Module Name
Brocade® MLXe® Series Ethernet Routers, Brocade® NetIron® CER 2000 Series Ethernet Routers and Brocade NetIron® CES 2000 Series Ethernet Switches
Validation Dates
03/21/2017
Caveat
When operated in FIPS mode with the tamper evident labels installed and configured as specified in Section 14 of the Security Policy
Security Level Exceptions
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high performance Ethernet edge routing and MPLS applications.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. Brocade MLXe Series routers feature industry-leading Gigabit Ethernet ports with wire-speed density; advanced Layer 2 switching; rich IPv4, IPv6, Multi-VRF, MPLS, L2/L3 Virtual Private Networks (VPN),IKEv2/IPsec and PHY based MACsec capabilities without compromising performance.
FIPS Algorithms
AES |
Certs. #1648, #2154, #2715, #2717, #2946, #3143, #3144 and #3478 |
CVL |
Certs. #173, #175, #393, #394, #403, #404, #712, #713 and #1029 |
DRBG |
Certs. #452, #454 and #684 |
ECDSA |
Certs. #761 and #809 |
HMAC |
Certs. #1694, #1696 and #2848 |
KBKDF |
Cert. #35 |
KTS |
AES Cert. #2946 |
KTS |
AES Cert. #2717 and HMAC Cert. #1696; key establishment methodology provides 112 bits of encryption strength |
RSA |
Certs. #1411 and #1413 |
SHS |
Certs. #934, #2280 and #2282 |
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #712; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #713, key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-SHA-1-96 (non-compliant); Triple-DES (non-compliant)
Hardware Versions
{[BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-32-MR2-M-AC (80-1007253-04), BR-MLXE-4-MR2-X-AC (80-1006874-03), BR-MLXE-32-MR2-X-AC (80-1007255-04), with Components (80-1005643-01, 80-1005644-03, 80-1005641-02, 80-1005642-03, 80-1007878-02, 80-1007911-02, 80-1008426-01, 80-1008427-02, 80-1007879-02, 80-1003891-02, 80-1002983-01, 80-1008686-01, 80-1003971-01, 80-1003969-02, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004469-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01)], [BR-CER-2024C-4X-RT-AC (80-1006530-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), with Components (80-1003868-01, 80-1004848-01)], [BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024F-4X-AC (80-1000037-01), with Component (80-1003868-01)]} with FIPS Kit XBR-000195
Firmware Versions
Multi-Service IronWare R05.9.00aa