Polycom VSX 5000, VSX 3000, VSX 7000s User Manual

0 (0)

Polycom, Inc.

VSX 3000, VSX 5000, and VSX 7000s

(Firmware version: 8.5.0.2)

FIPS 140-2

Non-Proprietary Security Policy

Level 1 Validation

Document Version 1.0

Prepared for:

Prepared by:

Polycom, Inc.

Corsec Security, Inc.

4750 Willow Road

10340 Democracy Lane, Suite 201

Pleasanton, CA 94588-2708

Fairfax, VA 22030

Phone: 1.800.POLYCOM

Phone: (703) 267-6050

Fax: (925) 924-6100

Fax: (703) 267-6810

http://www.polycom.com

http://www.corsec.com

© 2007 Polycom, Inc. – This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

Revision History

Version

Modification Date

Modified By

Description of Changes

 

 

 

 

1.0

2007-06-15

Xiaoyu Ruan

Release version.

 

 

 

 

Polycom VSX 3000, VSX 5000, and VSX 7000s Page 2 of 23

© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Non-Proprietary Security Policy, Version 1.0 June 15, 2007

Table of Contents

0 INTRODUCTION ...............................................................................................................................................

5

0.1

PURPOSE.........................................................................................................................................................

5

0.2

REFERENCES...................................................................................................................................................

5

0.3

DOCUMENT ORGANIZATION ...........................................................................................................................

5

1 VSX 3000, VSX 5000, AND VSX 7000S

.............................................................................................................6

1.1

OVERVIEW......................................................................................................................................................

6

1.2

MODULE SPECIFICATIONS ..............................................................................................................................

6

1.3

MODULE INTERFACES ....................................................................................................................................

8

1.4

ROLES AND SERVICES...................................................................................................................................

16

 

1.4.1

Crypto-Officer Role .............................................................................................................................

16

 

1.4.2

User Role .............................................................................................................................................

16

 

1.4.3

Authentication......................................................................................................................................

17

 

1.5

PHYSICAL SECURITY ....................................................................................................................................

17

 

1.6

OPERATIONAL ENVIRONMENT......................................................................................................................

17

 

1.7

CRYPTOGRAPHIC KEY MANAGEMENT ..........................................................................................................

17

 

1.7.1

Key Generation ....................................................................................................................................

18

 

1.7.2

Key Input/Output .................................................................................................................................

18

 

1.7.3

Key Storage..........................................................................................................................................

19

 

1.7.4

Key Zeroization....................................................................................................................................

19

 

1.8

SELF-TESTS ..................................................................................................................................................

19

 

1.9

DESIGN ASSURANCE.....................................................................................................................................

19

2

SECURE OPERATION ....................................................................................................................................

20

 

2.1

CRYPTO-OFFICER GUIDANCE .......................................................................................................................

20

 

2.1.1

Initialization.........................................................................................................................................

20

 

2.1.2

Management ........................................................................................................................................

20

 

2.2

USER GUIDANCE ..........................................................................................................................................

21

3

ACRONYMS......................................................................................................................................................

23

Table of Figures

FIGURE 1 - VSX 3000.....................................................................................................................................................

6

FIGURE 2 - VSX 5000.....................................................................................................................................................

7

FIGURE 3 - VSX 7000S ...................................................................................................................................................

7

FIGURE 4 - VSX 7000E...................................................................................................................................................

7

FIGURE 5 - VSX 8000.....................................................................................................................................................

8

FIGURE 6

- VSX 3000 CONNECTOR PANEL ....................................................................................................................

9

FIGURE 7

- VSX 5000 BACK PANEL .............................................................................................................................

10

FIGURE 8

- VSX 7000E BACK PANEL ...........................................................................................................................

12

FIGURE 9

- VSX 7000S BACK PANEL ...........................................................................................................................

13

FIGURE 10 - VSX 8000 BACK PANEL ...........................................................................................................................

15

Table of Tables

TABLE 1

- SECURITY LEVEL PER FIPS 140-2 SECTION ...................................................................................................

8

TABLE 2

- MAPPING OF FIPS 140-2 LOGICAL INTERFACES TO VSX 3000, VSX 5000, AND VSX 7000S INTERFACES ...9

TABLE 3

- MAPPING OF FIPS 140-2 LOGICAL INTERFACES TO VSX 5000 INTERFACES................................................

10

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 3 of 23

© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

TABLE 4 - MAPPING OF FIPS

140-2 LOGICAL INTERFACES TO VSX 7000E INTERFACES..............................................

12

TABLE 5

- MAPPING OF FIPS

140-2 LOGICAL INTERFACES TO VSX 7000S INTERFACES ..............................................

13

TABLE 6

- MAPPING OF FIPS

140-2 LOGICAL INTERFACES TO VSX 8000 INTERFACES................................................

15

TABLE 7 - MAPPING OF CRYPTO-OFFICERS SERVICES TO INPUTS, OUTPUTS, CRITICAL SECURITY PARAMETERS

(CSPS), AND ACCESS CONTROL ...........................................................................................................................

16

TABLE 8

- MAPPING OF USERS SERVICES TO INPUTS, OUTPUTS, CSPS, AND ACCESS CONTROL .................................

16

TABLE 9

- LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS .....................................

17

TABLE 10 - LED/POWER BUTTON LIGHT DESCRIPTION ...............................................................................................

21

TABLE 11

- BRI NETWORK INTERFACE LEDS ..............................................................................................................

22

TABLE 12

- PRI NETWORK INTERFACE LEDS ..............................................................................................................

22

TABLE 13

- V.35/RS-449/RS-530 NETWORK INTERFACE LEDS ..................................................................................

22

TABLE 14

- ACRONYMS ................................................................................................................................................

 

23

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 4 of 23

© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

0 Introduction

0.1 Purpose

This is a non-proprietary Cryptographic Module Security Policy for the VSX 3000, VSX 5000, and VSX 7000s from Polycom, Inc.. This Security Policy describes how the VSX 3000, VSX 5000, and VSX 7000s meet the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module.

FIPS 140-2 (Federal Information Processing Standards Publication 140-2 – Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website at: http://csrc.nist.gov/cryptval/

The VSX 3000, VSX 5000, and VSX 7000s are referred to in this document as the VSX systems, the hardware modules, the cryptographic modules, or the modules.

0.2 References

This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:

The Polycom website (http://polycom.com) contains information on the full line of products from Polycom.

The CMVP website (http://csrc.nist.gov/cryptval/) contains contact information for answers to technical or sales-related questions for the module.

0.3Document Organization

The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:

Vendor Evidence document

Finite State Machine

Other supporting documentation as additional references

This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Polycom. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Polycom and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Polycom.

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 5 of 23

© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

1 VSX 3000, VSX 5000, and VSX 7000s

1.1 Overview

Founded in 1990, Polycom is the only company delivering end-to-end rich media collaborative applications for voice, video, data and the web. Polycom has a wide range of products from desktop and mobile personal systems to room systems to the network core. Polycom’s full range of high-quality voice and video communications endpoints, video management software, web conferencing software, and multipoint conferencing enable organizations of all sizes to increase productivity and agility. Polycom delivers business value by cutting costs, simplifying system management, fostering real time collaboration and decision making, and improving relationships with employees, customers and partners.

The Polycom VSX products are state of the art video-conferencing nodes. These systems provide videoconferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530.

1.2 Module Specifications

The VSX systems feature a variety of models ranging from desktop systems (VSX 3000) to set top appliance systems (VSX 5000, VSX 7000s) to rack mounted systems (VSX 7000e, VSX 8000). All of the models provide top-performance video processing and feature high-performance BSP-15 processors from Equator with 128 MB SDRAM.

The VSX 3000 is an all-in-one desktop system that includes built-in camera, LCD screen, speakers, and microphone. This model interfaces with an Internet Protocol (IP) network with LAN cable and to ISDN S/T lines with BRI cables, and includes a separate power supply connector. The VSX 3000 is pictured below:

Figure 1 - VSX 3000

The VSX 5000 is an entry-level compact set-top system with built in camera as shown below in Figure 2. The VSX 5000 supports an external microphone for audio input, and can be connected to an IP network with a LAN cable. A monitor either VGA or NTSC/PAL can be connected to the VSX 5000 using the supplied audio/video cables, and a separate power cable connects the device to its power supply.

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 6 of 23

© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Polycom VSX 5000, VSX 3000, VSX 7000s User Manual

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

Figure 2 - VSX 5000

The VSX 7000s is another set-top appliance which provides for a mechanical pan, tilt, zoom camera. The VSX 7000s supports H.323 networks with a internal NIC support 10/100mbps.. The VSX 7000 supports a subwoofer into which the optional Network Interface Card to support ISDN, V.35, RS-499 or RS-530 interfaces. . The VSX 7000s uses an external microphone array and has an internal audio reproduction system. The VSX 7000s is standard with dual video display output support and can support VGA, S-video or composite as the main monitor and the same options for the 2nd monitor when the main monitor is not VGA.

Figure 3 - VSX 7000s

The VSX 7000e and VSX 8000 models are rack-mounted systems as depicted in Figure 4 and Figure 5 below. The VSX 7000e is a video component system designed for medium-sized conferencing rooms, while the VSX 8000 system is a compact component system for custom integrators. These models support connections with monitors the same as the VSX 7000s and third-party cameras through standard S-video interfaces. The VSX 7000e and VSX 8000 models provide connections for external audio input and output, LAN ports, telephone jacks, and power supplies. There is an internal slot in the chassis to support ISDN, V.35, RS-499 or RS-530 interfaces.

Figure 4 - VSX 7000e

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 7 of 23

© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Loading...
+ 16 hidden pages