Assurance Continuity - Cisco Cloud Services Router 1000V (CSR1000V), Aggregation Services Router 1000 Series (ASR1K), Integrated Services Router 1100 Series (ISR1100), and Integrated Services Router 4200 Series (ISR4K) V0.1
Date of Maintenance Completion: 2019.09.16CC Certificate Validation Report Assurance Activity
Product Type: Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314
Extended Package for VPN Gateways Version 2.1
Original Evaluated TOE: 2019.07.16 - Cisco Cloud Services Router 1000V (CSR1000V), Aggregation Services Router 1000 Series (ASR1K), Integrated Services Router 1100 Series (ISR1100), and Integrated Services Router 4000 Series (ISR4K) running on IOS-XE 16.9
Please note: The above files are for the Original Evaluated TOE. Consequently, they do not refer to this maintained version, although they apply to the maintained version.
Security Target * Assurance Continuity Maintenance Report Administrative Guide
Please note: This serves as an addendum to the VR for the Original Evaluated TOE.
* This is the Security Target (ST) associated with this latest Maintenance Release. To view previous STs for this TOE, click here.
Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation.
Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.
The changes are divided into two categories: new features and bugfixes.
The following new features in the product were analyzed and determined to be minor with minor security relevance. The following list describes only features that are relevant to the TOE and the claims that are made in the ST.
· FlexVPN Event Trace—Displays event trace messages for FlexVPN.
· MACsec exception reports for invalid keys and replay attacks-You can use the show mka policy command to verify the XPN configuration. If you do not want to include icv-indicator in MKPDUs, use the no include-icv-indicator command in the MKA policy.
· MACsec varialble length CKN and optional support for ICV-Use the platform macsec logging replay protection command in global configuration mode to configure the packet count global configuration mode to configure the packet count.
· PKI - EST CA Certs on Reykey-This feature enables client devices to obtain CA certificate automatically as part of rekey.
· Removal of Weak Encryption Types 0, 5, and 7 in AAA—Support has been added for auto-conversion of weak password types 0 and 7 to encrypted password type 6.
· Improvement in Crypto Performance with Crypto Offload.
· Scale Improvement for IPSec VPN tunnels - With Cisco IOS XE Gibralter 16.10.1, the total number of IPSec VPN tunnels supported on C1100 series has increased to 1000, with HSECK9 license.
The features above are disabled by default and not included in the evaluated configuration or does not impact the TOE security functions.
Bug Fixes — Vulnerability Analysis
The developer searched for publicly disclosed cybersecurity vulnerabilities applicable to versions of the TOE on 29 August 2019. The search resulted in 15 CVEs that were relevant to the TOE. All 15 CVEs have been mitigated by the Vendor.
The following national sites was searched:
· National Vulnerability Database: https://nvd.nist.gov
· US-CERT: https://www.us-cert.gov
· Security Focus: www.securityfocus.com
The following key words, product, and vendor were each selected for search criteria:
· Cisco Aggregation Services Router 1000 Series (ASR1K)
· Cisco Integrated Services Routers 4000 Series (ISR4K)
· Cisco IOS-XE 16.9
· IOS-XE SSH
· IOS-XE MACsec
· IOS-XE IPsec
· ASR 1013
· ASR 1006
· ASR 1009
· ASR 1002
· ASR 1001
· ASR 1000
· ISR 4321
· ISR 4331
· ISR 4451
· ISR 4461
· ISR 4000
· Secure Boot
· Intel Atom C2558/C2758
· Intel Xeon 5238
· Intel Xeon D 1520/1530
· Intel Xeon E3 1125/1105
· Microsemi Intellisec VSC84xx/VSC85xx
· Macom/APM SafeXcel-IP-160
Each individual change was unit tested, and the IOS-XE 16.12.1 software image has had a limited amount of automated regression testing covering all major areas of baseline client functionality. Testing was completed by Cisco Business Unit engineers and developers.
NIST CAVP Certificates
The developer confirmed the changed TOE conforms to NIAP Policy 5. The operational environment under which the validated cryptographic algorithm implementation was tested is the same as the operational environment as the changed TOE. Therefore, the cryptographic algorithm implementation validated for CAVP conformance also applies to the changed TOE.
Cisco Systems, Inc.