Specifications
Security Target Version 1.0 9/29/2014
65
NIST SP800-56B
Section Reference
“should”, “should not”, or
“shall not”
Implemented? Rationale for deviation
6.5.1
should
yes
Not applicable
6.5.2
should
yes
Not applicable
6.5.2.1
should
yes
Not applicable
6.6
shall not
no
Not applicable
7.1.2
should
yes
Not applicable
7.2.1.3
should
yes
Not applicable
7.2.1.3
should not
no
Not applicable
7.2.2.3
should (first occurrence)
yes
Not applicable
7.2.2.3
should (second occurrence)
yes
Not applicable
7.2.2.3
should (third occurrence)
yes
Not applicable
7.2.2.3
should (fourth occurrence)
yes
Not applicable
7.2.2.3
should not
no
Not applicable
7.2.2.3
shall not
no
Not applicable
7.2.3.3
should (first occurrence)
yes
Not applicable
7.2.3.3
should (second occurrence)
yes
Not applicable
7.2.3.3
should (third occurrence)
yes
Not applicable
7.2.3.3
should (fourth occurrence)
yes
Not applicable
7.2.3.3
should (fifth occurrence)
yes
Not applicable
7.2.3.3
should not
no
Not applicable
8
should
yes
Not applicable
8.3.2
should not
no
Not applicable
Table 6 NIST SP800-56B Conformance
Name
CSPs type
Generation
Storage and
Zeroization
Use
Key Encryption
Key (KEK)
Triple-DES 168-
bit key
Hardcoded during
manufacturing
Stored in Flash.
Zeroized by using
command ‘wipe out
flash’
Encrypts
IKEv1/IKEv2 Pre-
shared key, RADIUS
server shared secret,
RSA private key,
ECDSA private key,
802.11i pre-shared key
and Passwords.
DRBG entropy
input
SP800-90a DRBG
(512 bits)
Derived using NON-
FIPS approved HW
RNG
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG initialization
DRBG seed SP800-90a DRBG
(384 bits)
Generated per SP800-
90A using a derivation
function
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG initialization