All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Ruckus FastIron ICXTM 7150/8200 Series Switch/Router

Certificate#5075StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorRuckus Wireless LLC
High review priority  ·  exposes boot-chain verification  ·  last validated 9 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/2/2030
CaveatWhen installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy
VendorRuckus Wireless LLC

Approved Algorithms (25)

AlgorithmACVP Cert
AES-CBCA5076
AES-CFB128A5076
AES-CTRA5076
AES-ECBA5076
AES-GCMA5076
Counter DRBGA5076
ECDSA KeyGen (FIPS186-5)A5076
ECDSA SigGen (FIPS186-5)A5076
ECDSA SigVer (FIPS186-5)A5076
HMAC-SHA-1A5076
HMAC-SHA2-256A5076
HMAC-SHA2-384A5076
HMAC-SHA2-512A5076
KAS-ECC-SSC Sp800-56Ar3A5076
KAS-FFC-SSC Sp800-56Ar3A5076
KDF SNMP (CVL)A5076
KDF SSH (CVL)A5076
RSA KeyGen (FIPS186-5)A5076
RSA SigGen (FIPS186-5)A5076
RSA SigVer (FIPS186-5)A5076
SHA-1A5076
SHA2-256A5076
SHA2-384A5076
SHA2-512A5076
TLS v1.2 KDF RFC7627 (CVL)A5076

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Ruckus FastIron ICXTM 7150/8200 Series Switch/Router
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Load Test<br/>Perform Zeroization</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Block ciphers (SSHv2)<br/>Block ciphers (TLSv1.2)<br/>Block ciphers (SNMPv3)</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Ruckus FastIron ICXTM 7150/8200 Series Switch/Router
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Load Test<br/>Perform Zeroization</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Block ciphers (SSHv2)<br/>Block ciphers (TLSv1.2)<br/>Block ciphers (SNMPv3)</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Ruckus Wireless LLC Ruckus FastIron ICXTM 7150/8200 Series Switch/Router

Page 2
Table of Contents
#SectionPage
1General6
1.1Overview6
1.2Security Levels6
2Cryptographic Module Specification6
2.1Description6
2.2Tested and Vendor Affirmed Module Version and Identification10
2.3Excluded Components15
2.4Modes of Operation15
2.5Algorithms15
2.6Security Function Implementations16
2.7Algorithm Specific Information21
2.8RBG and Entropy22
2.9Key Generation22
2.10Key Establishment23
2.11Industry Protocols23
3Cryptographic Module Interfaces23
3.1Ports and Interfaces23
4Roles, Services, and Authentication24
4.1Authentication Methods24
4.2Roles26
4.3Approved Services26
4.4Non-Approved Services37
4.5External Software/Firmware Loaded38
5Software/Firmware Security38
5.1Integrity Techniques38
5.2Initiate on Demand38
6Operational Environment38
6.1Operational Environment Type and Requirements38
7Physical Security38
8Non-Invasive Security39
9Sensitive Security Parameters Management39
9.1Storage Areas39
9.2SSP Input-Output Methods39
9.3SSP Zeroization Methods40
9.4SSPs40
9.5Transitions51
10Self-Tests51
10.1Pre-Operational Self-Tests51
10.2Conditional Self-Tests51
10.3Periodic Self-Test Information56
10.4Error States58
11Life-Cycle Assurance58
11.1Installation, Initialization, and Startup Procedures58
11.2Administrator Guidance59
11.3Non-Administrator Guidance59
11.4End of Life59
12Mitigation of Other Attacks59
Page 4
List of Tables
ItemPage
Table 1: Security Levels6
Table 2: Tested Module Identification – Hardware11
Table 3: Modes List and Description15
Table 4: Approved Algorithms16
Table 5: Vendor-Affirmed Algorithms16
Table 6: Security Function Implementations21
Table 7: Entropy Certificates22
Table 8: Entropy Sources22
Table 9: Ports and Interfaces24
Table 10: Authentication Methods26
Table 11: Roles26
Table 12: Approved Services37
Table 13: Storage Areas39
Table 14: SSP Input-Output Methods40
Table 15: SSP Zeroization Methods40
Table 16: SSP Table 145
Table 17: SSP Table 251
Table 18: Pre-Operational Self-Tests51
Table 19: Conditional Self-Tests56
Table 20: Pre-Operational Periodic Information56
Table 21: Conditional Periodic Information58
Table 22: Error States58
Figure 1: ICX 7150-247
Figure 2: ICX 7150-24P7
Figure 3: ICX 7150-487
Figure 4: ICX 7150-48P8
Figure 5: ICX 7150-48PF8
Figure 6: ICX 7150-48ZP8
Figure 7: ICX 7150-C12P8
Figure 8: ICX 8200-24/ICX 8200-24P/ICX 8200-24F9
Figure 9: ICX 8200-24FX9
Figure 10: ICX 8200-24ZP9
Figure 11: ICX 8200-48/ICX 8200-48P9
Figure 12: ICX 8200-48F9
Figure 13: ICX 8200-48PF/ICX 8200-48PF210
Figure 14: ICX 8200-48ZP210
Figure 15: ICX 8200-C08PF10
Figure 16: ICX 8200-C08ZP10
Figure 17: ICX 7150 Series12
Figure 18: ICX 7150 Z-Series12
Figure 19: ICX 7150 Compact Series12
Figure 20: ICX 8200 Series with fixed power supply and fans13
Figure 21: ICX 8200 Series with hot-swap power supply and fans13
Figure 22: ICX 8200 Compact Series14
Page 6
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication2
55Software/Firmware security1
66Operational environment1
77Physical security1
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacksN/A
Overall LevelOverall Level1
1.1 Overview

This is a non-proprietary cryptographic module security policy for Ruckus FastIron ICX™ 7150/8200 Series Switch/Router (hereinafter referred to as the module). The firmware version running on each module is IronWare OS 10.0.10. This security policy describes how the module meets the FIPS 140-3 Level 1 security requirements, and how to operate the module in an approved mode. This security policy may be freely distributed. FIPS 140-3 (Federal Information Processing Standards Publication 140-3

1.2 Security Levels
2.1 Description

Purpose and Use: The module delivers the performance, flexibility, and scalability required for enterprise access deployment. Module Type: Hardware Module Embodiment: MultiChipStand

Page 7

Module Characteristics: Cryptographic Boundary: The Tested Operational Environment Physical Perimeter (TOEPP) is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case as shown in the figures below and in the Physical Security section. The cryptographic boundary encompasses the entire TOEPP. This section illustrates the module hardware with the help of photographs. Figure 1: ICX 7150-24 Figure 2: ICX 7150-24P Figure 3: ICX 7150-48

Page 8

Figure 4: ICX 7150-48P Figure 5: ICX 7150-48PF Figure 6: ICX 7150-48ZP Figure 7: ICX 7150-C12P

Page 9

Figure 8: ICX 8200-24/ICX 8200-24P/ICX 8200-24F Figure 9: ICX 8200-24FX Figure 10: ICX 8200-24ZP Figure 11: ICX 8200-48/ICX 8200-48P Figure 12: ICX 8200-48F

Page 10
Module configuration
NameModelHardware VersionFirmware VersionProcessor
ICX7150-24ICX7150-24ICX7150-24IronWare OS 10.0.10ARM Cortex A9 (ARMv7)
ICX7150-24PICX7150-24PICX7150-24PIronWare OS 10.0.10ARM Cortex A9 (ARMv7)
ICX7150-48ICX7150-48ICX7150-48IronWare OS 10.0.10ARM Cortex A9 (ARMv7)
ICX7150-48PICX7150-48PICX7150-48PIronWare OS 10.0.10ARM Cortex A9 (ARMv7)
ICX7150-48PFICX7150-48PFICX7150-48PFIronWare OS 10.0.10ARM Cortex A9 (ARMv7)
ICX7150-48ZPICX7150-48ZPICX7150-48ZPIronWare OS 10.0.10ARM Cortex A9 (ARMv7)
ICX7150-C12PICX7150-C12PICX7150-C12PIronWare OS 10.0.10ARM Cortex A9 (ARMv7)
ICX8200-24ICX8200-24ICX8200-24IronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200-24PICX8200-24PICX8200-24PIronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200-24FICX8200-24FICX8200-24FIronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200-24FXICX8200-24FXICX8200-24FXIronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200-24ZPICX8200-24ZPICX8200-24ZPIronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200-48ICX8200-48ICX8200-48IronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200-48PICX8200-48PICX8200-48PIronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200-48FICX8200-48FICX8200-48FIronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200-48PFICX8200-48PFICX8200-48PFIronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200- 48PF2ICX8200- 48PF2ICX8200- 48PF2IronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200- 48ZP2ICX8200- 48ZP2ICX8200- 48ZP2IronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200- C08PFICX8200- C08PFICX8200- C08PFIronWare OS 10.0.10ARM Cortex A55 (ARMv8)
ICX8200- C08ZPICX8200- C08ZPICX8200- C08ZPIronWare OS 10.0.10ARM Cortex A55 (ARMv8)

Figure 13: ICX 8200-48PF/ICX 8200-48PF2 Figure 14: ICX 8200-48ZP2 Figure 15: ICX 8200-C08PF Figure 16: ICX 8200-C08ZP

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 11

ICX820048PF2 ICX820048ZP2 ICX8200C08PF ICX8200C08ZP ICX820048PF2 ICX820048ZP2 ICX8200C08PF ICX8200C08ZP Table 2: Tested Module Identification

Page 12

Figure 17: ICX 7150 Series Note: The USB Port for external file storage is functionally disabled Figure 18: ICX 7150 Z-Series Note: The USB Port for external file storage is functionally disabled Figure 19: ICX 7150 Compact Series Note: The USB Port for external file storage is functionally disabled

Page 13

Figure 20: ICX 8200 Series with fixed power supply and fans Note: The USB Port for external file storage is functionally disabled Figure 21: ICX 8200 Series with hot-swap power supply and fans Note: The USB Port for external file storage is functionally disabled

Page 14

Figure 22: ICX 8200 Compact Series Note: The USB Port for external file storage is functionally disabled Figure 23: ICX 8200 Fiber Series Note: The USB Port for external file storage is functionally disabled Tested Module Identification

Page 15
Service
NameDescriptionIndicatorType
Approved Mode of OperationThe module is always in the approved mode of operation after initial operations are performed.Global indicator after module initialization. Please refer to Security Policy, section Life-Cycle Assurance for more informationApproved
Approved algorithm
NameCAVP CertReference
AES-CBCA5076SP 800-38A
AES-CFB128A5076SP 800-38A
AES-CTRA5076SP 800-38A
AES-ECBA5076SP 800-38A
AES-GCMA5076SP 800-38D
Counter DRBGA5076SP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-5)A5076FIPS 186-5
ECDSA SigGen (FIPS186-5)A5076FIPS 186-5
ECDSA SigVer (FIPS186-5)A5076FIPS 186-5
HMAC-SHA-1A5076FIPS 198-1
HMAC-SHA2-256A5076FIPS 198-1
HMAC-SHA2-384A5076FIPS 198-1
HMAC-SHA2-512A5076FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A5076SP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A5076SP 800-56A Rev. 3
KDF SNMP (CVL)A5076SP 800-135 Rev. 1
KDF SSH (CVL)A5076SP 800-135 Rev. 1
RSA KeyGen (FIPS186-5)A5076FIPS 186-5
RSA SigGen (FIPS186-5)A5076FIPS 186-5
RSA SigVer (FIPS186-5)A5076FIPS 186-5
2.3 Excluded Components

Modes List and Description: Table 3: Modes List and Description By default, the module is delivered in an un-initialized state but supports an approved mode of following the steps in section " Life-Cycle Assurance" of this document by the Crypto Officer, the module can only operate in the approved mode. The module does not claim implementation of a

2.5 Algorithms
Page 16
Approved algorithm
NameCAVP CertReference
Safe Primes Key GenerationA5076SP 800-56A Rev. 3
SHA-1A5076FIPS 180-4
SHA2-256A5076FIPS 180-4
SHA2-384A5076FIPS 180-4
SHA2-512A5076FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A5076SP 800-135 Rev. 1
Service
NameDescriptionApproved FunctionsTypePropertiesReference
CKGKey Type:AsymmetricN/AThe module performs Cryptographic Key Generation (CKG) for asymmetric keys as detailed by example 1 in section 4 and section 5 of SP800-133r2
KAS-ECC (SSHv2)Full KAS-ECC Key Agreement used for SSHv2 serviceKAS-ECC-SSC Sp800-56Ar3: (A5076) KDF SSH: (A5076) Counter DRBG: (A5076) CKG: ()CKG KAS-FullCaveat:Key establishment methodology provides between 128 and 256 bits of security strength IG:IG D.F Scenario 2, Path 2, Split
Service
NameDescriptionApproved FunctionsTypePropertiesReference
CKGKey Type:AsymmetricN/AThe module performs Cryptographic Key Generation (CKG) for asymmetric keys as detailed by example 1 in section 4 and section 5 of SP800-133r2
KAS-ECC (SSHv2)Full KAS-ECC Key Agreement used for SSHv2 serviceKAS-ECC-SSC Sp800-56Ar3: (A5076) KDF SSH: (A5076) Counter DRBG: (A5076) CKG: ()CKG KAS-FullCaveat:Key establishment methodology provides between 128 and 256 bits of security strength IG:IG D.F Scenario 2, Path 2, Split

Table 4: Approved Algorithms Vendor-Affirmed Algorithms: N/A Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: Non-Approved, Allowed Algorithms with No Security Claimed: Non-Approved, Not Allowed Algorithms:

2.6 Security Function Implementations
Page 17
Service
NameDescriptionRole AccessApproved FunctionsType
KAS-FFC (SSHv2)Full KAS-FFC Key Agreement used for SSHv2 serviceCaveat:Key establishment methodology provides between 112 and 200 bits of security strength IG:IG D.F Scenario 2, Path 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800- 135rev1 CVLKAS-FFC-SSC Sp800-56Ar3: (A5076) Domain Parameter Generation Methods: MODP-2048, MODP-4096, MODP-8192 Safe Primes Key Generation: (A5076) Safe Prime Groups: MODP- 2048, MODP- 4096, MODP- 8192 KDF SSH: (A5076) Counter DRBG: (A5076) CKG: ()CKG KAS-Full
KAS-ECC (TLSv1.2)Full KAS-ECC Key Agreement used for TLSv1.2 serviceCaveat:Key establishment methodology provides between 128 and 192 bits of security strength IG:IG D.F Scenario 2, Path 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800- 135rev1 CVLKAS-ECC-SSC Sp800-56Ar3: (A5076) Domain Parameter Generation Methods: P-256, P-384 TLS v1.2 KDF RFC7627: (A5076) Counter DRBG: (A5076) CKG: ()CKG KAS-Full
KAS-FFC (TLSv1.2)Full KAS-FFC Key Agreement used for TLSv1.2 serviceCaveat:Key establishment methodology provides 112 bits of security strengthKAS-FFC-SSC Sp800-56Ar3: (A5076) Domain Parameter GenerationCKG KAS-Full
IG:IG D.F Path 2, Scenario 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800- 135rev1 CVLIG:IG D.F Path 2, Scenario 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800- 135rev1 CVLMethods: ffdhe2048 Safe Primes Key Generation: (A5076) Safe Prime Groups: ffdhe2048 TLS v1.2 KDF RFC7627: (A5076) Counter DRBG: (A5076) CKG: ()
SSH-KTS (AES and HMAC)KTS via SSHv2 service by using AES and HMACCaveat:Key establishment methodology provides between 128 and 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication methodAES-CBC: (A5076) AES-CTR: (A5076) HMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076)KTS-Wrap
TLS-KTS (AES and HMAC)KTS via TLS v1.2 service by using AES and HMACCaveat:Key establishment methodology provides between 128 and 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approvedAES-CBC: (A5076) AES-ECB: (A5076) HMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) HMAC-SHA2- 512: (A5076)KTS-Wrap
TLS-KTS (AES- GCM)KTS via TLSv1.2 service by using AES- GCMCaveat:Key establishment methodology provides between 128 and 256 bits of security strength Standard:SP 800- 38F IG D.G:Uses a previously approved authenticated symmetric encryption modeAES-GCM: (A5076)KTS-Wrap
SSH RSA KeyGenRSA KeyGen for SSHv2Keysize:112 bits encryption strengthRSA KeyGen (FIPS186-5): (A5076) Counter DRBG: (A5076) CKG: ()AsymKeyPair- KeyGen CKG
SSH RSA SigGenRSA SigGen for SSHv2RSA SigGen (FIPS186-5): (A5076)DigSig-SigGen
SSH RSA SigVerRSA SigVer for SSHv2RSA SigVer (FIPS186-5): (A5076)DigSig-SigVer
SSH ECDSA KeyGenECDSA KeyGen for SSHv2Keysize:128 to 192 bits encryption strengthECDSA KeyGen (FIPS186-5): (A5076) Counter DRBG: (A5076) CKG: ()AsymKeyPair- KeyGen CKG
SSH ECDSA SigGenECDSA SigGen for SSHv2ECDSA SigGen (FIPS186-5): (A5076)DigSig-SigGen
SSH ECDSA SigVerECDSA SigVer for SSHv2ECDSA SigVer (FIPS186-5): (A5076)DigSig-SigVer
TLS RSA KeyGenRSA KeyGen for TLSv1.2Keysize:112 bits encryption strengthCounter DRBG: (A5076) RSA KeyGen (FIPS186-5): (A5076) CKG: ()AsymKeyPair- KeyGen CKG
TLS RSA SigGenRSA SigGen for TLSv1.2RSA SigGen (FIPS186-5): (A5076)DigSig-SigGen
TLS RSA SigVerRSA SigVer for TLSv1.2RSA SigVer (FIPS186-5): (A5076)DigSig-SigVer
TLS ECDSA KeyGenECDSA KeyGen for TLSv1.2Keysize:128 to 192 bits encryption strengthCounter DRBG: (A5076) ECDSA KeyGen (FIPS186-5): (A5076) CKG: ()AsymKeyPair- KeyGen CKG
TLS ECDSA SigGenECDSA SigGen for TLSv1.2ECDSA SigGen (FIPS186-5): (A5076)DigSig-SigGen
TLS ECDSA SigVerECDSA SigVer for TLSv1.2ECDSA SigVer (FIPS186-5): (A5076)DigSig-SigVer
Block ciphers (SSHv2)Block ciphers for SSHv2 serviceAES-CBC: (A5076) AES-CTR: (A5076)BC-UnAuth
Block ciphers (TLSv1.2)Block ciphers for TLSv1.2 serviceAES-CBC: (A5076) AES-GCM: (A5076) AES-ECB: (A5076)BC-Auth BC-UnAuth
Block ciphers (SNMPv3)Block ciphers for SNMPv3 serviceAES-CFB128: (A5076) KDF SNMP: (A5076)BC-UnAuth
MAC (SSHv2)MAC for SSHv2 serviceHMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) HMAC-SHA2- 512: (A5076) SHA-1: (A5076) SHA2-256: (A5076) SHA2-512: (A5076)MAC
MAC (TLSv1.2)Message Authentication for TLSv1.2 servicesHMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) HMAC-SHA2- 384: (A5076)MAC

Groups: MODP2048, MODP4096, MODP8192

Page 21
Service
NameDescriptionApproved FunctionsType
MAC (SNMPv3)Message Authentication for SNMPv3 servicesHMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) HMAC-SHA2- 384: (A5076) HMAC-SHA2- 512: (A5076) SHA-1: (A5076) SHA2-256: (A5076) SHA2-384: (A5076) SHA2-512: (A5076) KDF SNMP: (A5076)MAC
Firmware Load TestSignature Verification for firmware load testRSA SigVer (FIPS186-5): (A5076)DigSig-SigVer
DRBG FunctionUsed for DRBG generationCounter DRBG: (A5076)DRBG
SNMPv3 Keying Materials DevelopmentKeying materials, used to derive SNMP session keysKDF SNMP: (A5076)KAS-135KDF
TLS Keying Materials DevelopmentKeying materials, used to derive TLS session keysTLS v1.2 KDF RFC7627: (A5076)KAS-135KDF

Table 6: Security Function Implementations 2.7 Algorithm Specific Information Notes:

Page 22
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Ruckus IronWare 10.0.10 Entropy SourceNon- Physical8 bitsARM Cortex A55 (ARMv8); ARM Cortex A9 (ARMv7)4 bitsN/A
CertVendor Name
Number
E192Ruckus Wireless LLC

in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the Module being validated. The counter portion of the IV is set by the Module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. In case the Module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.

2.8 RBG and Entropy

Table 7: Entropy Certificates NonPhysical N/A Table 8: Entropy Sources Ruckus FastIron™ IronWare 10.0.10 Entropy Source v1.0 is the entropy source used on each Ruckus FastIron ICX™ 7150 and 8200 Series Router with firmware IronWare OS 10.0.10 to seed the approved DRBG. The noise source of entropy is periodic sampling of the highprecision CPU clock within the ARM CPU. There is no conditioning component applied on the output of the clock source. Health testing is implemented on the output of the noise source. The entropy source provides a minimum entropy of 4 bits per sample with the sample size of 8 bits. The module makes repeated calls to the entropy source after which the random data is loaded into a buffer. This buffer is used by the DRBG to get entropy input. Buffer size is big enough that the overall effective entropy is more than that is required for the DRBG instantiation. Similar implementation is done for DRBG reseeding.

2.9 Key Generation

The module generates RSA, ECDSA, EC Diffie-Hellman, and Diffie-Hellman asymmetric key pairs compliant with FIPS 186-5, using a NIST SP 800-90Ar1 CTR DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).

Page 23
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking portsConsole port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking portsData InputData input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, and SNMPv3 service data.
Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking portsConsole port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking portsData OutputData output from the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, and SNMPv3 service data.
Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking portsConsole port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking portsControl InputControl Data input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, and SNMPv3 service data.
Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports and LEDsConsole port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports and LEDsStatus OutputStatus Information output from the module.
N/AN/AControl OutputN/A
PowerPowerPowerProvide the Power Supply to the module.
2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation:

2.11 Industry Protocols

The module supports SSHv2, TLS v1.2, and SNMPv3 industrial protocols. No parts of the SSH, TLS and SNMP protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information.

3 Cryptographic Module Interfaces
Page 24
Sensitive security parameter
NameDescriptionStrength
Password- BasedThe minimum length is eight (8) characters (94 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000. As the module supports at most ten failed attempts to authenticate in a one- minute period, the probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total.The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000. Please refer to Description section in this table for more details.Password BasedThe probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. Please refer to Description section in this table for more details.
RSA- Based CertificateThe modules supports RSA public-key based authenticationWith a minimum modulus size of 2048, theRSA SigVer (FIPS186-5) (A5076)For multiple attacks during a one- minute period, to
mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000.mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000.probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. Please refer to Description section in this table for more details.exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 8.65x10^31 (2^112 /60 = 8.65 x 10^31) attempts per second. Please refer to Description section in this table for more details.
ECDSA- Based CertificateThe modules support ECDSA public-key based authentication mechanism using a minimum of curve P- 256, which provides 128 bits of security strength. The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to theWith a minimum curve of P-256, the probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. Please refer to Description section in this table for more details.ECDSA SigVer (FIPS186-5) (A5076)For multiple attacks during a one- minute period, to exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 5.67x10^36 (2^128 /60 = 5.67 x 10^36) attempts per second. Please refer to Description section in this table for more details.

Table 9: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided by the module (data input, data output, control input, control output and status output) as above.

4 Roles, Services, and Authentication
4.1 Authentication Methods
Page 26
Sensitive security parameter
NameStrengthSecurityStrength per
MechanismAttemptMechanismMinute
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORolePassword-Based RSA-Based Certificate ECDSA-Based Certificate
UserUserRolePassword-Based RSA-Based Certificate ECDSA-Based Certificate
Port Config AdminPort Config AdminRolePassword-Based RSA-Based Certificate ECDSA-Based Certificate
Show StatusProvide Module's current status (return codes and/or syslog messages)Crypto Officer Port Config Admin UserNoneGlobal Indicator or syslog messageCommand used to show Module's StatusModule's Operationa l Status
Show VersionProvide Module's name andCrypto Officer Port ConfigNoneConsole messageCommand to show versionModule's ID and versioning information
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORolePassword-Based RSA-Based Certificate ECDSA-Based Certificate
UserUserRolePassword-Based RSA-Based Certificate ECDSA-Based Certificate
Port Config AdminPort Config AdminRolePassword-Based RSA-Based Certificate ECDSA-Based Certificate
Show StatusProvide Module's current status (return codes and/or syslog messages)Crypto Officer Port Config Admin UserNoneGlobal Indicator or syslog messageCommand used to show Module's StatusModule's Operationa l Status
Show VersionProvide Module's name andCrypto Officer Port ConfigNoneConsole messageCommand to show versionModule's ID and versioning information
version informationversion informationAdmin User
Perform Self-TestsPerform Self-Tests (Pre- operational self-test and Conditional Self-Tests)Crypto Officer User Port Config Admin Unauthentic atedNonePerform self-test completio n messageCommand to trigger Self-TestStatus of the self- tests results
Perform ZeroizationPerform ZeroizationCrypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - User Password: Z - Crypto Officer Password: Z - Port Config Admin Password: Z - Firmware Load Test Key: Z - SSH DH Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key:NoneSyslog messageCommand to zeroize the moduleStatus of the SSPs zeroization

Table 10: Authentication Methods and the User role. The module also allows the concurrent operators.

4.2 Roles

Table 11: Roles Unauthenticated Users can run the self-test service by power-cycling the module by removing the power and re-applying.

4.3 Approved Services
Page 29
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Crypto Officer Authenticat ionCO Role Authenticat ionCrypto Officer - Crypto Officer Password: W,ZNoneN/ACO Authenticat ion RequestStatus of the CO authenticat ion
User Authenticat ionUser Role Authenticat ionUser - User Password: W,ZNoneN/AUser role authenticat ion requestStatus of the User role authenticat ion
Port Config Admin Authenticat ionPort Config Admin Role Authenticat ionPort Config Admin - Port Config Admin Password: W,ZNoneN/APort Config Admin role authenticat ion requestStatus of the Port Config Admin role authenticat ion
Port Configurati on Mangemen tPerform Port Configurati onCrypto Officer Port Config AdminNoneN/ACommands to configure the port parameters of switch/rout erPort configurati on completion status information
Account Mangemen tAccount CreationCrypto OfficerNoneN/ACommands to create a new user accountStatus of the new user accounts
Configure SSHv2 FunctionConfigure SSHv2 FunctionCrypto Officer - SSH RSA Private Key: G,W - SSH RSA Public Key: G,W - SSH ECDSA Private Key: G,W - SSH ECDSA Public Key: G,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State VSSH RSA KeyGen SSH ECDSA KeyGen DRBG FunctionGlobal Indicator and SSHv2 configurati on success status messageCommands to configure SSHv2Status of the completion of the SSHv2 configurati on
Run SSHv2 FunctionExecute SSHv2 FunctionCrypto Officer - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,R,W,E,Z - SSH Peer DH Public Key: W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,R,W,E,Z - SSH Peer ECDH Public Key: W,E,Z - SSH ECDH Shared Secret: G,W,E,Z - SSH RSA Private Key: E - SSH RSA Public Key: R,E - SSH ECDSA Private Key: E - SSH ECDSA Public Key: R,E - SSH SessionKAS-ECC (SSHv2) KAS-FFC (SSHv2) SSH-KTS (AES and HMAC) SSH RSA SigGen SSH RSA SigVer SSH ECDSA SigGen SSH ECDSA SigVer Block ciphers (SSHv2) MAC (SSHv2) DRBG FunctionGlobal Indicator and successfu l SSHv2 log messageInitiate SSHv2 tunnel establishm entStatus of SSHv2 tunnel establishm ent
Page 35
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure SSL over TLSv1.2 FunctionConfigure SSL over TLSv1.2 FunctionCrypto Officer - TLS RSA Private Key: G,W - TLS RSA Public Key: G,W - TLS ECDSA Private Key: G,W - TLS ECDSA Public Key: G,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,ETLS RSA KeyGen TLS ECDSA KeyGen DRBG FunctionGlobal Indicator and TLS v1.2 configurati on success status messageCommands to configure TLSv1.2Status of the completion of TLSv1.2 configurati on
Run SSL over TLSv1.2 FunctionExecute SSL over TLSv1.2 FunctionCrypto Officer - TLS DH Private Key: G,W,E,Z - TLS DH Public Key: G,R,W,E,Z - TLS Peer DH Public Key: W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH Public Key:KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) TLS-KTS (AES and HMAC) TLS-KTS (AES- GCM) TLS RSA KeyGen TLS RSA SigGen TLS RSA SigVer TLS ECDSA KeyGen TLSGlobal Indicator and successfu l TLS v1.2 log messageCommands to initiate TLSv1.2Status of the completion of TLSv1.2 establishm ent
ECDSA SigGen TLS ECDSA SigVer Block ciphers (TLSv1.2) MAC (TLSv1.2) DRBG Function TLS Keying Materials Developm entG,R,W,E,Z - TLS Peer ECDH Public Key: W,E,Z - TLS ECDH Shared Secret: G,W,E,Z - TLS RSA Private Key: E - TLS RSA Public Key: R,E - TLS Master Secret: G,W,E,Z - TLS Session Encryption Key: G,W,E,Z - TLS Session Authenticatio n Key: G,W,E,Z - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E - TLS ECDSA Private Key: E - TLS ECDSA Public Key: R,EECDSA SigGen TLS ECDSA SigVer Block ciphers (TLSv1.2) MAC (TLSv1.2) DRBG Function TLS Keying Materials Developm ent
Configure SNMPv3 FunctionConfigure SNMPv3 FunctionCrypto Officer - SNMPv3 Authenticatio n Secret: W,E - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,ZBlock ciphers (SNMPv3) MAC (SNMPv3)Global Indicator and SNMPv3 configurati on success status messageCommands to configure SNMPv3 serviceStatus of the completion of SNMPv3 configurati on
Run SNMPv3 FunctionExecute SNMPv3 FunctionCrypto Officer - SNMPv3 Authenticatio n Secret: W,E - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,ZBlock ciphers (SNMPv3) MAC (SNMPv3) SNMPv3 Keying Materials Developm entGlobal Indicator and successfu l SNMPv3 log messageCommands to initiate SNMPv3 serviceStatus of the completion of SNMPv3 establishm ent
Firmware Load TestExecute the Firmware Load TestCrypto Officer - Firmware Load Test Key: EFirmware Load TestGlobal indicator and successfu l Firmware Loading status messageCommands to load new firmware imageOutcome of the Firmware Load Test
Page 37

n s l W,E G,W,E,Z G,W,E,Z W,E G,W,E,Z G,W,E,Z Table 12: Approved Services Unauthenticated Services Unauthenticated Users can run the self-test service by power-cycling the module by removing the power and re-applying.

4.4 Non-Approved Services
Page 38
4.5 External Software/Firmware Loaded

The module also supports the firmware load test by using RSA 2048 bits with SHA2-256 (RSA Cert. #A5076) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails

5 Software/Firmware Security
5.1 Integrity Techniques

The module performs the Firmware Integrity tests by using CRC-32 during the Pre-Operational Self-Test. At Module’s initialization, the integrity of the runtime executable binary file is verified using the following two integrity check mechanisms to ensure that the module has not been tampered:

5.2 Initiate on Demand

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the module to initiate the firmware integrity test on-demand. This automatically performs the integrity test of all firmware components included within the boundary of the module.

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited

7 Physical Security

The module is a multi-chip standalone hardware cryptographic module. The module meets the FIPS 140-3 Level 1 security requirements as production grade equipment.

Page 39
Sensitive security parameter
NameTypeDescription
DRAMDynamicVolatile Memory
FlashStaticNon-Volatile Memory
Service
NameApproved FunctionsTypeFromToDistributio n TypeEntry Type
Peer Public Key InputPlaintextExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Module Public Key OutputPlaintextModuleExternal (Outside of the Module's Boundary )AutomatedElectroni c
Password/Secre t Input via SSHv2 encrypted by AES and HMACSSH-KTS (AES and HMAC)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via TLS v1.2 encrypted by AES and HMACTLS-KTS (AES and HMAC)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via TLSTLS-KTS (AES- GCM)Encrypte dExternal (Outside of theModuleAutomatedElectroni c
v1.2 encrypted by AES-GCMModule's Boundary )
8 Non-Invasive Security

No approved non-invasive attack mitigation test metrics are defined at this time.

9 Sensitive Security Parameters Management
9.1 Storage Areas
9.2 SSP Input-Output Methods
Page 40
Sensitive security parameter
NameTypeDescriptionStrengthUse
DRBG Entropy InputEntropy Input - CSPUsed to seed the DRBG960 - at least 256 bitsDRBG Function
DRBG SeedDRBG Seed - CSPUsed in DRBG Generation384 bits - 384 bitsDRBG Function
DRBG Internal State V valueDRBG Internal State V value - CSPUsed in DRBG Generation128 bits - 128 bitsDRBG Function
DRBG KeyDRBG Key - CSPUsed in DRBG Generation256 bits - 256 bitsDRBG Function
User PasswordAuthenticati on Data - CSPUser authenticatio n8-60 Character s - 8-60 Character s
Crypto Officer PasswordAuthenticati on Data - CSPCrypto Officer authenticatio n8-60 Character s - 8-60 Character s

) m Table 14: SSP Input-Output Methods

9.3 SSP Zeroization Methods

Table 15: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement. n n s s

Page 41
Sensitive security parameter
NameTypeDescriptionStrengthUse
Port Config Admin PasswordAuthenticati on Data - CSPPort Config Admin authenticatio n8-60 Character s - 8-60 Character s
RADIUS SecretAuthenticati on Data - CSPRADIUS Server Authenticati on8-64 Character s - 8-64 Character s
Firmware Load Test KeyPublic Key - CSPUsed for Firmware Load Test2048 bits - 112 bitsFirmware Load Test
SSH ECDH Private KeyPrivate Key - CSPUsed to derive the SSH ECDH Shared SecretCurves: 256, 384, 521 bits - 128 to 256 bitsKAS- ECC (SSHv2)KAS-ECC (SSHv2)
SSH ECDH Public KeyPublic Key - PSPUsed to derive SSH ECDH Shared SecretCurves: 256, 384, 521 bits - 128-256 bitsKAS-ECC (SSHv2)
SSH Peer ECDH Public KeyPublic Key - PSPUsed to derive SSH ECDH Shared SecretCurves: 256, 384, 521 bits - 128 to 256 bitsKAS- ECC (SSHv2)
SSH ECDH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysCurves: 256, 384, 521 bits - 128 to 256 bitsKAS- ECC (SSHv2)KAS-ECC (SSHv2)
SSH DH Private KeyPrivate Key - CSPUsed to derive the SSH DH Shared SecretMODP- 2048, MODP- 4096, MODP- 8192 - 112-200 bitsKAS- FFC (SSHv2)KAS-FFC (SSHv2)
SSH DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 4096,KAS-FFC (SSHv2)
SSH Peer DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 4096, MODP- 8192 - 112-200 bitsKAS- FFC (SSHv2)
SSH DH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysMODP- 2048, MODP- 4096, MODP- 8192 - 112-200 bitsKAS- FFC (SSHv2)KAS-FFC (SSHv2)
SSH RSA Private KeyPrivate Key - CSPUsed for SSH session authenticatio nModulus 2048 bits - 112 bitsSSH RSA SigGenSSH RSA KeyGen
SSH RSA Public KeyPublic Key - PSPUsed for SSH sessions authenticatio nModulus 2048 bits - 112 bitsSSH RSA KeyGen
SSH ECDSA Private KeyPrivate Key - CSPUsed for SSH session authenticatio nCurve P- 256/P- 384 - 128-192 bitsSSH ECDSA SigGenSSH ECDSA KeyGen
SSH ECDSA Public KeyPublic Key - PSPUsed for SSH sessions authenticatio nCurve P- 256/P- 384 - 128-192 bitsSSH ECDSA KeyGen
SSH Session Encryption KeySession Key - CSPUsed for SSH Session confidentialit y protection128-256 bits - 128-256 bitsBlock ciphers (SSHv2)KAS-ECC (SSHv2) KAS-FFC (SSHv2)
SSH Session Authenticati on KeySession Key - CSPUsed for SSH SessionAt least 160 bits - At least 160 bitsMAC (SSHv2)KAS-ECC (SSHv2) KAS-FFC (SSHv2)
TLS ECDH Private KeyPrivate Key - CSPUsed to derive the TLS ECDH Shared SecretCurves: 256, 384 bits - 128 to 192 bitsKAS- ECC (TLSv1.2 )KAS-ECC (TLSv1.2)
TLS ECDH Public KeyPublic Key - PSPUsed to derive TLS ECDH Shared SecretCurves: 256, 384 bits - 128 to 192 bitsKAS-ECC (TLSv1.2)
TLS Peer ECDH Public KeyPublic Key - PSPUsed to derive TLS ECDH Shared SecretCurves: 256, 384 bits - 128 to 192 bitsKAS- ECC (TLSv1.2 )
TLS ECDH Shared SecretShared Secret - CSPUsed to derive TLS Session Encryption Keys, TLS Session Authenticati on KeysCurves: 256, 384 bits - 128 to 192 bitsKAS- ECC (TLSv1.2 )KAS-ECC (TLSv1.2)
TLS DH Private KeyPrivate Key - CSPUsed to derive the TLS DH Shared Secretffdhe204 8 - 112 bitsKAS- FFC (TLSv1.2 )KAS-FFC (TLSv1.2)
TLS DH Public KeyPublic Key - PSPUsed to derive TLS DH Shared Secretffdhe204 8 - 112 bitsKAS-FFC (TLSv1.2)
TLS Peer DH Public KeyPublic Key - PSPUsed to derive TLS DH Shared Secretffdhe204 8 - 112 bitsKAS- FFC (TLSv1.2 )
TLS DH Shared SecretShared Secret - CSPUsed to derive TLS Session Encryption Keys, TLS Session Authenticati on Keysffdhe204 8 - 112 bitsKAS- FFC (TLSv1.2 )KAS-FFC (TLSv1.2)
TLS RSA Private KeyPrivate Key - CSPUsed for TLS session authenticatio nModulus 2048 bits - 112 bitsTLS RSA SigGenTLS RSA KeyGen
TLS RSA Public KeyPublic Key - PSPUsed for TLS sessions authenticatio nModulus 2048 bits - 112 bitsTLS RSA KeyGen
TLS ECDSA Private KeyPrivate Key - CSPUsed for TLS session authenticatio nCurve P- 256/P- 384 - 128-192 bitsTLS ECDSA SigGenTLS ECDSA KeyGen
TLS ECDSA Public KeyPublic Key - PSPUsed for TLS sessions authenticatio nCurve P- 256/P- 384 - 128-192 bitsTLS ECDSA KeyGen
TLS Master SecretMaster Secret - CSPUsed to protect TLS Session. Pre-master secretAt least 112 bits - At least 112 bitsKAS- ECC (TLSv1.2 ) KAS- FFC (TLSv1.2 )TLS Keying Materials Developme nt
TLS Session Encryption KeySession Key - CSPUsed to protect TLS Session. TLS Master secret128-256 bits - 128-256 bitsBlock ciphers (TLSv1.2 )KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) TLS Keying Materials Developme nt
TLS Session Authenticati on KeySession Key - CSPUsed to protect TLS Session. TLS master secretat least 112 bits - at least 112 bitsMAC (TLSv1.2 )KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) TLS Keying Materials Developme nt
SNMPv3 Authenticati on SecretAuthenticati on Secret - CSPUsed for SNMPv3 user authenticatio n8-20 character s - N/A

n s s MODP2048, MODP4096, MODP2048, MODP4096, KASECC KASECC KASECC KASFFC

Page 42

MODPderive SSH MODPSecret MODPderive SSH MODPEncryption MODPSession n n Curve PSSH 256/Psessions n KASFFC KASFFC

Page 43

KASECC ) KASECC ) KASECC ) KASFFC ) KASFFC ) KASFFC )

Page 45
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseRelated SSPs
SNMPv3 Encryption KeyEncryption Key - CSPUsed to protect SNMPv3 traffic confidentialit y128 bits - 128 bitsSNMPv3 Keying Materials Developme ntBlock ciphers (SNMPv 3)
SNMPv3 Integrity KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 160 bits - At least 112 bitsSNMPv3 Keying Materials Developme ntMAC (SNMPv 3)
DRBG Entropy InputDRAM:Plaintex tZeroization CommandUntil RebootDRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG SeedDRAM:Plaintex tZeroization CommandUntil RebootDRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG Internal State V valueDRAM:Plaintex tZeroization CommandUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseInputRelated SSPs
SNMPv3 Encryption KeyEncryption Key - CSPUsed to protect SNMPv3 traffic confidentialit y128 bits - 128 bitsSNMPv3 Keying Materials Developme ntBlock ciphers (SNMPv 3)
SNMPv3 Integrity KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 160 bits - At least 112 bitsSNMPv3 Keying Materials Developme ntMAC (SNMPv 3)
DRBG Entropy InputDRAM:Plaintex tZeroization CommandUntil RebootDRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG SeedDRAM:Plaintex tZeroization CommandUntil RebootDRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG Internal State V valueDRAM:Plaintex tZeroization CommandUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With
DRBG KeyDRAM:Plaintex tZeroization CommandUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used With
User PasswordFlash:PlaintextZeroization CommandPassword/Secre t Input via SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM
Crypto Officer PasswordFlash:PlaintextZeroization CommandPassword/Secre t Input via SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM
Port Config Admin PasswordFlash:PlaintextZeroization CommandPassword/Secre t Input via SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted
RADIUS SecretFlash:PlaintextZeroization CommandPassword/Secre t Input via SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM
Firmware Load Test KeyFlash:PlaintextN/A
SSH ECDH Private KeyDRAM:Plaintex tZeroization CommandWhile SSH tunnel is onSSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used With
SSH ECDH Public KeyDRAM:Plaintex tZeroization CommandModule Public Key OutputWhile SSH tunnel is onSSH ECDH Private Key:Paired With
SSH Peer ECDH Public KeyDRAM:Plaintex tZeroization CommandPeer Public Key InputWhile SSH tunnel is onSSH ECDH Private Key:Used With
SSH ECDH Shared SecretDRAM:Plaintex tZeroization CommandWhile SSH tunnel is onSSH ECDH Private Key:Derived From SSH ECDH Public Key:Derived From
SSH DH Private KeyDRAM:Plaintex tZeroization CommandWhile SSH tunnel is onSSH DH Public Key:Paired With SSH Peer DH Public Key:Used With
SSH DH Public KeyDRAM:Plaintex tZeroization CommandModule Public Key OutputWhile SSH tunnel is onSSH DH Private Key:Paired With
SSH Peer DH Public KeyDRAM:Plaintex tZeroization CommandPeer Public Key InputWhile SSH tunnel is onSSH DH Private Key:Used With
SSH DH Shared SecretDRAM:Plaintex tZeroization CommandWhile SSH tunnel is onSSH DH Private Key:Derived From SSH DH Public Key:Derived From
SSH RSA Private KeyFlash:PlaintextZeroization CommandSSH RSA Public Key:Paired With
SSH RSA Public KeyFlash:PlaintextZeroization CommandModule Public Key OutputSSH RSA Private Key:Paired With
SSH ECDSA Private KeyFlash:PlaintextZeroization CommandSSH ECDSA Public Key:Paired With
SSH ECDSA Public KeyFlash:PlaintextZeroization CommandModule Public Key OutputSSH ECDSA Private Key:Paired With
SSH Session Encryption KeyDRAM:Plaintex tZeroization CommandWhile SSH tunnel is onSSH Session Authentication Key:Used With
SSH Session Authenticatio n KeyDRAM:Plaintex tZeroization CommandWhile SSHSSH Session Encryption
Page 49
Sensitive security parameter
NameStorageZeroizationUseInputTunnel is on
TLS ECDH Private KeyDRAM:Plaintex tZeroization CommandTLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used WithWhile TLS tunnel is on
TLS ECDH Public KeyDRAM:Plaintex tZeroization CommandTLS ECDH Private Key:Paired WithModule Public Key OutputWhile TLS tunnel is on
TLS Peer ECDH Public KeyDRAM:Plaintex tZeroization CommandTLS ECDH Private Key:Used WithPeer Public Key InputWhile TLS tunnel is on
TLS ECDH Shared SecretDRAM:Plaintex tZeroization CommandTLS ECDH Private Key:Derived From TLS ECDH Public Key:Derived FromWhile TLS tunnel is on
TLS DH Private KeyDRAM:Plaintex tZeroization CommandTLS DH Public Key:Paired With TLS Peer DH Public Key:Used WithWhile TLS tunnel is on
TLS DH Public KeyDRAM:Plaintex tZeroization CommandTLS DH Private Key:Paired WithModule Public Key OutputWhile TLS tunnel is on
TLS Peer DH Public KeyDRAM:Plaintex tZeroization CommandTLS DH Private Key:Used WithPeer Public Key InputWhile TLS tunnel is on
TLS DH Shared SecretDRAM:Plaintex tZeroization CommandTLS DH Private Key:Derived From TLS DHWhile TLS tunnel is on
TLS RSA Private KeyFlash:PlaintextZeroization CommandTLS RSA Public Key:Paired With
TLS RSA Public KeyFlash:PlaintextZeroization CommandTLS RSA Private Key:Paired WithModule Public Key Output
TLS ECDSA Private KeyFlash:PlaintextZeroization CommandTLS ECDSA Public Key:Paired With
TLS ECDSA Public KeyFlash:PlaintextZeroization CommandTLS ECDSA Private Key:Paired WithModule Public Key Output
TLS Master SecretDRAM:Plaintex tZeroization CommandTLS ECDH Shared Secret:Derive d FromWhile TLS tunnel is on
TLS Session Encryption KeyDRAM:Plaintex tZeroization CommandTLS Session Authentication Key:Used WithWhile TLS tunnel is on
TLS Session Authenticatio n KeyDRAM:Plaintex tZeroization CommandTLS Session Encryption Key:Used WithWhile TLS tunnel is on
SNMPv3 Authenticatio n SecretDRAM:Plaintex tZeroization CommandSNMPv3 Encryption Key:Derive To SNMPv3 Integrity Key:Derive ToPassword/Secre t Input via SSHv2 encrypted by AES and HMACWhile SNMPv3 tunnel is on
SNMPv3 Encryption KeyDRAM:Plaintex tZeroization CommandSNMPv3 Authentication Secret:Derive d FromWhile SNMPv3 tunnel is on
SNMPv3 Integrity KeyDRAM:Plaintex tZeroization CommandSNMPv3 Authentication Secret:Derive d From SNMPv3 EncryptionWhile SNMPv3 tunnel is on
Page 51
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorIndicat orConditio ns
CRC-32 (Bootloader)CRC-32 (Bootloader)KATSW/FW IntegrityThe module performs the Bootloader integrity test by using CRC-32 at the power upN/AModule is in normal state
CRC-32 (Firmware)CRC-32 (Firmware)KATSW/FW IntegrityThe module performs the Firmware integrity test by using CRC-32 at the power upN/AModule is in normal state
AES-CBC Encrypt KAT (A5076)AES-CBC Encrypt KAT (A5076)KATCASTEncrypt128 bitsModule is in normal statePower Up
AES-CBC Decrypt KAT (A5076)AES-CBC Decrypt KAT (A5076)KATCASTDecrypt128 bitsModule is inPower Up
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorIndicat orConditio ns
CRC-32 (Bootloader)CRC-32 (Bootloader)KATSW/FW IntegrityThe module performs the Bootloader integrity test by using CRC-32 at the power upN/AModule is in normal state
CRC-32 (Firmware)CRC-32 (Firmware)KATSW/FW IntegrityThe module performs the Firmware integrity test by using CRC-32 at the power upN/AModule is in normal state
AES-CBC Encrypt KAT (A5076)AES-CBC Encrypt KAT (A5076)KATCASTEncrypt128 bitsModule is in normal statePower Up
AES-CBC Decrypt KAT (A5076)AES-CBC Decrypt KAT (A5076)KATCASTDecrypt128 bitsModule is inPower Up
9.5 Transitions

SHA-1 The module includes an implementation of SHA-1 for hashing and message authentication. This implementation will be non-Approved for all uses starting January 1, 2031. User should move to SHA2, which is available in this module.

10 Self-Tests
10.1 Pre-Operational Self-Tests

N/A N/A Table 18: Pre-Operational Self-Tests The modules perform the self-tests, including the pre-operational self-tests and conditional selftests. The module runs all self-tests without operator intervention. In the event that a self-test fails, the module will enter an error state, output an error message and follow up with a module reboot. The module permits operators to initiate the pre-operational or conditional self-tests on demand for periodic testing of the module by rebooting the system (i.e., power-cycling).

10.2 Conditional Self-Tests
Page 52
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicat or normal stateConditio ns
AES-GCM Authenticated Encrypt KAT (A5076)AES-GCM Authenticated Encrypt KAT (A5076)KATCASTEncrypt128 bitsModule is in normal statePower Up
AES-GCM Authenticated Decrypt KAT (A5076)AES-GCM Authenticated Decrypt KAT (A5076)KATCASTDecrypt128 bitsModule is in normal statePower Up
Counter DRBG Instantiate/Generate/Res eed KAT (A5076)Counter DRBG Instantiate/Generate/Res eed KAT (A5076)KATCASTInstantiate, Generate, and Reseed KATsAES-128Module is in normal statePower Up
HMAC-SHA-1 KAT (A5076)HMAC-SHA-1 KAT (A5076)KATCASTHMAC- SHA-1SHA-1Module is in normal statePower Up
HMAC-SHA2-256 KAT (A5076)HMAC-SHA2-256 KAT (A5076)KATCASTHMAC- SHA2-256SHA2- 256Module is in normal statePower Up
HMAC-SHA2-384 KAT (A5076)HMAC-SHA2-384 KAT (A5076)KATCASTHMAC- SHA2-384SHA2- 384Module is in normal statePower Up
HMAC-SHA2-512 KAT (A5076)HMAC-SHA2-512 KAT (A5076)KATCASTHMAC- SHA2-512SHA2- 512Module is in normal statePower Up
KAS-ECC-SSC Sp800- 56Ar3 KAT (A5076)KAS-ECC-SSC Sp800- 56Ar3 KAT (A5076)KATCASTPrimitive Z KATP-256 CurveModule is in normal statePower Up
KAS-FFC-SSC Sp800- 56Ar3 KAT (A5076)KAS-FFC-SSC Sp800- 56Ar3 KAT (A5076)KATCASTPrimitive Z KATMODP- 2048Module is in normal statePower Up
ECDSA SigGen (FIPS186-5) KAT (A5076)ECDSA SigGen (FIPS186-5) KAT (A5076)KATCASTN/ACurve P- 256Module is in normal statePower Up
ECDSA SigVer (FIPS186-5) KAT (A5076)ECDSA SigVer (FIPS186-5) KAT (A5076)KATCASTN/ACurve P- 256Module is in normal statePower Up
RSA SigGen (FIPS186- 5) KAT (A5076)RSA SigGen (FIPS186- 5) KAT (A5076)KATCASTRSA SigGen KAT2048 bit modulus with SHA2- 256Module is in normal statePower Up
RSA SigVer (FIPS186-5) KAT (A5076)RSA SigVer (FIPS186-5) KAT (A5076)KATCASTRSA SigVer KAT2048 bit modulus with SHA2- 256Module is in normal statePower Up
KDF SNMP KAT (A5076)KDF SNMP KAT (A5076)KATCASTN/AN/AModule is in normal statePower Up
KDF SSH KAT (A5076)KDF SSH KAT (A5076)KATCASTN/AN/AModule is in normal statePower Up
TLS v1.2 KDF RFC7627 KAT (A5076)TLS v1.2 KDF RFC7627 KAT (A5076)KATCASTN/AN/AModule is in normal statePower Up
SHA-1 KAT (A5076)SHA-1 KAT (A5076)KATCASTN/AN/AModule is in normal statePower Up
SHA2-256 KAT (A5076)SHA2-256 KAT (A5076)KATCASTN/AN/AModule is in normal statePower Up
SHA2-384 KAT (A5076)SHA2-384 KAT (A5076)KATCASTN/AN/AModule is in normal statePower Up
SHA2-512 KAT (A5076)SHA2-512 KAT (A5076)KATCASTN/AN/AModule is in normal statePower Up
ECDSA KeyGen (FIPS186-5) PCT (A5076)ECDSA KeyGen (FIPS186-5) PCT (A5076)PCTPCTN/ACurve P- 256Module is in normal statePerforms all required pair-wise consisten cy tests on the newly generated
RSA KeyGen (FIPS186- 5) PCT (A5076)RSA KeyGen (FIPS186- 5) PCT (A5076)PCTPCTRSA2048 bit ModulusModule is in normal statePerforms all required pair-wise consisten cy tests on the newly generated key pairs before the first operation al use.
KAS-ECC-SSC Sp800- 56Ar3 PCT (A5076)KAS-ECC-SSC Sp800- 56Ar3 PCT (A5076)PCTPCTN/ACurve P- 256 with SHA2- 256Module is in normal statePerforms all required pair-wise consisten cy tests on the newly generated key pairs before the first operation al use.
KAS-FFC-SSC Sp800- 56Ar3 PCT (A5076)KAS-FFC-SSC Sp800- 56Ar3 PCT (A5076)PCTPCTN/AMODP- 2048Module is in normal statePerforms all required pair-wise consisten cy tests on the newly generated key pairs before the first operation al use.
RSA SigVer (FIPS186-5) Firmware Load TestRSA SigVer (FIPS186-5) Firmware Load TestKATSW/F W LoadN/A2048 bits with SHA2- 256Module is in normal stateWhen firmware has been uploaded to the module
Entropy 90B Start-up Repetition Count Test (RCT)Entropy 90B Start-up Repetition Count Test (RCT)RCTCASTDesigned to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output value for a long period of timeRepetitio n Count TestModule is in normal statePower Up
Entropy 90B Start-up Adaptive Proportion Test (APT)Entropy 90B Start-up Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of some physical failure or environment al change affecting the noise sourceAdaptive Proportio n TestModule is in normal statePower Up
Entropy 90B Continuous Repetition Count Test (RCT)Entropy 90B Continuous Repetition Count Test (RCT)RCTCASTDesigned to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output valueRepetitio n Count TestModule is in normal stateEntropy data is generated from the Entropy Source - Continuou s
Entropy 90B Continuous Adaptive Proportion Test (APT)Entropy 90B Continuous Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of some physical failure or environment al change affecting the noise sourceAdaptive Proportio n TestModule is in normal stateEntropy data is generated from the Entropy Source - Continuou s
CRC-32 (Bootloader)CRC-32 (Bootloader)KATSW/FW IntegrityRecommend 60 DaysReboot
CRC-32 (Firmware)CRC-32 (Firmware)KATSW/FW IntegrityRecommend 60 DaysReboot
AES-CBC Encrypt KAT (A5076)AES-CBC Encrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-CBC Decrypt KAT (A5076)AES-CBC Decrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Encrypt KAT (A5076)AES-GCM Authenticated Encrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Decrypt KAT (A5076)AES-GCM Authenticated Decrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
Counter DRBG Instantiate/Generate/Reseed KAT (A5076)Counter DRBG Instantiate/Generate/Reseed KAT (A5076)KATCASTRecommend 60 DaysReboot
HMAC-SHA-1 KAT (A5076)HMAC-SHA-1 KAT (A5076)KATCASTRecommend 60 DaysReboot

d SHA2256 SHA2384 SHA2512 MODP2048 Curve P256 Curve P256 HMACSHA-1 HMACSHA2-256 HMACSHA2-384 HMACSHA2-512 N/A N/A

Page 56
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicat or normal stateConditio ns
Entropy 90B Continuous Adaptive Proportion Test (APT)Entropy 90B Continuous Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of some physical failure or environment al change affecting the noise sourceAdaptive Proportio n TestModule is in normal stateEntropy data is generated from the Entropy Source - Continuou s
CRC-32 (Bootloader)CRC-32 (Bootloader)KATSW/FW IntegrityRecommend 60 DaysReboot
CRC-32 (Firmware)CRC-32 (Firmware)KATSW/FW IntegrityRecommend 60 DaysReboot
AES-CBC Encrypt KAT (A5076)AES-CBC Encrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-CBC Decrypt KAT (A5076)AES-CBC Decrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Encrypt KAT (A5076)AES-GCM Authenticated Encrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Decrypt KAT (A5076)AES-GCM Authenticated Decrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
Counter DRBG Instantiate/Generate/Reseed KAT (A5076)Counter DRBG Instantiate/Generate/Reseed KAT (A5076)KATCASTRecommend 60 DaysReboot
HMAC-SHA-1 KAT (A5076)HMAC-SHA-1 KAT (A5076)KATCASTRecommend 60 DaysReboot
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicat or normal stateConditio ns
Entropy 90B Continuous Adaptive Proportion Test (APT)Entropy 90B Continuous Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of some physical failure or environment al change affecting the noise sourceAdaptive Proportio n TestModule is in normal stateEntropy data is generated from the Entropy Source - Continuou s
CRC-32 (Bootloader)CRC-32 (Bootloader)KATSW/FW IntegrityRecommend 60 DaysReboot
CRC-32 (Firmware)CRC-32 (Firmware)KATSW/FW IntegrityRecommend 60 DaysReboot
AES-CBC Encrypt KAT (A5076)AES-CBC Encrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-CBC Decrypt KAT (A5076)AES-CBC Decrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Encrypt KAT (A5076)AES-GCM Authenticated Encrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Decrypt KAT (A5076)AES-GCM Authenticated Decrypt KAT (A5076)KATCASTRecommend 60 DaysReboot
Counter DRBG Instantiate/Generate/Reseed KAT (A5076)Counter DRBG Instantiate/Generate/Reseed KAT (A5076)KATCASTRecommend 60 DaysReboot
HMAC-SHA-1 KAT (A5076)HMAC-SHA-1 KAT (A5076)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-256 KAT (A5076)HMAC-SHA2-256 KAT (A5076)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-384 KAT (A5076)HMAC-SHA2-384 KAT (A5076)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-512 KAT (A5076)HMAC-SHA2-512 KAT (A5076)KATCASTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800- 56Ar3 KAT (A5076)KAS-ECC-SSC Sp800- 56Ar3 KAT (A5076)KATCASTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800- 56Ar3 KAT (A5076)KAS-FFC-SSC Sp800- 56Ar3 KAT (A5076)KATCASTRecommend 60 DaysReboot
ECDSA SigGen (FIPS186-5) KAT (A5076)ECDSA SigGen (FIPS186-5) KAT (A5076)KATCASTRecommend 60 DaysReboot
ECDSA SigVer (FIPS186-5) KAT (A5076)ECDSA SigVer (FIPS186-5) KAT (A5076)KATCASTRecommend 60 DaysReboot
RSA SigGen (FIPS186-5) KAT (A5076)RSA SigGen (FIPS186-5) KAT (A5076)KATCASTRecommend 60 DaysReboot
RSA SigVer (FIPS186-5) KAT (A5076)RSA SigVer (FIPS186-5) KAT (A5076)KATCASTRecommend 60 DaysReboot
KDF SNMP KAT (A5076)KDF SNMP KAT (A5076)KATCASTRecommend 60 DaysReboot
KDF SSH KAT (A5076)KDF SSH KAT (A5076)KATCASTRecommend 60 DaysReboot
TLS v1.2 KDF RFC7627 KAT (A5076)TLS v1.2 KDF RFC7627 KAT (A5076)KATCASTRecommend 60 DaysReboot
SHA-1 KAT (A5076)SHA-1 KAT (A5076)KATCASTRecommend 60 DaysReboot
SHA2-256 KAT (A5076)SHA2-256 KAT (A5076)KATCASTRecommend 60 DaysReboot
SHA2-384 KAT (A5076)SHA2-384 KAT (A5076)KATCASTRecommend 60 DaysReboot
SHA2-512 KAT (A5076)SHA2-512 KAT (A5076)KATCASTRecommend 60 DaysReboot
ECDSA KeyGen (FIPS186- 5) PCT (A5076)ECDSA KeyGen (FIPS186- 5) PCT (A5076)PCTPCTRecommend 60 DaysReboot
RSA KeyGen (FIPS186-5) PCT (A5076)RSA KeyGen (FIPS186-5) PCT (A5076)PCTPCTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800- 56Ar3 PCT (A5076)KAS-ECC-SSC Sp800- 56Ar3 PCT (A5076)PCTPCTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800- 56Ar3 PCT (A5076)KAS-FFC-SSC Sp800- 56Ar3 PCT (A5076)PCTPCTRecommend 60 DaysReboot
RSA SigVer (FIPS186-5) Firmware Load TestRSA SigVer (FIPS186-5) Firmware Load TestKATSW/FW LoadRecommend 60 DaysReboot
Entropy 90B Start-up Repetition Count Test (RCT)Entropy 90B Start-up Repetition Count Test (RCT)RCTCASTN/AN/A
Entropy 90B Start-up Adaptive Proportion Test (APT)Entropy 90B Start-up Adaptive Proportion Test (APT)APTCASTN/AN/A
Entropy 90B Continuous Repetition Count Test (RCT)Entropy 90B Continuous Repetition Count Test (RCT)RCTCASTN/AN/A
Entropy 90B Continuous Adaptive Proportion Test (APT)Entropy 90B Continuous Adaptive Proportion Test (APT)APTCASTN/AN/A

d s Table 19: Conditional Self-Tests

10.3 Periodic Self-Test Information

Table 20: Pre-Operational Periodic Information

Page 58
Service
NameDescriptionRole AccessIndicator
Error StateIf self-test tests fail, the module is put into an error stateSelf-test failureSystem HaltReboot the module

N/A N/A N/A N/A Table 21: Conditional Periodic Information

10.4 Error States

Table 22: Error States If any of the above-mentioned self-tests fail, the module reports the cause of the error and enters an error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and reperforming the self-tests, including the pre-operational software integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs. The table below shows the different causes that lead to the Error State and the status indicators reported.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module meets all the Level 1 requirements for FIPS 140-3. Follow the secure operations provided below to place the module in approved mode. Operating this module without maintaining the following settings will put the module operate in a non-compliant state. The module runs firmware version IronWare OS 10.0.10. This is the only allowable firmware image for this current approved mode of operation. The Crypto Officer shall load the FIPS 140-3 validated firmware only to maintain validation. Any firmware/software loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation. The module is initiated into the approved mode of operation via the following procedures through the Command Line interface (CLI): 1. 2. 3. 4. 5. The Crypto Officer must login by using the default login password. The Crypto Officer shall replace the default login password with a new one. Enter into the configuration mode by using ‘conf t’ command. Enable approved mode by using ‘fips enable’ command. Create accounts for Port Config Admin role and User role respectively.

Page 59
  1. Configure SSH, TLS, and SNMPv3 services by using only approved algorithms listed above.
  2. If using RADIUS server for roles authentication, please configure a secure TLS tunnel to secure traffic between the module and the RADIUS server. The RADIUS shared secret must be at least 8 characters long.
  3. Disable the TFTP server.
  4. Ensure that installed digital certificates are signed using approved algorithms.
  5. Save the configuration.
  6. Reload the module.
  7. Verify the approved mode by using command ‘fips show’ (This command outputs the module’s status. After the approved mode was enabled, the output would be “approved mode: Administrative status ON”).
  8. The Crypto Officer shall load the FIPS 140-3 validated firmware only to maintain validation. Once the module has completed initialization into the approved mode of operation, the module automatically enforces a password change for the Crypto Officer. Any non-approved algorithms or security functions are rejected automatically by the module and an error message is output.
11.2 Administrator Guidance

No specific Administrator guidance.

11.3 Non-Administrator Guidance

No specific Non-Administrator guidance.

11.4 End of Life

Crypto Officers should follow the procedure below for the secure destruction of their module. Please note that this process will cause the module to no longer function after it has wiped all configurations and keys.

  1. Access the module via SSH with Crypto Officer
  2. Authenticate using proper credentials
  3. Execute command: “fips zeroize all” a. Confirm command Module will begin zeroization process and wipe all security parameters and configurations.
12 Mitigation of Other Attacks

Referenced URLs