Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller
41424344454647484950
46
6.1.7 FCS_CKM.2 Cryptographic Key Distribution
FCS_CKM.2.1 The TSF shall distribute cryptographic keys in accordance with a specified cryptographic key
distribution method Automated (Electronic) Method that meets the following:
a) NIST Special Publication 800-57, "Recommendation for Key Management" Section 8.1.5
b) NIST Special Publication 800-56A, "Recommendation for Pair-Wise Key Establishment
Schemes Using Discrete Logarithm Cryptography"
6.1.8 FCS_CKM_(EXT).2 Extended: Cryptographic Key Handling & Storage
FCS_CKM_(EXT).2.1 The TSF shall perform a key error detection check on each transfer of key (internal,
intermediate transfers).
FCS_CKM_(EXT).2.2 The TSF shall store persistent secret and private keys when not in use in encrypted form or
using split knowledge procedures.
FCS_CKM_(EXT).2.3 The TSF shall destroy non-persistent cryptographic keys after a cryptographic
administrator-defined period of time of inactivity.
FCS_CKM_(EXT).2.4 The TSF shall prevent archiving of expired (private) signature keys.
6.1.9 FCS_CKM.4 Cryptographic Key Destruction
FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a cryptographic key zeroization
method that meets the following:
a) Key zeroization requirements of FIPS PUB 140-2, “Security Requirements for
Cryptographic Modules”
b) Zeroization of all plaintext cryptographic keys and all other critical cryptographic
security parameters shall be immediate and complete.
c) The TSF shall zeroize each intermediate storage area for plaintext key/critical
cryptographic security parameter (i.e., any storage, such as memory buffers, that is
included in the path of such data) upon the transfer of the key/critical cryptographic
security parameter to another location.
d) For non-volatile memories other than EEPROM and Flash, the zeroization shall be
executed by overwriting three or more times using a different alternating data pattern
each time.
e) For volatile memory and non-volatile EEPROM and Flash memories, the zeroization
shall be executed by a single direct overwrite consisting of a pseudo random pattern,
followed by a read-verify.
6.1.10 FCS_COP.1(1) Cryptographic Operation (Data Encryption/Decryption)
FCS_COP.1.1(1) The cryptomodules shall perform encryption and decryption using the FIPS-approved security function
AES algorithm operating in [ECB, CBC, CCMP, CMAC and Key Wrap modes] and cryptographic key
size of 128 bits.
6.1.11 FCS_COP.1(2) Cryptographic Operation (Cryptographic Signatures)
FCS_COP.1.1(2) The TSF shall perform cryptographic signature services using the FIPS-approved security