This page was not yet optimized for use on mobile
devices.
Cisco Catalyst 9400 Series Switches
Certificate #3834
Webpage information
Security policy
Symmetric Algorithms
AES, RC4, DES, Triple-DES, HMAC, CMACAsymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA1, SHA-256, SHA-384, SHA-512, MD5Protocols
SSHv2, SSH, TLS, TLSv1.2, IKE, IKEv1, IKEv2, IPsec, VPNRandomness
DRBGElliptic Curves
P-256, P-384, P-224, P-521, B-233, B-283, B-571, K-233, K-283, K-409, K-571, B-409Block cipher modes
ECB, CBC, CTR, OFB, GCM, CCM, XTSVendor
Cisco Systems, Inc, Cisco, Cisco SystemsSecurity level
Level 1, level 1Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, FIPS 186-4, SP 800-52, SP 800-38D, SP 800-90A, SP 800-90, PKCS 1, PKCS#1, RFC 5288, RFC 7296, RFC 5246, RFC 4253, RFC 6071File metadata
| Author | [email protected] |
|---|---|
| Creation date | D:20210716182250-04'00' |
| Modification date | D:20210716182250-04'00' |
| Pages | 25 |
| Creator | Microsoft® Word for Microsoft 365 |
| Producer | Microsoft® Word for Microsoft 365 |
References
Outgoing- 3637 - historical - ACT2Lite Cryptographic Module
Heuristics
Automated inference - use with caution
All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.CPE matches
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3834,
"dgst": "b0f40e2bace115cb",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"Triple-DES#C462",
"AES#C431",
"CVL#C431",
"KBKDF#C462",
"HMAC#C462",
"DRBG#C431",
"KTS#C462",
"HMAC#C431",
"RSA#C220",
"ECDSA#C462",
"CVL#C462",
"KBKDF#C431",
"AES#4769",
"ECDSA#C431",
"RSA#C431",
"Triple-DES#C431",
"DRBG#C462",
"SHS#C431",
"DSA#C431",
"AES#C462",
"SHS#C220",
"SHS#C462",
"RSA#C462"
]
},
"cpe_matches": {
"_type": "Set",
"elements": [
"cpe:2.3:h:cisco:catalyst_9400:-:*:*:*:*:*:*:*"
]
},
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"17.3",
"16.12"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3637"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3637"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"3637"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3637"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3637"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"3637"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 3
},
"ECDSA": {
"ECDSA": 7
}
},
"FF": {
"DH": {
"DH": 15,
"Diffie-Hellman": 6
},
"DSA": {
"DSA": 3
}
},
"RSA": {
"RSA 2048": 1
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 5
},
"CCM": {
"CCM": 1
},
"CTR": {
"CTR": 3
},
"ECB": {
"ECB": 5
},
"GCM": {
"GCM": 10
},
"OFB": {
"OFB": 2
},
"XTS": {
"XTS": 1
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 17,
"IKEv1": 1,
"IKEv2": 4
},
"IPsec": {
"IPsec": 7
},
"SSH": {
"SSH": 21,
"SSHv2": 4
},
"TLS": {
"TLS": {
"TLS": 35,
"TLSv1.2": 1
}
},
"VPN": {
"VPN": 2
}
},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-233": 2,
"B-283": 2,
"B-409": 1,
"B-571": 2,
"K-233": 2,
"K-283": 2,
"K-409": 2,
"K-571": 2,
"P-224": 4,
"P-256": 18,
"P-384": 16,
"P-521": 4
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1,
"#3637": 2
}
},
"fips_certlike": {
"Certlike": {
"AES 128": 1,
"AES CBC (128": 1,
"DES 1": 1,
"DES 2": 1,
"DRBG (256": 1,
"HMAC SHA-1": 2,
"HMAC- SHA1": 1,
"HMAC- SHA1 160": 2,
"HMAC-SHA 256/384": 2,
"HMAC-SHA-1": 6,
"HMAC-SHA1": 8,
"PKCS 1": 12,
"PKCS#1": 1,
"RSA 2048": 1,
"RSA PKCS#1": 1,
"SHA-1": 5,
"SHA-256": 2,
"SHA-384": 1,
"SHA-512": 3,
"SHA1": 1,
"SHA1 160": 2,
"SHA2- 224": 1,
"SHA2- 384": 3,
"SHA2-224": 1,
"SHA2-256": 3,
"SHA2-384": 1,
"SHA2-512": 4
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"level 1": 3
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 7
}
},
"SHA": {
"SHA1": {
"SHA-1": 6,
"SHA1": 3
},
"SHA2": {
"SHA-256": 2,
"SHA-384": 1,
"SHA-512": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 28
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140": 1,
"FIPS 140-2": 19,
"FIPS 186-4": 6,
"FIPS PUB 140-2": 1
},
"NIST": {
"SP 800-38D": 1,
"SP 800-52": 1,
"SP 800-90": 1,
"SP 800-90A": 8
},
"PKCS": {
"PKCS 1": 6,
"PKCS#1": 1
},
"RFC": {
"RFC 4253": 1,
"RFC 5246": 1,
"RFC 5288": 1,
"RFC 6071": 1,
"RFC 7296": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 13
},
"RC": {
"RC4": 3
}
},
"DES": {
"3DES": {
"Triple-DES": 5
},
"DES": {
"DES": 5
}
},
"constructions": {
"MAC": {
"CMAC": 2,
"HMAC": 11
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 17,
"Cisco Systems": 4,
"Cisco Systems, Inc": 2
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "[email protected]",
"/CreationDate": "D:20210716182250-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/ModDate": "D:20210716182250-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"pdf_file_size_bytes": 704706,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program",
"https://www.cisco.com/c/en/us/products/switches/catalyst-9400-series-switches/index.html",
"http://www.cisco.com/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 25
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "852c67aa4f2d380f2a7d3e1e25e06e1819e74e5fec431e867a16db295bc158cb",
"policy_txt_hash": "10f0510a80f4b97951c9299b857cc1cbe96ae1ba79181f298eba90dc373961f2"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module \u0027ACT2Lite Cryptographic Module\u0027 validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/March 2021_010421_0724_signed.pdf",
"date_sunset": null,
"description": "The Cisco Catalyst 9400 Series Switches are stackable enterprise switching platform built for security, IoT, mobility, and cloud. The switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. The modules include cryptographic algorithms implemented in IOS-XE software as well as hardware ASIC. Advanced security feature supports MACsec encryption, hardware anchored secure boot and Secure Unique Device Identification (SUDI) support.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, Services, and Authentication: Level 3",
"Design Assurance: Level 2",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "Cisco IOS-XE 16.12 and Cisco IOS-XE 17.3",
"historical_reason": "SP 800-56Arev3 transition - replaced by certificate #4519",
"hw_versions": "Cisco Catalyst 9404R, Cisco Catalyst C9407R and Cisco Catalyst C9410R with components C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y, C9400-LC-48U, C9400-LC-48T, C9400-LC-48P, C9400-LC-24XS, C9400-LC-48UX, C9400-LC-24S, C9400-LC-48S and C9400-LC-48H",
"level": 1,
"mentioned_certs": {
"3637": 1
},
"module_name": "Cisco Catalyst 9400 Series Switches",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2021-03-03",
"lab": "Acumen Security",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2021-08-25",
"lab": "Acumen Security",
"validation_type": "Update"
}
],
"vendor": "Cisco Systems, Inc.",
"vendor_url": "http://www.cisco.com"
}
}