Enabling Common Criteria mode

When you enable Common Criteria mode on the device, it enters the Common Criteria Administrative mode. Common Criteria mode configures the cryptographic features of the device such that only CC approved cryptography is used.

• Common Criteria Administrative mode: Log in to the device console and enable the Common Criteria mode. You can optionally modify the default Common Criteria security policy in this mode.
  

  Note

  When you use the reload command to reload the device, the validation of software image with the signature file is triggered. Failure in signature verification results in the device continuously rebooting after device reload.
• Common Criteria Operational mode: Transition to Common Criteria operational mode from Common Criteria Administrative mode. After you transition the device to the Operational mode, you must save the configuration and reboot the device.

Note

When the NetIron device is in FIPS mode, the RSA2048-SHA256-based signature firmware integrity check is done during the image installation and during image reload.