Understanding Zeroization to Clear System Data for FIPS Mode
Zeroization completely erases all configuration information on the Routing Engines, including all plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, and IPsec.
The Crypto Officer initiates the zeroization process by entering the request system zeroize (FIPS) operational command from the CLI after enabling FIPS mode. Use of this command is restricted to the Crypto Officer. (To zeroize the system before enabling FIPS mode, use the request system zeroize media command.)
Perform system zeroization with care. After the zeroization process is complete, no data is left on the Routing Engine. The switch is returned to the factory default state, without any configured users or configuration files.
Zeroization can be time-consuming. Although all configurations are removed in a few seconds, the zeroization process goes on to overwrite all media, which can take considerable time depending on the size of the media.
Your switch is not considered a valid FIPS cryptographic module until all critical security parameters (CSPs) have been entered—or reentered—while the switch is in FIPS mode.
For FIPS 140-2 compliance, you must zeroize the system to remove sensitive information before disabling FIPS mode on the switch.
When to Zeroize?
As Crypto Officer, perform zeroization in the following situations:
Before FIPS operation. To prepare your switch for operation as a FIPS cryptographic module, perform zeroization after enabling FIPS mode and before FIPS operation.
Before non-FIPS operation. To begin repurposing your switch for non-FIPS operation, perform zeroization before disabling FIPS mode on the switch or loading Junos OS packages that do not include FIPS mode.
Juniper Networks does not support installing non-FIPS software in a FIPS environment, but doing so might be necessary in certain test environments. Be sure to zeroize the system first.
When a tamper-evident seal is disturbed. If the seal on an insecure port has been tampered with, the system is considered to be compromised. After applying new tamper-evident seals to the appropriate locations, zeroize the system and set up new passwords and CSPs.