Specifications
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
19
Figure 14 - Cisco 3845 Tamper Evident Label Placement (Side Views)
The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive
backing. Any attempt to open the router will damage the tamper evidence seals or the material of
the module cover. Since the tamper evidence seals have non-repeated serial numbers, they can be
inspected for damage and compared against the applied serial numbers to verify that the module
has not been tampered. Tamper evidence seals can also be inspected for signs of tampering,
which include the following: curled corners, bubbling, crinkling, rips, tears, and slices. The word
“OPEN” may appear if the label was peeled back.
2.5 Cryptographic Key Management
The router securely administers both cryptographic keys and other critical security parameters
such as passwords. The tamper evidence seals provide physical protection for all keys. All keys
are also protected by the password-protection on the Crypto Officer role login, and can be
zeroized by the Crypto Officer. All zeroization consists of overwriting the memory that stored
the key. Keys are exchanged and entered electronically or via Internet Key Exchange (IKE) or
SSL/TLS handshake protocols.
The routers support the following FIPS-2 approved algorithm implementations:
Algorithm Algorithm Certificate Number
Software (IOS) Implementations