Manualshelf

User guide

ManualsBrandsCisco ManualsComputer equipmentCX-FEIP-1TX= Installation and con?guration
131132133134135136137138139140
Security planning Chapter 2: Planning considerations
2-24
phn-2513_004v000 (Oct 2012)
Planning for FIPS 140-2 operation
To prepare for FIPS 140-2 secure mode operation, generate the following cryptographic
material using a FIPS-approved cryptographic generator:
Key of Keys
TLS Private Key and Public Certificates. FIPS 140-2 now recommends 2048 bit keys.
Entropy Input
Wireless Link Encryption Key for AES
Enable the web browsers for HTTPS/TLS operation using FIPS-approved cipher
specifications.
Configure the following attributes of user accounts for the web-based management
interface to match the network security policy:
Auto Logout Period.
Maximum Number of Login Attempts.
Login Attempt Lockout.
Minimum Password Change Period.
Password Expiry Period.
Webpage Session Control
Configure the following attributes:
Password complexity rules reset to ‘best practice’ values.
User account passwords compliant with the network security policy.
RADIUS authentication = Disabled.
Configure all of the above correctly to ensure that PTP 800 is operating in compliance
with the FIPS 140-2 validation.
FIPS validated software is available from System Release PTP800-04-00. Load standard
(non-FIPS) software from PTP800-04-00 or later before loading a FIPS software image.