Compliant Product - Cisco Integrated Service Routers (ISR): Cisco 800 Series ISRs: 881, 881G and 891; Cisco 1900 Series ISRs: 1905, 1921, and 1941; Cisco 2900 Series ISRs: 2901, 2911, 2921 and 2951; Cisco 3900 Series ISRs: 3925, 3925E, 3945 and 3945E; running IOS 15.1.2T3

Certificate Date: 31 July 2011

Validation Report Number: CCEVS-VR-VID10425-2011

Product Type: Firewall, Router

Conformance Claim: EAL4 Augmented with ALC_FLR.2

PP Identifier: U.S. Government Protection Profile for Traffic Filter Firewall in Basic Robustness Environments Version 1.1

CC Testing Lab: Leidos (formerly SAIC) Common Criteria Testing Laboratory



PRODUCT DESCRIPTION

The Target of Evaluation (TOE) is the Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR). The following models were evaluated:

Cisco 881 ISR, Cisco 881G ISR, Cisco 891 ISR, Cisco 1905 ISR, Cisco 1921 ISR, Cisco 1941 ISR, Cisco 2901 ISR, Cisco 2911 ISR, Cisco 2921 ISR, Cisco 2951 ISR, Cisco 3925 ISR, Cisco 3925E ISR, Cisco 3945 ISR, Cisco 3945E ISR

All models comprising the TOE provide the same security functionality. They differ only in the number and type of external ports.

The Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) are router platforms that provide connectivity and security services onto a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch and teleworkers.

In support of the routing capabilities, the Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) provides IPSec connection capabilities for VPN enabled clients connecting through the Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR).

The Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) also supports firewall capabilities consistent with the U.S. Government Protection Profile for Traffic Filter Firewall in Basic Robustness Environments. The Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) are single-device security and routing solutions for protecting the network. The firewall capabilities provided by the TOE are provided implementing security zones. Zone-based firewall allows grouping of physical and virtual interfaces into zones to simplify logical network topology. The creation of these zones facilitates the application of firewall policies on a zone-to-zone basis, instead of having to configure policies separately on each interface.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco 5940 Series Embedded Services Router TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 3.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 3.  Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.2.  The product, when delivered configured as identified in Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Common Criteria Operational User Guidance and Preparative Procedures document, satisfies all of the security functional requirements stated in the Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target (Version .09). The project underwent one Validation Oversight Panel (VOR) panel review.  The evaluation was completed in July 2011.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-10425-2011, dated July 2011) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The logical boundaries of Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) TOE are realized in the security functions that it implements. These security functions are realized at the network interfaces that service clients and via the administrator commands. Each of these security functions is summarized below.

Vendor Information

logo
Cisco Systems, Inc.
+1 410 309 4862
certteam@cisco.com

http://www.cisco.com