Module Name
Cisco ISR 4000 Series Routers with MACSEC
Validation Dates
02/09/2021
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Cisco Integrated Services Router (ISR) 4000 Series provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.
FIPS Algorithms
AES |
Certs. #3504 and #4583 |
CKG |
vendor affirmed |
CVL |
Certs. #1257 and #1258 |
DRBG |
Cert. #1529 |
ECDSA |
Cert. #1241 |
HMAC |
Cert. #3034 |
KBKDF |
Cert. #139 |
KTS |
AES Cert. #4583; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Cert. #2500 |
SHS |
Cert. #3760 |
Triple-DES |
Cert. #2436 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1257 and #1258, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1257 and #1258, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
ISR 4321, ISR 4331, ISR 4351 and ISR 4451 with NIM-2GE-CU-SFP
Firmware Versions
Cisco IOS XE 16.9