FIPS 140-2 Compliant Physical Security

Overview

The Federal Information Processing Standards (FIPS140-1, FIPS140-2, etc) require security labels with a unique serial number, an anti-counterfeiting feature and a robust tamper evident feature. This page shows a typical electronic device with affixed security labels shown in RED.

Graphics and text on this page provided courtesy of Cisco Systems, Inc. Any text changes made by NovaVision are shown in parens (). NovaVision, LLC and Cisco Systems, Inc do not have a commercial relationship.

Links for more information

• Certificate of Compliance
• Typical Applications
• Registry of custom imprints
• Specifications & Intended Use
• General Directions of Use
• Application Tips

The router is entirely encased by a thick steel chassis. The front of the router provides 4 port adapter slots, on-board LAN connectors, PC Card slots, and Console/Auxiliary connectors. The power cable connection, a power switch, and the access to the Network Processing Engine are at the rear of the router.

Once the router has been configured to meet FIPS 140-1 Level 2 requirements, the router cannot be accessed without signs of tampering. To seal the system, apply serialized tamper-evidence labels as follows:

• Clean the cover of any grease, dirt, or oil before applying the tamper evidence labels. Alcohol-based cleaning pads are recommended for this purpose. The ambient air must be above 10C, otherwise the labels may not properly cure. (NovaVision recommends drying the surface with a clean paper after using the alcohol pad; letting the alcohol air dry can cause other adhesion issues)
  
  
• The tamper evidence label should be placed so that the one half of the label covers the enclosure and the other half covers the 7206 VXR NPE-400 Input/Output Controller.
  
  
• The tamper evidence label should be placed over the Flash PC Card slots on the Input/Output Controller.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 1.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 2.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 3.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 4.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 5.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 6.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the network processing engine.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the power supply plate.
  
  
• The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the redundant power supply plate.

Typical Installation of Security Labels for FIPS 140-2 Application

This graphic shows a typical electronic device with affixed high security labels shown in RED.

The tamper evidence seals are produced from a special thin gauge vinyl (or security film) with self-adhesive backing. Any attempt to remove port adapters or service modules will damage the tamper evidence seals or the painted surface and metal of the module cover. Since the tamper evidence labels have nonrepeated serial numbers, the labels can be inspected for damage and compared against the applied serial numbers to verify that the module has not been tampered with. Tamper evidence labels can also be inspected for signs of tampering, which include the following: curled corners, bubbling, crinkling, rips, tears, and slices. The word "Opened" (or a geometric pattern) can appear if the label was peeled back.

Cisco 7206 VXR Router Security Policy Copyright © 2001, Cisco Systems, Inc. All rights reserved.

Click Here to Return to FIPS 140-2 Compliant Hologram Labels

To Order, or for additional Information, Quotes, Pricing, & Products, Contact:

Brian Cramer
NovaVision/Sales & Customer Service
419-354-1427 ext 4211
Fax: 419-353-7908
email: bcramer@novavisioninc.com