Cisco Catalyst 9600 Series Switches

Certificate #4520

Webpage information ?

Status active
Validation dates 11.05.2023
Sunset date 28-03-2026
Standard FIPS 140-2
Security level 1
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode, installed, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module ' ACT2Lite Cryptographic Module' validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode
Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 2
  • Mitigation of Other Attacks: N/A
Description The Cisco Catalyst 9600 Series Switches are stackable enterprise switching platform built for security, IoT, mobility, and cloud. The switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. The modules include cryptographic algorithms implemented in IOS-XE software as well as hardware ASIC. Advanced security feature supports MACsec encryption, hardware anchored secure boot and Secure Unique Device Identification (SUDI) support.
Version (Hardware) Cisco Catalyst 9606R with components C9600-SUP-1, C9600-LC-48YL and C9600-LC-24C
Version (Firmware) Cisco IOS-XE 16.12 and Cisco IOS-XE 17.3
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 1 certificates, transitively this expands into 1 certificates.

Security policy ?

Symmetric Algorithms
AES, RC4, DES, Triple-DES, HMAC, CMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA1, SHA-512, MD5
Protocols
SSH, TLS, TLSv1.2, IKE, IKEv2, IPsec, VPN
Randomness
DRBG
Elliptic Curves
P-256, P-224, P-384, P-521, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571
Block cipher modes
ECB, CBC, CTR, OFB, GCM, CCM, XTS

Vendor
Cisco Systems, Inc, Cisco, Cisco Systems

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, FIPS 186-4, SP 800-52, SP 800-38D, SP 800-90A, SP 800-90, PKCS 1, PKCS#1, RFC 5288, RFC 7296

File metadata

Author [email protected]
Creation date D:20230327185129-04'00'
Modification date D:20230327185129-04'00'
Pages 26
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

References

Outgoing
  • 3637 - active - ACT2Lite Cryptographic Module

References ?

Updates ?

  • 26.06.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf.
  • 18.05.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4520,
  "dgst": "e85a870aeb6eed9e",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "RSA#C220",
        "KAS-SSC#A1462",
        "HMAC#A1462",
        "KAS#A1462",
        "AES#4769",
        "AES#A1462",
        "KBKDF#A1462",
        "CVL#C431",
        "DRBG#A1462",
        "SHS#C431",
        "DRBG#C431",
        "SHS#A1462",
        "DSA#C431",
        "SHS#C220",
        "KBKDF#C431",
        "ECDSA#A1462",
        "ECDSA#C431",
        "AES#C431",
        "CVL#A1462",
        "RSA#C431",
        "HMAC#C431",
        "KTS#C431",
        "KAS#C431",
        "RSA#A1462"
      ]
    },
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:h:cisco:catalyst_9600:-:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "17.3",
        "16.12"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "3637"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "3637"
        ]
      }
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": [
        "3637"
      ]
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "3637"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "3637"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "3637"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 3
          },
          "ECDH": {
            "ECDH": 3
          },
          "ECDSA": {
            "ECDSA": 7
          }
        },
        "FF": {
          "DH": {
            "DH": 15,
            "Diffie-Hellman": 4
          },
          "DSA": {
            "DSA": 3
          }
        },
        "RSA": {
          "RSA 2048": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 10
        },
        "OFB": {
          "OFB": 1
        },
        "XTS": {
          "XTS": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 17,
          "IKEv2": 10
        },
        "IPsec": {
          "IPsec": 7
        },
        "SSH": {
          "SSH": 20
        },
        "TLS": {
          "TLS": {
            "TLS": 34,
            "TLSv1.2": 1
          }
        },
        "VPN": {
          "VPN": 2
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-233": 1,
          "B-283": 1,
          "B-409": 1,
          "B-571": 1,
          "K-233": 1,
          "K-283": 1,
          "K-409": 1,
          "K-571": 1,
          "P-224": 2,
          "P-256": 16,
          "P-384": 12,
          "P-521": 2
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1,
          "#3637": 2
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128": 1,
          "AES CBC (128": 1,
          "AES GCM KAT 3": 1,
          "AES-CMAC KAT 4": 1,
          "AES-CMAC KAT 5": 1,
          "DES 1": 1,
          "DES 2": 1,
          "DRBG (256": 1,
          "HMAC SHA-1": 2,
          "HMAC- SHA1": 1,
          "HMAC- SHA1 160": 2,
          "HMAC-SHA 256/384": 2,
          "HMAC-SHA-1": 6,
          "HMAC-SHA1": 8,
          "PKCS 1": 12,
          "PKCS#1": 1,
          "RSA 2": 1,
          "RSA 2048": 1,
          "RSA PKCS#1": 1,
          "SHA-1": 4,
          "SHA-1 KAT 15": 1,
          "SHA-512": 3,
          "SHA1": 1,
          "SHA1 160": 2,
          "SHA2- 224": 1,
          "SHA2- 384": 3,
          "SHA2-224": 1,
          "SHA2-256": 3,
          "SHA2-384": 1,
          "SHA2-512": 4
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 3
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 7
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 6,
            "SHA1": 3
          },
          "SHA2": {
            "SHA-512": 3
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 29
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 1,
          "FIPS 140-2": 19,
          "FIPS 186-4": 6,
          "FIPS PUB 140-2": 1
        },
        "NIST": {
          "SP 800-38D": 1,
          "SP 800-52": 1,
          "SP 800-90": 1,
          "SP 800-90A": 7
        },
        "PKCS": {
          "PKCS 1": 6,
          "PKCS#1": 1
        },
        "RFC": {
          "RFC 5288": 1,
          "RFC 7296": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 17
          },
          "RC": {
            "RC4": 3
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 4
          },
          "DES": {
            "DES": 5
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 2,
            "HMAC": 11
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 16,
          "Cisco Systems": 4,
          "Cisco Systems, Inc": 2
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "[email protected]",
      "/CreationDate": "D:20230327185129-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230327185129-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 836820,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.cisco.com/c/en/us/products/switches/catalyst-9600-series-switches/index.html",
          "https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program",
          "http://www.cisco.com/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 26
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "d9c5f63d99b77d4d856a2a809dc0431ddc5fed71fb5ccb6d9c6d950a9871689f",
    "policy_txt_hash": "357d66f59d52daf050477e5d38a9bf9d92ddad959972da88980b5f0ddffb5115"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module \u0027 ACT2Lite Cryptographic Module\u0027 validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf",
    "date_sunset": "2026-03-28",
    "description": "The Cisco Catalyst 9600 Series Switches are stackable enterprise switching platform built for security, IoT, mobility, and cloud. The switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. The modules include cryptographic algorithms implemented in IOS-XE software as well as hardware ASIC. Advanced security feature supports MACsec encryption, hardware anchored secure boot and Secure Unique Device Identification (SUDI) support.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3",
      "Design Assurance: Level 2",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "Cisco IOS-XE 16.12 and Cisco IOS-XE 17.3",
    "historical_reason": null,
    "hw_versions": "Cisco Catalyst 9606R with components C9600-SUP-1, C9600-LC-48YL and C9600-LC-24C",
    "level": 1,
    "mentioned_certs": {
      "3637": 1
    },
    "module_name": "Cisco Catalyst 9600 Series Switches",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-05-11",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}