Module Name
Cisco Catalyst 9400 Series Switches
Validation Dates
03/03/2021
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module 'ACT2Lite Cryptographic Module' validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 2
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Cisco Catalyst 9400 Series Switches are stackable enterprise switching platform built for security, IoT, mobility, and cloud. The switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. The modules include cryptographic algorithms implemented in IOS-XE software as well as hardware ASIC. Advanced security feature supports MACsec encryption, hardware anchored secure boot and Secure Unique Device Identification (SUDI) support.
FIPS Algorithms
| AES |
Certs. #4769, #C431 and #C462 |
| CKG |
vendor affirmed |
| CVL |
Certs. #C431 and #C462 |
| DRBG |
Certs. #C431 and #C462 |
| DSA |
Cert. #C431 |
| ECDSA |
Certs. #C431 and #C462 |
| HMAC |
Certs. #C431 and #C462 |
| KBKDF |
Certs. #C431 and #C462 |
| KTS |
AES Cert. #C431; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
AES Cert. #C462; key establishment methodology provides between 128 and 256 bits of encryption strength |
| RSA |
Certs. #C220, #C431 and #C462 |
| SHS |
Certs. #C220, #C431 and #C462 |
| Triple-DES |
Certs. #C431 and #C462 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #C462 with CVL Cert. #C462, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C462 with CVL Cert. #C462, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
Cisco Catalyst 9404R, Cisco Catalyst C9407R and Cisco Catalyst C9410R with components C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y, C9400-LC-48U, C9400-LC-48T, C9400-LC-48P, C9400-LC-24XS, C9400-LC-48UX, C9400-LC-24S, C9400-LC-48S and C9400-LC-48H
Firmware Versions
Cisco IOS-XE 16.12
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
