Non-Proprietary Security Policy, Version 1.0 June 15, 2007
Polycom VSX 3000, VSX 5000, and VSX 7000s
Page 5 of 23
© 2007 Polycom, Inc. -
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
0 Introduction
0.1 Purpose
This is a non-proprietary Cryptographic Module Security Policy for the VSX 3000, VSX 5000, and VSX 7000s
from Polycom, Inc.. This Security Policy describes how the VSX 3000, VSX 5000, and VSX 7000s meet the
security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was
prepared as part of the Level 1 FIPS 140-2 validation of the module.
FIPS 140-2 (Federal Information Processing Standards Publication 140-2 – Security Requirements for
Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information
about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and
Technology (NIST) Cryptographic Module Validation Program (CMVP) website at: http://csrc.nist.gov/cryptval/
The VSX 3000, VSX 5000, and VSX 7000s are referred to in this document as the VSX systems, the hardware
modules, the cryptographic modules, or the modules.
0.2 References
This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2
cryptographic module security policy. More information is available on the module from the following sources:
• The Polycom website (http://polycom.com) contains information on the full line of products from Polycom.
• The CMVP website (http://csrc.nist.gov/cryptval/) contains contact information for answers to technical or
sales-related questions for the module.
0.3 Document Organization
The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document,
the Submission Package contains:
• Vendor Evidence document
• Finite State Machine
• Other supporting documentation as additional references
This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc.
under contract to Polycom. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation
Documentation is proprietary to Polycom and is releasable only under appropriate non-disclosure agreements. For
access to these documents, please contact Polycom.