Configuring Crypto Officer and FIPS User Identification and Access
Crypto Officer enables FIPS mode on your device and performs all configuration tasks for Junos OS in FIPS mode and issue all Junos OS in FIPS mode statements and commands. Crypto Officer and FIPS user configurations must follow Junos OS in FIPS mode guidelines.
Configuring Crypto Officer Access
Junos OS in FIPS mode offers a finer granularity of user permissions than those mandated by FIPS 140-2.
For FIPS 140-2 compliance, any FIPS user with the secret
, security
, maintenance
, and control
permission bits set is a Crypto Officer. In most cases the super-user
class suffices for the Crypto Officer.
To configure login access for a Crypto Officer:
Configuring FIPS User Login Access
A fips-user
is defined as any FIPS user that does
not have the secret
, security
, maintenance
, and control
permission bits set.
As the Crypto Officer you set up FIPS users. FIPS users cannot be granted permissions normally reserved for the Crypto Officer—for example, permission to zeroize the system.
To configure login access for a FIPS user: