System information
Cisco Cat3K ST 6 June 2012
30
[RSA] and cryptographic key sizes [1024-bits and 2048-bits]
that meet the following: [none].
5.2.2.5 FCS_COP.1(2): Cryptographic operation (for AES encryption/decryption)
FCS_COP.1.1(2) The TSF shall perform [encryption and decryption] in
accordance with a specified cryptographic algorithm [AES
operating in CBC mode] and cryptographic key sizes [128-
bits, 256-bits] that meet the following: [
• FIPS PUB 197, “Advanced Encryption Standard
(AES)”, NIST SP 800-38A AES KeyWrap Standard”].
5.2.2.6 FCS_COP.1(3): Cryptographic operation (for RNG)
FCS_COP.1.1(3) The TSF shall perform [Random Number Generation] in
accordance with a specified cryptographic algorithm [RNG
using AES] and cryptographic key sizes [256 bits] that meet the
following: [SP 800-90 DRBG as specified in FIPS 140-2 Annex
C].
5.2.2.7 FCS_COP.1(4) Cryptographic operation (for MD5 hashing)
FCS_COP.1.1(4) The TSF shall perform [secure hash (message digest)] in
accordance with a specified cryptographic algorithm: [MD5]
and cryptographic key sizes [128-bit hash value] that meet the
following: [MD5 RFC 1321 as applied in OSPFv2 (RFC
2328), BGPv4 (RFC 2385), MSDP (RFC 3618) for PIM-
SMv2 (RFC 4601), and EIGRP (Cisco proprietary)].
5.2.2.8 FCS_SSH_EXT.1: SSH
FCS_SSH_EXT.1.1 The TSF shall implement the SSH protocol that complies
with RFCs 4251, 4252, 4253, and 4254.
FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH connection be rekeyed
upon request from the SSH client.
FCS_SSH_EXT.1.3 The TSF shall ensure that the SSH protocol implements a
timeout period for authentication as defined in RFC 4252 of
120 seconds, and provide a limit to the number of failed
authentication attempts a client may perform in a single
session to 3 attempts.
FCS_SSH_EXT.1.4 The TSF shall ensure that the SSH protocol implementation
supports the following authentication methods as described in
RFC 4252: password-based.