Specifications
Cisco Aggregation Services Router (ASR) 901 Series Security Target
Page 15 of 50
additional information of the event and its success and/or failure. The TOE does not have an
interface to modify audit records, though there is an interface available for the authorized
administrator to clear audit data stored locally on the TOE.
1.6.2 Cryptographic support
The TOE provides cryptography in support of other Cisco Aggregation Services Router (ASR)
901 Series security functionality. The algorithms shown in Table 6 FIPS References are
implemented in the Cisco IOS Common Cryptographic Module (IC2M) Algorithm Module
firmware version 2.0.
This cryptography has been validated for conformance to the requirements of FIPS 140-2 (see
Table 6 for certificate references).
Table 6 FIPS References
Algorithm
Cert. #
AES
2817
DRBG
481
SHS (SHA-1, 256, 384,
512)
2361
HMAC SHA-1, 256, 384,
512
1764
RSA
1471
ECDSA
493
While the algorithm implementations listed in the preceding table were not tested on the exact
processor installed within the ASR 901, the algorithm certificates are applicable to the TOE
based on the following,
1. The cryptographic implementation which is tested is identical (unchanged) to the
cryptographic implementation on the ASR 901s.
2. The cryptographic implementation does not depend on hardware for cryptographic
acceleration I.e. there are no hardware specific cryptographic dependency. The
cryptographic algorithms are implemented completely in software.
3. This is consistent with the guidance provided in NIST IG G.5 allowing portability
amongst platforms as long as no software modification is required.
The ASR 901 platforms contain the following processor,
1. Freescale P2020 using the Freescale instruction set
The TOE provides cryptography in support of VPN connections and remote administrative
management via SSHv2. The cryptographic services provided by the TOE are described in
Table 7 below.