Understanding Zeroization to Clear System Data for FIPS-Approved Mode of Operation
Zeroization completely erases all configuration information on the device, including all plaintext passwords, secrets, and private keys for SSH, local encryption, local authentication, and IPsec.
The cryptographic module provides a non-approved mode of operation in which non-approved cryptographic algorithms are supported. When moving from the non-approved mode of operation to the approved mode of operation, the Cryptographic Officer must run the following commands to zeroize the approved mode critical security parameters (CSPs):
user@host> start shell user@host% rm –P <key file> <key file> each persistent private or secret key other than the SSH host keys and the X.509 keys for IKE. user@host% exit user@host> request system zeroize
The Cryptographic Officer initiates the zeroization process by entering the request system zeroize operational command from the CLI after enabling FIPS-approved mode of operation. Use of this command is restricted to the Cryptographic Officer. (To zeroize the system before enabling FIPS-approved mode of operation, use the request system zeroize media command.)
Perform system zeroization with care. After the zeroization process is complete, no data is left on the device. The device is returned to the factory-default state, without any configured users or configuration files.
Zeroization can be time-consuming. Although all configurations are removed in a few seconds, the zeroization process goes on to overwrite all media, which can take considerable time depending on the size of the media.
Your device is not considered a valid FIPS cryptographic module until all CSPs have been entered—or reentered—while the device is in FIPS-approved mode of operation.
For FIPS 140-2 compliance, we recommend that you zeroize the device to remove sensitive information.
When to Zeroize?
As a Cryptographic Officer, perform zeroization in the following situations:
Before FIPS operation—To prepare your device for operation as a FIPS cryptographic module, perform zeroization after enabling FIPS-approved mode of operation and before FIPS operation.
Before non-FIPS operation—To begin repurposing your device for non-FIPS operation, perform zeroization before disabling FIPS-approved mode of operation on the device or loading Junos OS packages that do not include FIPS-approved mode of operation.
Juniper Networks does not support installing non-FIPS software in a FIPS-approved mode of operation, but doing so might be necessary in certain test environments. Be sure to zeroize the system first.
When a tamper-evident seal is disturbed—If the seal on an insecure port has been tampered with, the system is considered to be compromised. After applying new tamper-evident seals to the appropriate locations, zeroize the system and set up new passwords and CSPs.