Module Name
Huawei S6720EI Series Switches
Validation Dates
05/26/2017
Caveat
When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The S6720 has industry-leading performance and provides up to 24 or 48 line-speed 10GE ports. It can be used in a data center to provide 10 Gbit/s access to servers or function as a core switch on a campus network to provide 10 Gbit/s traffic aggregation. In addition, the S6720 provides a wide variety of services, comprehensive security policies, and various QoS features to help customers build scalable, manageable, reliable, and secure data centers.
FIPS Algorithms
| AES |
Cert. #4400 |
| CKG |
vendor affirmed |
| CVL |
Cert. #1107 |
| DRBG |
Cert. #1418 |
| DSA |
Cert. #1175 |
| ECDSA |
Cert. #1057 |
| HMAC |
Cert. #2924 |
| KTS |
AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Cert. #2380 |
| SHS |
Cert. #3627 |
| Triple-DES |
Cert. #2372 |
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2924); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES-XCBC-MAC (non-compliant); DES; HMAC-MD5; RC4; SNMP KDF (non-compliant)
Hardware Versions
P/Ns 02350DMN Version H.3 (S6720-30C-EI-24S-AC) and 02350DMP Version H.3 (S6720-54C-EI-48S-AC) both with P/Ns 4057-113016 (Tamper Evident Seals) and 99089JEB (External Baffle)
Firmware Versions
V200R010C00SPC900B900
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
