Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Applying Tamper-Evident Seals to the Cryptographic Module

    The cryptographic modules physical embodiment is that of a multi-chip standalone device that meets Level 2 physical security requirements. The module is completely enclosed in a rectangular nickel or clear zinc coated, cold rolled steel, plated steel, and brushed aluminum enclosure. There are no ventilation holes, gaps, slits, cracks, slots, or crevices that would allow for any sort of observation of any component contained within the cryptographic boundary. Tamper-evident seals allow the operator to verify if the enclosure has been breached. These seals are not factory-installed and must be applied by the Cryptographic Officer.

    Note: Seals are available for order from Juniper Networks using part number JNPR-FIPS-TAMPER-LBLS.

    As a Cryptographic Officer, you are responsible for:

    • Applying seals to secure the cryptographic module
    • Controlling any unused seals
    • Controlling and observing any changes, such as repairs or booting from an external USB drive to the cryptographic module, that require removing or replacing the seals to maintain the security of the module

    As per the security inspection guidelines, upon receipt of the cryptographic module, the Cryptographic Officer must check that the labels are free of any tamper evidence.

    General Tamper-Evident Seal Instructions

    All FIPS-certified switches require a tamper-evident seal on the USB ports. While applying seals, follow these general instructions:

    • Handle the seals with care. Do not touch the adhesive side. Do not cut or otherwise resize a seal to make it fit.
    • Make sure all surfaces to which the seals are applied are clean and dry and clear of any residue.
    • Apply the seals with firm pressure across the seal to ensure adhesion. Allow at least 1 hour for the adhesive to cure.

    The following sections describe the tamper-evident seal application method for all the SRX Series devices.

    SRX5400 Device Tamper-Evident Seal Application

    On SRX5400 devices, apply 13 tamper-evident seals at the following locations:

    • Front Pane:
    • Apply two seals vertically, connecting them to the topmost (non-honeycomb) subpane. Position the seals so that they extend to the thin pane below and the honeycomb panel above.
    • Apply one seal vertically across the thin pane, extending to the blank pane below and the subpane above.
    • Apply three seals vertically, one on each “long” horizontal subpane. Position each seal so that it attaches to the subpane above and the one below (or to the chassis, if it is bottommost subpane). Ensure that one of the seals extends to the left subpane below the thin subpane.
    • Back Pane:
    • Apply four seals vertically, one on each of the top four subpanes, extending to the large chassis plate below.
    • Apply one seal vertically on the horizontal screwed-in plate that rests on the large central chassis. Position the seal so that it extends to the chassis in both directions.
    • Apply two seals horizontally on the low side of the subpanes. Position the seals so that they extend to the large central chassis area and wrap around to the neighboring side panes.

    SRX5600 Device Tamper-Evident Seal Application

    On SRX5600 devices, apply 17 tamper-evident seals at the following locations:

    • Front Pane:
    • Apply 11 seals vertically, one for each horizontal subpane (excluding the honeycomb plate on the top and the thin subpane below), one for the top (non-honeycomb) subpane, and one for the bottom. Position the seals so that they attach to vertically adjacent subpanes. Position the bottom seal so that it attaches to the lowermost subpane and wraps around, attaching to the bottom pane. Ensure that one of the seals spans across the thin plate with ample extra distance on each side.
    • Back Pane:
    • Apply four seals vertically, one on each of the top four subpanes, extending to the large chassis plate below.
    • Apply two seals horizontally, one on each of the vertical side subpanes, extending to both the large central plate and the side panes.

    SRX5800 Device Tamper-Evident Seal Application

    On SRX5800 devices, apply 24 tamper-evident seals at the following locations:

    • Front Pane:
    • Apply two seals vertically, connected to the topmost (non-honeycomb) subpane. Position the seals so that they extend to the thin pane below and the honeycomb panel above.
    • Apply one seal vertically, across the thin pane. Position the seal so that it extends to the blank pane below and the subpane above.
    • Apply three seals vertically, one on each long horizontal subpane. Position each seal so that it attaches to the subpane above and the one below (or to the chassis, if it is the bottommost subpane). Ensure that one of the seals extends to the left subpane below the thin subpane.
    • Back Pane:
    • Apply four seals vertically, one on each of the top four subpanes, extending to the large chassis plate below.
    • Apply one seal vertically on the horizontal screwed-in plate that rests on the large central chassis. Position the seal so that it extends to the chassis in both directions.
    • Apply two seals horizontally. Position them on the low side subpanes, extending to the large central chassis area and wrapping around to the neighboring side panes.

    Modified: 2017-01-04