Module Name
Cisco Catalyst 9600 Series Switches
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module ' ACT2Lite Cryptographic Module' validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 2
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Cisco Catalyst 9600 Series Switches are stackable enterprise switching platform built for security, IoT, mobility, and cloud. The switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. The modules include cryptographic algorithms implemented in IOS-XE software as well as hardware ASIC. Advanced security feature supports MACsec encryption, hardware anchored secure boot and Secure Unique Device Identification (SUDI) support.
Approved Algorithms
AES |
Certs. #A1462, #C431 and #4769 |
CKG |
vendor affirmed |
CVL |
Certs. #A1462 and #C431 |
DRBG |
Certs. #A1462 and #C431 |
DSA |
Cert. #C431 |
ECDSA |
Certs. #A1462 and #C431 |
HMAC |
Certs. #A1462 and #C431 |
KAS |
KAS-SSC Cert. #A1462, CVL Certs. #A1462 and #C431 |
KAS-SSC |
Cert. #A1462 |
KBKDF |
Certs. #A1462 and #C431 |
KTS |
AES Cert. #A1462; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
AES Cert. #C431; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #A1462, #C220 and #C431 |
SHS |
Certs. #A1462, #C220 and #C431 |
Allowed Algorithms
NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
Cisco Catalyst 9606R with components C9600-SUP-1, C9600-LC-48YL and C9600-LC-24C
Firmware Versions
Cisco IOS-XE 16.12 and Cisco IOS-XE 17.3