Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Applying Tamper-Evident Seals to the Cryptographic Module

The cryptographic module physical embodiment is that of a multi-chip standalone device that meets Level 2 physical security requirements. The module is completely enclosed in a rectangular nickel dor clear zinc coated, cold rolled steel, plated steel, and brushed aluminum enclosure. There are no ventilation holes, gaps, slits, cracks, slots, or crevices that would allow for any sort of observation of any component contained within the cryptographic boundary. Tamper-evident seals allow the operator to verify if the enclosure has been breached. These seals are not factory-installed and must be applied by the Cryptographic Officer.

Note:

Seals are available for order from Juniper Networks using part number JNPR-FIPS-TAMPER-LBLS.

As a Cryptographic Officer, you are responsible for:

  • Applying seals to secure the cryptographic module

  • Controlling any unused seals

  • Controlling and observing any changes, such as repairs or booting from an external USB drive to the cryptographic module, that require removing or replacing the seals to maintain the security of the module

As per the security inspection guidelines, upon receipt of the cryptographic module, the Cryptographic Officer must check that the labels are free of any tamper evidence.

General Tamper-Evident Seal Instructions

All FIPS-certified switches require a tamper-evident seal on the USB port. While applying seals, follow these general instructions:

  • Handle the seals with care. Do not touch the adhesive side. Do not cut or otherwise resize a seal to make it fit.

  • Make sure all surfaces to which the seals are applied are clean and dry and clear of any residue.

  • Apply the seals with firm pressure across the seal to ensure adhesion. Allow at least 24 hours for the adhesive to cure.

Applying Tamper-Evident Seals on SRX300 Devices

On SRX300 devices, apply 27 tamper-evident seals at the following locations:

  1. Apply five seals at the top of the chassis, covering one of the five chassis screws.

  2. Apply four seals on the I/O slots.

  3. Apply two seals on the rare panel, covering the blank faceplate and the SSD.

  4. Apply 16 seals, on the side panels over the screw holes.

Applying Tamper-Evident Seals on SRX320 Devices

On SRX320 devices, apply 27 tamper-evident seals at the following locations:

  1. Apply five seals at the top of the chassis, covering one of the five chassis screws.

  2. Apply four seals on the I/O slots.

  3. Apply two seals on the rare panel, covering the blank faceplate and the SSD.

  4. Apply 16 seals, on the side panels over the screw holes.

Applying Tamper-Evident Seals on SRX340 Devices

On SRX340 devices, apply 27 tamper-evident seals at the following locations:

  1. Apply five seals at the top of the chassis, covering one of the five chassis screws.

  2. Apply four seals on the I/O slots.

  3. Apply two seals on the rare panel, covering the blank faceplate and the SSD.

  4. Apply 16 seals, on the side panels over the screw holes.

Applying Tamper-Evident Seals on SRX345 and SRX345-DUAL-AC Devices

On SRX345 and SRX345-DUAL-AC devices, apply 27 tamper-evident seals at the following locations:

  1. Apply five seals at the top of the chassis, covering one of the five chassis screws.

  2. Apply four seals on the I/O slots.

  3. Apply two seals on the rare panel, covering the blank faceplate and the SSD.

  4. Apply 16 seals, on the side panels over the screw holes.