Module Name
Cisco Catalyst 9200 Series Switches
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module 'ACT2Lite Cryptographic Module' validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 2
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
With full PoE+ capability, power and fan redundancy, stacking bandwidth up to 160 Gbps, modular uplinks, Layer 3 feature support, and cold patching, Catalyst 9200 Series switches are the industry's unparalleled solution with differentiated resiliency and progressive architecture for cost-effective branch-office access. The switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. Advanced security feature supports IOS-XE software, MACsec encryption, hardware anchored secure boot, Secure Unique Device Identification (SUDI) support.
Approved Algorithms
AES |
Certs. #A1462 and #4769 |
CKG |
vendor affirmed |
CVL |
Cert. #A1462 |
DRBG |
Cert. #A1462 |
ECDSA |
Cert. #A1462 |
HMAC |
Cert. #A1462 |
KAS |
KAS-SSC Cert. #A1462, CVL Cert. #A1462; key establishment methodology provides between 112 and 192 bits of encryption strength |
KAS-SSC |
Cert. #A1462 |
KBKDF |
Cert. #A1462 |
KTS |
AES Cert. #A1462; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #A1462 and #C1301 |
SHS |
Certs. #A1462 and #C1301 |
Allowed Algorithms
NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
Cisco Catalyst C9200-24T, Cisco Catalyst C9200-48T, Cisco Catalyst C9200-24P, Cisco Catalyst C9200-48P, Cisco Catalyst C9200-24P8X and Cisco Catalyst C9200-48P8X with components C9200-NM-4G, C9200-NM-4X, C9200-NM-2Y and C9200-NM-2Q
Firmware Versions
Cisco IOS-XE 16.12 and Cisco IOS-XE 17.3