The gateway’s cryptographic module meets the overall requirements applicable to Level 1 security of FIPS 140-2. The following are security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 1 module:

1. When entering or exiting FIPS-140-2 approved mode, the gateway will be zeroized. Zeroization will erase the entire existing gateway configuration including Critical Security Parameters (CSPs) and the gateway will return to its factory default settings.

2. The cryptographic module performs Power up Self-Tests (POST) to confirm that it can reliably perform FIPS compliant operations. These include:

   • Non-Volatile Random-Access Memory (NVRAM) Integrity Tests

   • Electronically Erasable Programmable Read Only Memory (E2PROM) Integrity Tests

   • Cryptographic algorithm Tests

   • Gateway Software/Firmware Integrity Tests

   • Digital Signal Processor (DSP) Power Up Self-Tests (POST)

   • Critical Functions Tests

   • Conditional Self-Tests

3. Users can instruct the module to perform the power-up self-tests at any time by executing the reset CLI command or by power cycling the gateway.

4. Prior to each use, the internal entropy source is tested using FIPS 140-2 approved conditional tests.

5. Data output is inhibited at power-up during self-tests, zeroization, and error states.

6. When the gateway is in FIPS approved mode, the gateway’s cryptographic module will only provide FIPS approved algorithms and the gateway will be FIPS compliant provided that all policies described in the Security Policy are strictly adhered to.