Cisco Cat4K NDPP ST
EDCS-1228241
TOE SFRs
10
Unless specifically noted, the zeroization method used for secrets, keys, etc is to overwrite with zeros
(0x00).
How the SFR is Met
exchanged and entered electronically. Persistent keys are entered
by the privileged administrator via the console port CLI, transient
keys are generated or established and stored in DRAM. If present,
a VSS link can export all DRAM and NVRAM keys to another
switch over a secure connection for high availability purposes.
The module supports the following critical security parameters
(CSPs). It is noted that there may be keys and CSPs that are not
applicable to this evaluation and should not be reviewed. They
are included for completeness of the module.
Algorit
ID
Size
hm
General Keys/CSPs
User
Passwo
Variable
Password
rd
(8+
characters)
Enable
Passwo
Variable
Password
rd
(8+
characters)
RADIUS
Shared
Variable
secret
Secret
(8+
characters)
RADIUS
AES
128/256
Key wrap
bits
key
TACACS
Shared
Variable
+ secret
Secret
(8+
characters)
63
Zeroizati
Storag
Description
on
e
Method
Used
to
NVRA
Zeroized
authenticate
M
by
local users
(plainte
overwriti
xt)
ng with
new
password
Used
to
NVRA
Zeroized
authenticate
M
by
local users at a
(plainte
overwriti
higher privilege
xt)
ng with
level
new
password
The
RADIUS
NVRA
Zeroized
Shared Secret
M
using the
(plainte
following
xt)
command
:
# no
radius-
server key
Overwritt
en with:
0x0d
Used to protect
DRAM
Zeroized
SAK
(plainte
when data
xt)
structure
is freed
The TACACS+
NVRA
Zeroized
shared secret
M
using the
(plainte
following
xt)
command
:
# no
tacacs-
11 March 2014
10