Operational Environment for Junos OS Evolved in CC Evaluated Configuration
A Juniper Networks device running the Junos OS Evolved in CC evaluated configuration provides an enhanced software operational environment that is different from the environment of a device in normal mode.
Software Environment for Junos OS Evolved in CC Evaluated Configuration
The Junos OS Evolved in CC evaluated configuration, the software environment is established after
the Security Administrator successfully enables
fips-mode on a device. This Junos OS
Evolved Release image that includes FIPS mode is available on the
Juniper Networks website and can be configured on a functioning
device.
The minimum length of the passwords must be 10 characters and require the use of at least three of the five defined character sets (uppercase and lowercase letters, digits, punctuation marks, and keyboard characters, such as % and &, not included in the other four categories). All passwords and keys used to authenticate peers must be at least 10 characters in length, and in some cases the length must match the digest size.
Do not attach your device to a network until the Security Administrator completes configuration from the local console connection.
For strict compliance, do not examine core and crash dump information on the local console in Junos OS Evolved in FIPS mode because some CSPs might be shown in plain text.
Critical Security Parameters
Critical security parameters (CSPs) are security-related information such as cryptographic keys and passwords that can compromise the security of the cryptographic module or the security of the information protected by the module if they are disclosed or modified.
For FIPS compliance, configure the device over SSH connections because they are encrypted connections.
Local passwords are hashed with the SHA256 or SHA512 algorithm. Junos OS Evolved in FIPS mode cannot boot into single-user mode without the correct root password.