Certificate 2152 - Cisco 2901, 2911, 2921, 2951, 3925, 3925E, 3945, 3945E and VG350 Integrated Services Routers (ISRs)
intCertNum 2152
strVendorName Cisco Systems, Inc.
strURL http://www.cisco.com
strAddress1 170 West Tasman Dr.
strAddress2
strAddress3
strCity San Jose
strStateProv CA
strPostalCode 95134
strCountry 95134
strContact Global Certification Team
strEmail certteam@cisco.com
strPhone
strFax
strContact2
strEmail2
strFax2
strPhone2
intCertNum 2152
strModuleName Cisco 2901, 2911, 2921, 2951, 3925, 3925E, 3945, 3945E and VG350 Integrated Services Routers (ISRs)
strPartNumber Hardware Versions: 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, D], [3925, 3925E, 3945, 3945E and VG350] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0];
Firmware Version: IOS 15.2(4)M6A
memModuleNotes When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy
str140Version 140-2
_sp_ Security Policy   [pdf][html][txt]
_cert_ Certificate   [pdf]
strPURL
strModuleType Hardware
strValidationDate 05/13/2014;08/06/2014
intOverallLevel 2
memIndividualLevelNotes -Roles, Services, and Authentication: Level 3;-Design Assurance: Level 3;-Mitigation of Other Attacks: N/A
strFIPSAlgorithms AES (Certs. #803, #963, #1115, #1536 and #2620);
CVL (Cert. #231);
DRBG (Cert. #401);
ECDSA (Cert. #450);
HMAC (Certs. #443, #538, #627 and #1606);
RSA (Certs. #1338 and #1347);
SHS (Certs. #801, #934, #1038, #2182 and #2208);
Triple-DES (Certs. #758, #812, #1037 and #1566)
strOtherAlgorithms DES;
Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength);
GDOI (key wrapping;
key establishment methodology provides between 112 and 150 bits of encryption strength);
HMAC-MD5;
MD5;
RC4;
RSA (key wrapping;
key establishment methodology provides between 112 and 128 bits of encryption strength;
non-compliant less than 112 bits of encryption strength)
strConfiguration Multi-chip standalone
memModuleDescription The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.
intModuleCount 1
memAdditionalNotes 08/06/14: Changed FW to IOS 15.2(4)M6A and updated the security policy.
strFirstValidtionDate 05/13/14 00:00:00
strLabName Leidos
strValidationYear 2014