Understanding Roles and Services for Junos OS in FIPS Mode
The Juniper Networks Junos operating system (Junos OS), when running in non-FIPS mode, allows a wide range of capabilities for users authenticated and authorized using identity-based mechanisms. In contrast, when in the FIPS mode, the Junos OS only implements the two user roles defined in the FIPS 140-3 standard: Security Administrator and FIPS user. These roles are defined in terms of Junos OS user capabilities.
Junos OS allows definition of additional user types, for example operator and administrative user. Yet, each user type must fall into one of the two FIPS 140-3 compliant roles: Security Administrator or FIPS user. To enforce the roles, the Junos OS implements role-based authentication and authorization in the FIPS mode.
In addition to the FIPS mode specific tasks, users assigned to the FIPS roles may perform common configuration tasks on the device if granted authorization to do so.
Security Administrators and FIPS users perform all FIPS-related configuration tasks and issue all statements and commands for Junos OS in FIPS mode. Security Administrator and FIPS user configurations must follow the guidelines for Junos OS in FIPS mode.
Security Administrator Role and Responsibilities
The Security Administrator is the person responsible for enabling, configuring, monitoring, and maintaining Junos OS in FIPS mode on a device. The Security Administrator securely installs Junos OS on the device, enables FIPS mode, establishes keys and passwords for other users and software modules, and initializes the device before network connection. The Security Administrator can configure and monitor the module from a console or from a remote management station over a SSH connection.
We recommend that the Security Administrator administer the system in a secure manner by keeping passwords secure and checking audit files.
The permissions that distinguish the Security Administrator from other FIPS users are
secret,
security,
maintenance, and
control. For FIPS compliance,
assign the Security Administrator to a login class
that contains all of these permissions. A user with
the Junos OS maintenance permission can read files
containing critical security parameters (CSPs).
Junos OS in FIPS mode does not support the FIPS 140-3 maintenance role, which is different from the Junos OS maintenance permission.
Among the tasks related to Junos OS in FIPS mode, the Security Administrator is expected to:
Set the initial root password.
Reset user passwords for FIPS-approved algorithms during upgrades from Junos OS.
Set up manual IPsec SAs for configuration with dual Routing Engines.
Examine log and audit files for events of interest.
Erase user-generated files and data on (zeroize) the device.
FIPS User Role and Responsibilities
Each FIPS user, including the Security Administrator, can view the configuration. Only the user assigned to the Security Administrator role can modify the configuration.
The permissions that distinguish Security Administrators from
other FIPS users are secret,
security,
maintenance, and
control. For FIPS compliance,
assign the FIPS user to a class that contains none
of these permissions.
FIPS users configure networking features on the device and perform other tasks that are not specific to FIPS mode. FIPS users who are not Security Administrators can perform reboots and view status output.
What Is Expected of All FIPS Users
Each FIPS user, including the Security Administrator, must observe security guidelines at all times.
Each FIPS users must:
Keep all passwords confidential.
Store devices and documentation in a secure area.
Deploy devices in secure areas.
Check audit files periodically.
Conform to all other FIPS 140-3 security rules.
Follow these guidelines:
Users are trusted.
Users abide by all security guidelines.
Users do not deliberately compromise security.
Users behave responsibly at all times.