Requirement
FCS_CKM_EXT.4:
Cryptographic key
destruction
FCS_COP.1(1):
Cryptographic operation
(AES data
encryption/decryption)
FCS_COP.1(2):
Cryptographic operation
(Signature Generation and
Verification)
FCS_COP.1(3):
Cryptographic operation
(Hash Algorithm)
FCS_COP.1(4):
Cryptographic operation (for
keyed-hash message
authentication)
FCS_RBG_EXT.1:
Cryptographic operation
(random bit generation)
FCS_IPSEC_EXT.1.1
Extended: IPSEC
Management Action to
Log
Manual key zeroization
None
None
None
None
None
Configuration of IPsec
settings: including mode,
security policy, IKE
version, algorithms,
lifetimes, DH group, and
certificates.
Sample Log
Jan 24 2013 03:10:08.878: %GDOI-5-
KS_REKEY_TRANS_2_UNI: Group getvpn
transitioned to Unicast Rekey.ip
Feb 17 2013 16:37:27: %PARSER-5-
CFGLOG_LOGGEDCMD: User:test_admin
logged command:crypto key zeroize
N/A
N/A
N/A
N/A
N/A
ESP-Algorithms:
*Mar 13 11:56:12.491: \%PARSER-5-
CFGLOG_LOGGEDCMD: User:script logged
command:interface GigabitEthernet0/0/1
*Mar 13 11:56:15.762: \%PARSER-5-
CFGLOG_LOGGEDCMD: User:script logged
command:ip access-list extended acl_ASR1001X
Page 56 of 72