Cisco ISR 1000 Series Routers without MACSEC

Certificate #4638

Webpage information ?

Status active
Validation dates 18.10.2023
Sunset date 12-09-2026
Standard FIPS 140-2
Security level 1
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy
Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description The Cisco Integrated Services Router (ISR) 1000 Series provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.
Version (Hardware) ISR1101 and ISR1111
Version (Firmware) Cisco IOS-XE 16.12
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, RC4, DES, Triple-DES, HMAC, CMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DH
Hash functions
SHA-1, SHA-256, SHA-384, SHA-512, MD5
Schemes
MAC, Key Exchange
Protocols
SSH, TLS, IKE, IKEv2, IPsec, VPN, PGP
Randomness
DRBG, RNG
Elliptic Curves
P-256, P-384
Block cipher modes
ECB, CBC, CTR, GCM

Vendor
Cisco Systems, Inc, Cisco, Cisco Systems

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, FIPS 180-4, FIPS 198-1, SP 800-90A, SP 800-38, SP 800-52, PKCS#1, RFC 7296

File metadata

Title 0
Author Anthony Busciglio
Creation date D:20231004150041-04'00'
Modification date D:20231004150041-04'00'
Pages 35
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 06.11.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2023_011123_0711.pdf.
  • 01.11.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4638,
  "dgst": "311d090632d9033f",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KAS#A1462",
        "KAS-SSC#A1462",
        "DRBG#A1462",
        "SHS#A1462",
        "HMAC#A1462",
        "AES#A1462",
        "CVL#A1462",
        "KTS#A1462",
        "RSA#A1462"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "16.12"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDH": {
            "ECDH": 4
          },
          "ECDSA": {
            "ECDSA": 1
          }
        },
        "FF": {
          "DH": {
            "DH": 4,
            "Diffie-Hellman": 19
          }
        },
        "RSA": {
          "RSA 2048": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 1
        },
        "GCM": {
          "GCM": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 27,
          "IKEv2": 4
        },
        "IPsec": {
          "IPsec": 13
        },
        "PGP": {
          "PGP": 3
        },
        "SSH": {
          "SSH": 40
        },
        "TLS": {
          "TLS": {
            "TLS": 4
          }
        },
        "VPN": {
          "VPN": 2
        }
      },
      "crypto_scheme": {
        "KEX": {
          "Key Exchange": 9
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 8,
          "P-384": 8
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES-256": 1,
          "DES 9": 1,
          "HMAC SHA-1": 6,
          "HMAC SHA-256": 1,
          "HMAC SHA-384": 1,
          "HMAC SHA-512": 1,
          "HMAC-SHA1": 2,
          "PKCS#1": 2,
          "RSA 2048": 1,
          "SHA-1": 12,
          "SHA-256": 3,
          "SHA-384": 2,
          "SHA-512": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 4,
          "level 1": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 8
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 12
          },
          "SHA2": {
            "SHA-256": 3,
            "SHA-384": 2,
            "SHA-512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {
        "com": {
          "com": 1
        }
      },
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 28
        },
        "RNG": {
          "RNG": 3
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 4,
          "FIPS 140-2": 22,
          "FIPS 180-4": 1,
          "FIPS 198-1": 1,
          "FIPS PUB 140-2": 1
        },
        "NIST": {
          "SP 800-38": 1,
          "SP 800-52": 1,
          "SP 800-90A": 3
        },
        "PKCS": {
          "PKCS#1": 1
        },
        "RFC": {
          "RFC 7296": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 11,
            "AES-256": 1
          },
          "RC": {
            "RC4": 3
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 3
          },
          "DES": {
            "DES": 5
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 1,
            "HMAC": 21
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 83,
          "Cisco Systems": 7,
          "Cisco Systems, Inc": 36
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Anthony Busciglio",
      "/CreationDate": "D:20231004150041-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20231004150041-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "0",
      "pdf_file_size_bytes": 599013,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://csrc.nist.gov/groups/STM/cmvp/index.html",
          "http://www.cisco.com/public/countries_languages.shtml",
          "http://www.cisco.com/",
          "http://www.cisco.com/techsupport/servicerequest",
          "http://www.cisco.com/go/psirt",
          "http://www.cisco.com/discuss/networking",
          "mailto:[email protected]",
          "http://www.cisco.com/en/US/learning/index.html",
          "http://www.cisco.com/techsupport/contacts",
          "http://www.cisco.com/ipj",
          "http://www.cisco.com/go/marketplace/",
          "http://www.cisco.com/en/US/products/index.html",
          "https://www.cisco.com/c/en/us/td/docs/routers/access/1100/hardware/installation/guide/b-cisco-1100-series-hig/isr1k-hig-overview.html",
          "http://www.ciscopress.com/",
          "http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html",
          "https://www.cisco.com/c/en/us/td/docs/routers/access/1100/software/configuration/xe-16-12/cisco_1100_series_swcfg_xe_16_12_x.html",
          "http://tools.cisco.com/security/center/rss.x?i=44",
          "http://tools.cisco.com/RPF/register/register.do",
          "http://www.cisco.com/packet",
          "http://www.cisco.com/techsupport"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 35
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "a1336e11bd1901f36bbd565a4b87c75d306dff27d9577f31c312e30585ec74a1",
    "policy_txt_hash": "a2e93648b46d811e4ef3cfeeed3c289ef048079430415f6e5147ef1f9683f530"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2023_011123_0711.pdf",
    "date_sunset": "2026-09-12",
    "description": "The Cisco Integrated Services Router (ISR) 1000 Series provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "Cisco IOS-XE 16.12",
    "historical_reason": null,
    "hw_versions": "ISR1101 and ISR1111",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Cisco ISR 1000 Series Routers without MACSEC",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-10-18",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}