U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3868

Details

Module Name
Cisco Catalyst 9600 Series Switches
Standard
FIPS 140-2
Status
Active
Sunset Date
3/28/2026
Overall Level
1
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module 'ACT2Lite Cryptographic Module' validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 2
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
The Cisco Catalyst 9600 Series Switches are stackable enterprise switching platform built for security, IoT, mobility, and cloud. The switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. The modules include cryptographic algorithms implemented in IOS-XE software as well as hardware ASIC. Advanced security feature supports MACsec encryption, hardware anchored secure boot and Secure Unique Device Identification (SUDI) support.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #4769, #C431 and #C462
CKG vendor affirmed
CVL Certs. #C431 and #C462
DRBG Certs. #C431 and #C462
DSA Cert. #C431
ECDSA Certs. #C431 and #C462
HMAC Certs. #C431 and #C462
KBKDF Certs. #C431 and #C462
KTS AES Cert. #C431; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #C462; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Certs. #C220, #C431 and #C462
SHS Certs. #C220, #C431 and #C462
Triple-DES Certs. #C431 and #C462
Allowed Algorithms
Diffie-Hellman (CVL Cert. #C462 with CVL Cert. #C462, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C462 with CVL Cert. #C462, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
Cisco Catalyst 9606R with components C9600-SUP-1, C9600-LC-48YL and C9600-LC-24C
Firmware Versions
Cisco IOS-XE 16.12 and Cisco IOS-XE 17.3

Vendor

Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Laura Stubbs
Lastubbs@cisco.com
Phone: +1 (703) 362-9377

Related Files

Security Policy
Consolidated Certificate

Validation History

Date Type Lab
3/29/2021 Initial ACUMEN SECURITY, LLC
8/25/2021 Update ACUMEN SECURITY, LLC