Module Name
Huawei S7700 Series Switches
Validation Dates
07/31/2017
Caveat
When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The S7700 Smart Routing Switch (S7700 for short) is a high-end smart routing switch designed for next-generation enterprise networks. The S7700 design is based on Huawei's intelligent multi-layer switching technology to provide intelligent service optimization methods, such as MPLS VPN, traffic analysis, comprehensive QoS policies, controllable multicast, load balancing, and security, in addition to high-performance Layer 2 to Layer 3 switching services.
FIPS Algorithms
| AES |
Cert. #4400 |
| CKG |
vendor affirmed |
| CVL |
Cert. #1107 |
| DRBG |
Cert. #1418 |
| DSA |
Cert. #1175 |
| ECDSA |
Cert. #1057 |
| HMAC |
Cert. #2924 |
| KTS |
AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Cert. #2380 |
| SHS |
Cert. #3627 |
| Triple-DES |
Cert. #2372 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
S7703 P/N 02113959 Version P.3 with [1, 2 and 7], S7706 P/N 02113960 Version N.2 with [1, 3, 5 and 7] and S7712 P/N 02113961 Version P.2 with [1, 4, 6 and 7]; LPU P/N 03030MQP [1], MPU P/N 03030MPV [2], MPU P/N 03030MQS [3], MPU P/N 03031FSL [4], CSS P/N 03030QHL [5], CSS P/N 03030XYD [6] and Tamper Seals P/N 4057-113016 [7]
Firmware Versions
V200R010C00SPC900B900
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
