Assurance Continuity - Cisco Catalyst 3650 and 3850 Series Switches
Date of Maintenance Completion: 2019.12.17CC Certificate Validation Report Assurance Activity
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314
Extended Package for MACsec Ethernet Encryption Version 1.2
Original Evaluated TOE: 2019.03.14 - Cisco Catalyst 3650 and 3850 Series Switches running IOS-XE 16.9
Please note: The above files are for the Original Evaluated TOE. Consequently, they do not refer to this maintained version, although they apply to the maintained version.
Security Target * Assurance Continuity Maintenance Report Administrative Guide
Please note: This serves as an addendum to the VR for the Original Evaluated TOE.
* This is the Security Target (ST) associated with this latest Maintenance Release. To view previous STs for this TOE, click here.
Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation.
Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.
Software bug fixes resulted in what were considered “Minor Changes”. Such changes were described as non-security relevant, functional, and having no direct impact to any TOE Security Function.
Eleven such changes were listed in the IAR along with a description and given rationale. The description and rational for each were inspected and the overall Minor Change characterization was considered appropriate. None of the changes resulted in the introduction of new TOE capabilities, changes to the TOE boundary, or were numerous enough to have major impact. Changes related to the handling of end host traffic; memory leaks; queue maintenance; Dynamic Host Configuration Protocol (DHCP) handling; interface management and accessibility; switch crashes, and DB cursor handling. All changes only ensured that the products function as expected.
There were no Major Changes.
In addition, there were no changes made in the processor used and the bug fixes to the OS version had no effect on cryptographic processing. Therefore, no modifications were required in any of the existing NIST certificates.
Although no changes were directly made to the security functionality, the IAR reported that “Each individual change was unit tested, and the IOS-XE 16.12 software image has had a limited amount of automated regression testing covering all major areas of baseline client functionality.”
The vendor conducted searches of public vulnerability sites and, using selected key words and product identifiers, located a group of published vulnerabilities. All were reviewed and were either identified as having no impact on the TOE or were listed as having been addressed in the TOE version presented as part of this Assurance Maintenance Action.
Cisco Systems, Inc.