Cisco ISR 4000 Series Routers with MACSEC

Certificate #4651

Webpage information ?

Status active
Validation dates 02.11.2023
Sunset date 08-02-2026
Standard FIPS 140-2
Security level 1
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy
Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description The Cisco Integrated Services Router (ISR) 4000 Series provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.
Version (Hardware) ISR 4321, ISR 4331, ISR 4351 and ISR 4451 with NIM-2GE-CU-SFP
Version (Firmware) Cisco IOS-XE 16.12
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES-, AES, AES-256, RC4, DES, Triple-DES, HMAC, CMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DH
Hash functions
SHA-1, SHA-256, SHA-384, SHA-512, MD5
Schemes
MAC, Key Exchange
Protocols
SSH, TLS, IKE, IKEv2, IPsec, VPN
Randomness
DRBG, RNG
Elliptic Curves
P-256, P-384
Block cipher modes
ECB, CBC, CTR, GCM

Vendor
Cisco Systems, Inc, Cisco, Cisco Systems

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, SP 800-90, SP 800-38D, PKCS#1, RFC 7296

File metadata

Title 0
Author Anthony Busciglio
Creation date D:20231023171710-04'00'
Modification date D:20231023171710-04'00'
Pages 37
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 02.01.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/November 2023_111223_0648_signed.pdf.
  • 06.11.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4651,
  "dgst": "ccff8a9c9ce2b8b3",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KAS#A1462",
        "KAS-SSC#A1462",
        "DRBG#A1462",
        "SHS#A1462",
        "ECDSA#A1462",
        "HMAC#A1462",
        "AES#A1462",
        "AES#3504",
        "CVL#A1462",
        "KBKDF#A1462",
        "KTS#A1462",
        "RSA#A1462"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "16.12"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDH": {
            "ECDH": 4
          },
          "ECDSA": {
            "ECDSA": 2
          }
        },
        "FF": {
          "DH": {
            "DH": 7,
            "Diffie-Hellman": 20
          }
        },
        "RSA": {
          "RSA 2048": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "CTR": {
          "CTR": 5
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 5
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 27,
          "IKEv2": 4
        },
        "IPsec": {
          "IPsec": 13
        },
        "SSH": {
          "SSH": 37
        },
        "TLS": {
          "TLS": {
            "TLS": 4
          }
        },
        "VPN": {
          "VPN": 2
        }
      },
      "crypto_scheme": {
        "KEX": {
          "Key Exchange": 9
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 14,
          "P-384": 14
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1,
          "#3": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES -128, 192": 2,
          "AES 4853": 1,
          "AES- 256": 4,
          "AES-256": 1,
          "DES 9": 1,
          "DRBG (256": 1,
          "HMAC SHA-1": 6,
          "HMAC SHA-256": 1,
          "HMAC SHA-384": 1,
          "HMAC SHA-512": 1,
          "HMAC-SHA1": 4,
          "PKCS#1": 2,
          "RSA 2048": 1,
          "SHA-1": 11,
          "SHA-256": 3,
          "SHA-384": 2,
          "SHA-512": 2,
          "cert # AES": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 3
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 8
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 11
          },
          "SHA2": {
            "SHA-256": 3,
            "SHA-384": 2,
            "SHA-512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 47
        },
        "RNG": {
          "RNG": 3
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 4,
          "FIPS 140-2": 22,
          "FIPS PUB 140-2": 1
        },
        "NIST": {
          "SP 800-38D": 1,
          "SP 800-90": 5
        },
        "PKCS": {
          "PKCS#1": 1
        },
        "RFC": {
          "RFC 7296": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 16,
            "AES-": 5,
            "AES-256": 1
          },
          "RC": {
            "RC4": 3
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 3
          },
          "DES": {
            "DES": 5
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 1,
            "HMAC": 20
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 16,
          "Cisco Systems": 2,
          "Cisco Systems, Inc": 38
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Anthony Busciglio",
      "/CreationDate": "D:20231023171710-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20231023171710-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "0",
      "pdf_file_size_bytes": 881977,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.cisco.com/c/en/us/td/docs/routers/access/4400/hardware/installation/guide4400-4300/C4400_isr/Overview.html?bookSearch=true",
          "https://www.cisco.com/c/en/us/td/docs/routers/access/4400/software/configuration/guide/isr4400swcfg.html",
          "http://csrc.nist.gov/groups/STM/cmvp/index.html",
          "http://www.cisco.com/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 37
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "737d1a1640edcad1d43693611990ba9ed0d87707a4d5dde42e67a15e31959aee",
    "policy_txt_hash": "dd2159996eda887bd2f2f37844253cf8e7a4818c6dcc6fc840c37279bbbb778b"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/November 2023_111223_0648_signed.pdf",
    "date_sunset": "2026-02-08",
    "description": "The Cisco Integrated Services Router (ISR) 4000 Series provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "Cisco IOS-XE 16.12",
    "historical_reason": null,
    "hw_versions": "ISR 4321, ISR 4331, ISR 4351 and ISR 4451 with NIM-2GE-CU-SFP",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Cisco ISR 4000 Series Routers with MACSEC",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-11-02",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}