Zeroizing the System
Your device is not considered a valid FIPS cryptographic module until all critical security parameters (CSPs) have been entered—or reentered—while the device is in FIPS mode.
For FIPS 140-3 compliance, you must zeroize the system to remove sensitive information before disabling FIPS mode on the device.
As Security Administrator, you run the request system zeroize
command to remove
all user-created files from a device and replace the user data
with zeros. This command completely erases all configuration
information on the Routing Engines, including all rollback
configuration files and plain-text passwords, secrets, and
private keys for SSH, local encryption, local authentication,
and IPsec.
To zeroize your device:
Perform system zeroization with care. After the zeroization process is complete, no data is left on the Routing Engine. The device is returned to the factory default state, without any configured users or configuration files.