Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Applying Tamper-Evident Seals to the Cryptographic Module

 

The cryptographic modules physical embodiment is that of a multi-chip standalone device that meets Level 2 physical security requirements. The module is completely enclosed in a rectangular nickel or clear zinc coated, cold rolled steel, plated steel, and brushed aluminum enclosure. There are no ventilation holes, gaps, slits, cracks, slots, or crevices that would allow for any sort of observation of any component contained within the cryptographic boundary. Tamper-evident seals allow the operator to verify if the enclosure has been breached. These seals are not factory-installed and must be applied by the Cryptographic Officer.

Note

Seals are available for order from Juniper Networks using part number JNPR-FIPS-TAMPER-LBLS.

As a Cryptographic Officer, you are responsible for:

  • Applying seals to secure the cryptographic module

  • Controlling any unused seals

  • Controlling and observing any changes, such as repairs or booting from an external USB drive to the cryptographic module, that require removing or replacing the seals to maintain the security of the module

As per the security inspection guidelines, upon receipt of the cryptographic module, the Cryptographic Officer must check that the labels are free of any tamper evidence.

General Tamper-Evident Seal Instructions

All FIPS certified devices require a tamper-evident seal on the USB ports. While applying seals, follow these general instructions:

  • Handle the seals with care. Do not touch the adhesive side. Do not cut or otherwise resize a seal to make it fit.

  • Make sure all surfaces to which the seals are applied are clean and dry and clear of any residue.

  • Apply the seals with firm pressure across the seal to ensure adhesion. Allow at least 1 hour for the adhesive to cure.

The following sections describe the tamper-evident seal application method for SRX5400, SRX5600, and SRX5800 devices.

SRX5400 Device Tamper-Evident Seal Application

On SRX5400 devices, apply 13 tamper-evident seals at the following locations:

  • Front Pane:

  • Apply two seals vertically, connecting them to the topmost (non-honeycomb) subpane. Position the seals so that they extend to the thin pane below and the honeycomb panel above.

  • Apply one seal vertically across the thin pane, extending to the blank pane below and the subpane above.

  • Apply three seals vertically, one on each long horizontal subpane. Position each seal so that it attaches to the subpane above and the one below (or to the chassis, if it is bottommost subpane). Ensure that one of the seals extends to the left subpane below the thin subpane.

  • Back Pane:

  • Apply four seals vertically, one on each of the top four subpanes, extending to the large chassis plate below.

  • Apply one seal vertically on the horizontal screwed-in plate that rests on the large central chassis. Position the seal so that it extends to the chassis in both directions.

  • Apply two seals horizontally on the low side of the subpanes. Position the seals so that they extend to the large central chassis area and wrap around to the neighboring side panes.

SRX5600 Device Tamper-Evident Seal Application

On SRX5600 devices, apply 18 tamper-evident seals at the following locations:

  • Front Pane:

  • Apply 11 seals vertically, one seal on each horizontal subpane (excluding the honeycomb plate on the top and the thin subpane below), second seal on the top (non-honeycomb) subpane, and one more seal at the bottom. Position the seals so that they attach to vertically adjacent subpanes. The seals should attach to the vertically adjacent subpanes. Position the bottom seal so that it attaches to the lowermost subpane and wraps around, attaching to the bottom pane. Ensure that one of the seals spans across the thin plate with ample extra distance on each side.

  • Back Pane:

  • Apply five seals vertically, one on each of the top four subpanes, attaching to the large plate below.

  • Apply two seals horizontally, one on each of the vertical side subpanes, extending to both the large central plate and the side panes.

SRX5800 Device Tamper-Evident Seal Application

On SRX5800 devices, apply 24 tamper-evident seals at the following locations:

  • Front Pane:

  • Apply fourteen seals horizontally, one on each of the long vertical subpanes, extending to the neighboring two subpanes. If on an end subpane, seal should wrap around to the side.

  • Apply three seal vertically, one seal covering each of the thin panes, two seals near the bottom, and one seal near the top of the lower half.

  • Apply two seals vertically, both on the console area at the top of the module, one seal extending to the top and the other seal extending to the chassis area below.

  • Back Pane:

  • Apply five seals horizontally, three seals spanning the gaps between the vertical subpanes, and then two more seals, one seal on each of the far edges of the left and right panels. The last two seals must wrap around to the sides.