Specifications
Cisco ISR-800 Security Target
36
• FIPS PUB 186-3, “Digital Signature Standard (DSS)”, Appendix B.4 for ECDSA
schemes and implementing “NIST curves” P-256, P-384 and [no other curves];]
and specified cryptographic key sizes equivalent to, or greater than, a symmetric key strength of
112 bits.
5.3.2.3 FCS_CKM_EXT.4 Cryptographic Key Zeroization
FCS_CKM_EXT.4.1 The TSF shall zeroize all plaintext secret and private cryptographic keys
and CSPs when no longer required.
5.3.2.4 FCS_COP.1(1) Cryptographic Operation (for data encryption/decryption)
FCS_COP.1.1(1) Refinement: The TSF shall perform [encryption and decryption] in
accordance with a specified cryptographic algorithm AES operating in GCM, CBC, [no other
modes] and cryptographic key sizes 128-bits, 256-bits, and [no other key sizes] that meets the
following:
• FIPS PUB 197, “Advanced Encryption Standard (AES)”
• NIST SP 800-38D, NIST SP 800-38A [,no other standards]
5.3.2.5 FCS_COP.1(2) Cryptographic Operation (for cryptographic signature)
FCS_COP.1.1(2) Refinement: The TSF shall perform cryptographic signature services in
accordance with a: [
• RSA Digital Signature Algorithm (RSA) with a key size (modulus) of 2048 bits or
greater that meets FIPS PUB 186-2 or FIPS PUB 186-3, “Digital Signature
Standard”,
• Elliptic Curve Digital Signature Algorithm (ECDSA) with a key size of 256 bits or
greater that meets FIPS PUB 186-3, “Digital Signature Standard” with “NIST
curves” P-256, P-384 and no other curves (as defined in FIPS PUB 186-3, “Digital
Signature Standard”)].
5.3.2.6 FCS_COP.1(3) Cryptographic Operation (for cryptographic hashing)
FCS_COP.1.1(3) Refinement: The TSF shall perform [cryptographic hashing services] in
accordance with a specified cryptographic algorithm [SHA-1, SHA-256, SHA-384, SHA-512]
and message digest sizes [160, 256, 384, 512] bits that meet the following: FIPS Pub 180-3,
“Secure Hash Standard.”