/A Import: MD/EE Flash Explicit Used to derive CAK Encrypted (plaintext) zeroization MACSec ICK by SSH by and MACSec session key zeroization KEK command Export: No

Page 28

Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number MACSec 128 bits AES-CMAC, Internally derived Import: No N/A DRAM Zeroized by used for ICK KBKDF using SP800-108 (plaintext) SSP MACSec Peer KDF Export: No (CSP/PSP) authentication Cert. #A2345 Zeroization Command MACSec 128 bits AES-KW, Internally derived Import: No N/A DRAM Zeroized by Used to KEK AES-KWP, using SP800-108 (plaintext) SSP transport KBKDF, KDF Export: No (CSP/PSP) MACSec KTS Zeroization SAK to Command MACSec Peer Cert. #A2345 MACSec 128 bits AES-CMAC Internally derived Import: No N/A DRAM Zeroized by Used for SAK KBKDF using SP800-108 (plaintext) SSP MACSec KDF Export: (CSP/PSP) session Cert. #A2345 Encrypted Zeroization protection by MACSec Command AES-GCM KEK AES Cert: #4550 Firmware 2048 bits RSA SigVer, Pre-loaded at the N/A N/A Flash N/A User for Load Test SHA2-256 factory (in the (Plaintext) Firmware load Key module’s test Cert. #A2345 executable binary) Table 13 - SSPs Notes:

  1. The module uses procedural zeroization to explicitly zeroize all SSPs listed in Table 13.
  2. The zeroization operations shall be performed under the control of the CO role by using the CLI command “fips zeroize all”.
  3. To initiate zeroization, see Section End of Life / Sanitization in this document for more details.
  4. The zeroized SSPs cannot be retrieved or reused. Once the command is initiated, the SSPs are overwritten with 0s. RBG Entropy Source. Entropy sources Minimum number of Details bits of entropy ENT (NP). 256 bits The system tick clock/register as the single entropy source to provide the sufficient entropy Periodic sampling of the highto seed the SP800-90Arev1 DRBG (DRBG Cert. precision CPU clock within the #A2345). The entropy source was directly used to ARM CPU is the only single seed the DRBG without the entropy conditioning entropy source used to seed the process. Please refer to entropy report for details SP800-90Arev1 DRBG (DRBG Cert. #A2345) Table 14 – Non-Deterministic Random Number Generation Specification
  5. Self-Tests The modules perform the following self-tests, including the pre-operational self-tests and conditional self-tests. The module runs all self-tests without operator intervention. In the event that
Page 29

a self-test fails, the module will enter an error state, output an error message and follow up with a module reboot. The module permits operators to initiate the pre-operational or conditional self-tests on demand for periodic testing of the module by rebooting the system (i.e., power-cycling). Pre-Operational Self-Tests:

Page 30

In addition, the module also performs the Conditional Cryptographic Algorithm Self-tests to the following AES-GCM algorithm:

Page 31
  1. Life-Cycle Assurance The module is designed to handle the various stages of a module’s life-cycle. The sections below highlight the details for each stage. Secure Operation The module meets all the Level 1 requirements for FIPS 140-3. Follow the secure operations provided below to place the module in approved mode. Operating this module without maintaining the following settings will remove the module from the approved mode of operation. The module runs firmware version IronWare OS 09.0.10. This is the only allowable firmware image for this current approved mode of operation. The Crypto Officer shall load the CMVP FIPS 140-3 validated firmware only to maintain validation. The module is initiated into the approved mode of operation via the following procedures through the Command Line interface (CLI).
  2. The Crypto Officer must login by using the default login password.
  3. The Crypto Officer shall replace the default login password with a new one upon the firsttime authentication.
  4. The Crypto Officer shall create the account for Port Config Admin role and User role respectively.
  5. Enter into the configuration mode by using ‘conf t’ command.
  6. Configure SSH, TLS, SNMPv3 and MACSec services by using only approved algorithms listed in Table 3 and 4 above.
  7. Configure the module as the MACSec Peer Authenticator in the MACSec service.
  8. If using RADIUS server for roles authentication, please configure a secure TLS tunnel to secure traffic between the module and the RADIUS server. The RADIUS shared secret must be at least 8 characters long
  9. Disable the TFTP server.
  10. Ensure that installed digital certificates are signed using approved algorithms.
  11. Save the configuration.
  12. Reload the module.
  13. Verify the approved mode by using command ‘fips show’ (This command outputs the module’s status. After the approved mode was enabled, the output would be “approved mode: Administrative status ON”).
  14. The Crypto Officer shall load the CMVP FIPS 140-3 validated firmware only to maintain validation. Once the module has completed initialization into the approved mode of operation, it would reject any non-approved algorithms or security functions automatically, and output an error message accordingly.
Page 32

End of Life / Sanitization Crypto Officers should follow the procedure below for the secure destruction of their module.

  1. Access the module via SSH with Crypto Officer
  2. Authenticate using proper credentials
  3. Execute command: “fips zeroize all” a. Confirm command
  4. Module will begin zeroization process and wipe all security parameters and configurations Please note that this process will cause the module to no longer function after it has wiped all configurations and keys.
  5. Mitigation of Other Attacks This module is not designed to mitigate against any other attacks outside of the FIPS 140-3 scope. I. Terms and Definitions Term Meaning FIPS Federal Information Processing Standard Approved Device actively running in FIPS 140-3 compliant manner mode CC Common Criteria HMAC Keyed-Hash Message Authentication Code (RFC2104) JITC Joint Interoperability Test Command POST Power-on Self-Test PKI Public Key Infrastructure PSK Pre-shared keys RSA Rivest, Shamir and Aldeman Public/Private Key RNG Random Number Generator SSL Secure Socket Layer, used in HTTPS protocol for payload encryption. TLS Transport Layer Security, successor to SSL, used in HTTPS protocol for payload encryption. KAT Known Answer Test DSS Digital Signature Standard DSA Digital Signature Algorithm, proposed by NIST in 1991 for FIPS 186-x DES Data Encryption Standard (single DES should not be used see TDEA)
Page 33

NDPP Network Devices Protection Profile DRBG Deterministic Random Bits Generator CAVS Cryptographic Algorithm Validation System ACVP Automated Cryptographic Validation Program NDcPP Network Device collaborative protection profile JITC Joint Interoperability Test Command