Supported Roles and Services

Unlike the JUNOS software, which allows a wide range of capabilities for users, such as routing control or view-only, the FIPS 140-2 standard defines two important types of users. For the purposes of this guide, the FIPS 140-2 roles are defined in terms of JUNOS user capabilities. The JUNOS-FIPS user roles are:

• Crypto Officer—Installs the JUNOS-FIPS software and establishes keys and passwords for other users and software modules. The Crypto Officer also authorizes the AS II FIPS PICs. For more information about the Crypto Officer, see Crypto Officer Guide .
• User—Views and in some cases modifies the configuration and zeroizes AS II FIPS PICs. In this guide, these users are called JUNOS-FIPS Users. For more information about JUNOS-FIPS Users, see JUNOS-FIPS User Configuration .

All other user types defined for JUNOS-FIPS (for example, operator, administrative user, and so on) and services (for example, remote protocol peers for remote access) must fall into one of the two categories of Crypto Officer or JUNOS-FIPS User.

Note: The set of JUNOS-FIPS permissions that distinguish Crypto Officers from other JUNOS-FIPS Users are secret, security, maintenance, and control. For strict FIPS compliance, all users should be assigned to a login class that contains all or none of these permissions. The JUNOS software documentation uses the term “maintenance” in an entirely different sense than FIPS 140-2. When in doubt, the broader JUNOS definition of the “maintenance” term should be assumed.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.