Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation
keyboard_arrow_up
close
keyboard_arrow_left
Common Criteria Guide for vSRX3.0
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Configuring a Common Criteria Authorized Administrator

date_range 02-Dec-23

An account for root is always present in a configuration and is not intended for use in normal operation. In the evaluated configuration, the root account is restricted to the initial installation and configuration of the evaluated device.

A Common Criteria authorized administrator must have all permissions, including the ability to change the router configuration.

To configure an authorized administrator:

  1. Create a login class named security-admin with all permissions.
    content_copy zoom_out_map
    [edit]
    root@host# set system login class security-admin permissions all
    
  2. Define your common criteria user authorized administrator.
    content_copy zoom_out_map
    [edit]
    root@host# set system login user NDcPP2.2e-user full-name Common Criteria NDcPP2.2e Authorized Administrator class security-admin authentication encrypted-password <password>
    
  3. Configure the authentication algorithm for plain-text passwords as sha256.
    content_copy zoom_out_map
    [edit]
    root@host# set system login password format sha256
    
  4. Commit the changes.
    content_copy zoom_out_map
    [edit]
    root@host# commit
    
Note:

The root password should be reset following the change to sha256 for the password storage format. This ensures the new password is protected using a sha256 hash, rather than the default password hashing algorithm. To reset the root password, use the set system login user root password password command, and confirm the new password when prompted.

footer-navigation