 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
JUNOS-FIPS defines a restricted set of user roles. Unlike the JUNOS software, which allows a wide range of capabilities to users, FIPS 140-2 defines specific types of users (Crypto Officer, User, and Maintenance). Crypto Officers and FIPS Users perform all FIPS-related configuration tasks and issue all FIPS-related commands. Crypto Officer and FIPS User configurations must follow FIPS 140-2 guidelines. Typically, no user besides a Crypto Officer can perform FIPS-related tasks. For more information, see the Secure Configuration Guide for Common Criteria and JUNOS-FIPS.
JUNOS-FIPS offers finer control of user permissions than those mandated by FIPS 140-2. For FIPS 140-2 conformance, any JUNOS-FIPS user with the secret, security, and maintenance permission bits set is a Crypto Officer. In most cases, the super-user class should be reserved for a Crypto Officer. A FIPS User can be defined as any JUNOS-FIPS user that does not have the secret, security, and maintenance bits set.
A Crypto Officer sets up FIPS Users. FIPS Users can be granted permissions normally reserved for a Crypto Officer; for example, permission to zeroize the system and individual AS-II FIPS PICs.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |