Router Instructions
15
FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM
OL-3959-01
Self-Tests
Key Zeroization
All of the keys and CSPs of the module can be zeroized. Please refer to the Description column of
Table 2 for information on methods to zeroize each key and CSP.
Self-Tests
To prevent secure data from being released, it is important to test the cryptographic components of a
security module to insure all components are functioning correctly. The router includes an array of
self-tests that are run during startup and periodically during operations. If any of the self-tests fail, the
router transitions into an error state. Within the error state, all secure data transmission is halted and the
router outputs status information indicating the failure.
Self-tests performed by the IOS image:
• Power-up tests
–
Firmware integrity test
–
RSA signature KAT (both signature and verification)
–
DES KAT
–
TDES KAT
–
AES KAT
–
SHA-1 KAT
–
PRNG KAT
–
Power-up bypass test
–
Diffie-Hellman self-test
–
HMAC-SHA-1 KAT
• Conditional tests
–
Conditional bypass test
–
Pairwise consistency test on RSA signature
–
Continuous random number generator tests
Self-tests performed by the VAM (cryptographic accelerator):
• Power-up tests
–
Firmware integrity test
–
RSA signature KAT (both signature and verification)
–
DES KAT
–
TDES KAT
–
SHA-1 KAT
–
HMAC-SHA-1 KAT
–
PRNG KAT
• Conditional tests
–
Pairwise consistency test on RSA signature