JUNOS-FIPS is a version of the JUNOS software that complies with FIPS 140-2 documentation. The FIPS documents define, among other things, security levels for computer and networking equipment. U.S. Federal Government departments, and other organizations, use FIPS to evaluate the cryptographic capabilities of the equipment they consider for purchase. Cryptographic modules are validated against 11 separate areas of the FIPS 140-2 specification. An overall certification level is assigned based on the minimum level achieved in any area.
Although primarily aimed at environments requiring strict security, FIPS levels are increasingly enforced as qualifying criteria for all U.S. Federal Government contracts. Security-conscious private enterprises might also use FIPS levels as an equipment evaluation benchmark. FIPS levels also serve as a customer-neutral description of vendor requirements. Vendors can engineer security products to FIPS levels and extend the applicability and eligibility of these products across a broad customer base, thereby eliminating exhaustive and time-consuming customer-by-customer product qualification procedures.
FIPS levels are defined in the FIPS 140-2 standard. The JUNOS-FIPS software operates at FIPS Level 1 or FIPS Level 2. When FIPS Level 2 operation is planned, tamper-evident labels must be applied to detect Routing Engine removal. On some models, tamper-evident labels must be applied to other components as well. See the FIPS Level 2 Label Installation Instructions for details.
FIPS 140-2 compliance is established for defined cryptographic boundaries; for example, the JUNOS-FIPS software running on a Routing Engine. Another defined cryptographic boundary for FIPS compliance is the entire AS II FIPS PIC. FIPS 140-2 mandates that no critical security parameters (CSPs), such as passwords and keys, can cross these boundaries, for example, by display on a console or written to an external log file. Although all running configurations involve hardware, only the software running on the Routing Engine and the AS II FIPS PIC require FIPS 140-2 certification. The JUNOS software by itself meets FIPS Level 1 requirements, and meets FIPS Level 2 requirements with the addition of tamper-evident labels sealing the Routing Engine and, in some cases, other components, into the chassis. This allows a large selection of the Juniper Networks product range to be used in environments that require FIPS 140-2 support.
JUNOS-FIPS creates a nonmodifiable, limited operational environment compared to the JUNOS software. You cannot load non-JUNOS-FIPS modules on a system running JUNOS-FIPS.
 |
Note: Certain JUNOS-FIPS releases are submitted to the National Institute of Standards and Technology (NIST) for certification. Certain other releases, such as maintenance releases, might not be certified by NIST. Check with the software download page for JUNOS-FIPS on the Juniper Networks Web site or the National Institute of Standards and Technology site at http://csrc.nist.gov/cryptval/140-1/1401val.htm to determine whether a release is NIST-certified. |
 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |