Module Name
Cisco ISR 1000 Series Routers without MACSEC
Historical Reason
SP 800-56Arev3 transition - replaced by certificate #4638
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Cisco Integrated Services Router (ISR) 1000 Series provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.
Approved Algorithms
| AES |
Cert. #5258 |
| CVL |
Certs. #1729 and #1730 |
| DRBG |
Cert. #2011 |
| HMAC |
Cert. #3480 |
| KTS |
AES Cert. #5258; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
AES Cert. #5258 and HMAC Cert. #3480; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2660 and HMAC Cert. #3480; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Cert. #2811 |
| SHS |
Cert. #4231 |
| Triple-DES |
Cert. #2660 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1729 and #1730, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1729 and #1730, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
ISR1101 and ISR1111
Firmware Versions
Cisco IOS-XE 16.12
