Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
21222324252627282930
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target
Page 24 of 85
5.2.1.7 FCS_CKM.4 Cryptographic key destruction
FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a specified key
destruction method [cryptographic key zeroization method] that meets the following:[
a) The Key Zeroization Requirements in FIPS PUB 140-1/2 Key Management Security Levels 1;
b) Zeroization of all private cryptographic keys, plaintext cryptographic keys, key data, and all other
critical cryptographic security parameters shall be immediate and complete; and
c) The zeroization shall be executed by overwriting the key/critical cryptographic security parameter
storage area three or more times with an alternating pattern.
d) The TSF shall overwrite each intermediate storage area for private cryptographic keys, plaintext
cryptographic keys, and all other critical security parameters three or more times with an alternating
pattern upon the transfer of the key/CSPs to another location.]
Application Note: Item (d) applies to locations that are used when the keys/parameters are copied during
processing, and not to the locations that are used for storage of the keys, which are specified in items (b) and
(c). The temporary locations could include memory registers, physical memory locations, and even page files
and memory dumps. Configuring the key data may include: setting key lifetimes, setting key length, etc.
5.2.1.8 FCS_COP_EXP.1 Explicit: random number generation
FCS_COP_EXP.1.1 The TSF shall perform all Random Number Generation used by the
cryptographic functionality of the TSF using a FIPS-approved Random Number Generator
implemented in a FIPS-approved cryptomodule running in a FIPS-approved mode.
Application Note: Whenever a referenced standard calls for a random number generation capability, this
requirement specifies the subset of random number generators (those that are FIPS-validated) that are
acceptable. Although the RNG is required to be implemented in a FIPS cryptomodule, it is not required that it
be implemented in the cryptomodule that is performing the cryptographic operations that satisfy
FCS_COP_EXP.2. Also note that this requirement is not calling for the RNG functionality to be made
generally available (e.g., to untrusted users via an API).
5.2.1.9 FCS_COP_EXP.2(1) Explicit: cryptographic operation
FCS_COP_EXP.2.1(1) A cryptomodule shall perform encryption and decryption using the FIPS-
140-1/2 Approved AES algorithm and operating in [CCM mode, CBC mode] and supporting FIPS
approved key sizes of [128 bits, 196 bits, 256 bits].
5.2.1.10 FCS_COP_EXP.2(2) Explicit: cryptographic operation
FCS_COP_EXP.2.1(2) A cryptomodule shall perform encryption and decryption using the FIPS-
140-1/2 Approved Triple DES algorithm and operating in [CBC mode] and supporting FIPS
approved key sizes of [112 bits, 168 bits].