Module Name
Cisco ASR 1000 Series Routers with MACSEC
Validation Dates
12/18/2020
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments.
FIPS Algorithms
AES |
Certs. #333, #2346, #3160, #3505, #4583 and #C462 |
CKG |
vendor affirmed |
CVL |
Certs. #1257, #1258 and #C462 |
DRBG |
Certs. #1529 and #C462 |
ECDSA |
Certs. #1241 and #C462 |
HMAC |
Certs. #137, #1455, #3034 and #C462 |
KBKDF |
Certs. #139 and #C462 |
KTS |
AES Certs. #4583 and #C462; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #2500 and #C462 |
SHS |
Certs. #408, #2023, #3760 and #C462 |
Triple-DES |
Certs. #397, #1469, #2436 and #C462 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1257, #1258 and #C462, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1257, #1258 and #C462, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
ASR1001-HX, ASR1002-HX, [[ASR1006-X with RP2, RP3, ESP40, ESP100, [ASR1000-MIP100 with EPA-10X10GE and EPA-1X40GE QSFP+]] and [[ASR-1009-X with RP2, RP3, ESP40, ESP100, ESP200, [ASR1000-MIP100 with EPA-10X10GE and EPA-1X40GE QSFP+]]
Firmware Versions
Cisco IOS XE 16.9