Understanding Roles and Services for Junos OS in Common Criteria and FIPS
For Common Criteria, user accounts in the TOE have the following attributes: user identity (user name), authentication data (password), and role (privilege). The Security Administrator is associated with the defined login class “security-admin”, which has the necessary permission set to allow the administrator to perform all tasks necessary to manage the Junos OS. Administrative users (Security Administrator) must provide unique identification and authentication data before any administrative access to the system is granted.
Security Administrator roles and responsibilities are as follows:
- Security Administrator can administer the TOE locally and remotely.
- Create, modify, and delete administrator accounts, including configuration of authentication failure parameters.
- Re-enable an Administrator account.
- Responsible for the configuration and maintenance of cryptographic elements related to the establishment of secure connections to and from the evaluated product.
The Juniper Networks Junos operating system (Junos OS) running in non-FIPS mode allows a wide range of capabilities for users, and authentication is identity-based. In contrast, the FIPS 140-2 standard defines two user roles: Crypto Officer and FIPS user. These roles are defined in terms of Junos OS user capabilities.
All other user types defined for Junos OS in FIPS mode (read-only, administrative user, and so on) must fall into one of the two categories: Crypto Officer or FIPS user. For this reason, user authentication in Junos is identity based with role based authorization.
In addition to their FIPS roles, both Crypto Officer and user can perform normal configuration tasks on the switch as individual user configuration allows.
Crypto Officers and FIPS users perform all FIPS-mode-related configuration tasks and issue all statements and commands for Junos OS in FIPS mode. Crypto Officer and FIPS user configurations must follow the guidelines for Junos OS in FIPS mode.
For details, see:
Crypto Officer Role and Responsibilities
The Crypto Officer is the person responsible for enabling, configuring, monitoring, and maintaining Junos OS in FIPS mode on a switch. The Crypto Officer securely installs Junos OS on the switch, enables FIPS mode, establishes keys and passwords for other users and software modules, and initializes the switch before network connection.
We recommend that the Crypto Officer administer the system in a secure manner by keeping passwords secure and checking audit files.
The permissions that distinguish the Crypto Officer from other FIPS users are secret, security, maintenance, and control. For FIPS compliance, assign the Crypto Officer to a login class that contains all of these permissions. A user with the Junos OS maintenance permission can read files containing critical security parameters (CSPs).
Junos OS in FIPS mode does not support the FIPS 140-2 maintenance role, which is different from the Junos OS maintenance permission.
Among the tasks related to Junos OS in FIPS mode, the Crypto Officer is expected to:
Set the initial root password.
Reset user passwords for FIPS-approved algorithms during upgrades from Junos OS.
Examine log and audit files for events of interest.
Erase user-generated files and data on (zeroize) the switch.
FIPS User Role and Responsibilities
All FIPS users, including the Crypto Officer, can view the configuration. Only the user assigned as the Crypto Officer can modify the configuration.
The permissions that distinguish Crypto Officers from other FIPS users are secret, security, maintenance, and control. For FIPS compliance, assign the FIPS user to a class that contains none of these permissions.
FIPS users configure networking features on the switch and perform other tasks that are not specific to FIPS mode. FIPS users who are not Crypto Officers can view status output.
What Is Expected of All FIPS Users
All FIPS users, including the Crypto Officer, must observe security guidelines at all times.
All FIPS users must:
Keep all passwords confidential.
Store switches and documentation in a secure area.
Deploy switches in secure areas.
Check audit files periodically.
Conform to all other FIPS 140-2 security rules.
Follow these guidelines:
Users are trusted.
Users abide by all security guidelines.
Users do not deliberately compromise security.
Users behave responsibly at all times.