Crypto Officer Responsibilities

The Crypto Officer securely upgrades the router to JUNOS-FIPS and initializes the router before network connection. We also recommend that the Crypto Officer administer the system in a secure manner, for example, by keeping passwords secure, checking audit files, and so on.

Among other tasks, the Crypto Officer is expected to:

• Set the initial root password.
• Insert the compact flash card where appropriate.
• Apply a tamper-evident seal to the flash card slot.
• For FIPS Level 2 operation, apply a tamper-evident label to seal each Routing Engine into the chassis. On some models, tamper-evident labels must be applied to other components as well. See the FIPS Level 2 Label Installation Instructions for details. Tamper-evident labels are ordered separately and applied according to the instructions included in the label kit.
• Reset user passwords for FIPS-approved algorithms during upgrades from JUNOS software.
• Enable any AS II FIPS PICs before use.
• Set up manual IPSec SAs for configuration with dual Routing Engines.
• Examine log and audit files for events of interest.
• Perform other JUNOS-FIPS-related tasks as needed.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.