Cisco Global Certifications and Security Assurance
Cisco Global Certifications and Security Assurance
Cisco is committed to maintaining an active product certification and evaluation program for customers world-wide. We recognize that certifications and evaluations are important to our customers, and we continue to be a leader in providing certified and evaluated products to the global marketplace. We also will continue to work with international security standards bodies to help shape the future of certified and evaluated products, and will work to accelerate certification and evaluation processes.
Certifications and security assurance are considered at the earliest part of our product development cycle, and we will continue our focus on security products to insure customers have a variety of certified and evaluated products to meet their needs.
Cisco Global Certifications and Security Assurance
U.S. Department of Defense Approved Products List
Listed below are the Cisco products currently on the Department of Defense (DOD) Approved Products List (APL), as well as certifications Cisco is in the process of completing. The certification process is the responsibility of the Defense Information Systems Agency (DISA) Voice Connection Approval Office (VCAO), and certification testing is performed by the Joint Interoperability Test Command (JITC) at Ft. Huachuca in Sierra Vista, Arizona.
Common Criteria is an international standard for evaluating IT product security and reliability. It is recognized by over 15 countries around the world including Australia, Canada, France, Germany, Greece, Italy, Japan, New Zealand, Spain, UK, South Korea and the United States. Many government customers around the world consider Common Criteria a mandatory requirement for purchasing network security products.
Common Criteria is a methodology for product evaluation and does not simply provide a specification. There are seven levels of evaluation, and products typically target EAL2 or EAL4. Only levels 1-4 are mutually recognized, which means that an evaluation conducted in one country is valid for any of the countries participating in the Common Criteria.
Cisco continues to be a global leader in completing and pursuing Common Criteria evaluations; listed below are current, completed Common Criteria certifications, as well as evaluations that are not yet finalized.
The Federal Information Processing Standard (FIPS) 140 ( http://csrc.nist.gov/cryptval ) is a US and Canadian Government standard that specifies security requirements for "cryptographic modules." A cryptographic module is defined as "what is being validated."
The following tables show current Cryptographic Module Validation Program (CMVP) certifications and certifications Cisco is currently pursuing for FIPS 140.
The Installation Information Infrastructure Modernization Program (I3MP) is a collection of efforts (Voice/data/cable/long-haul gateway/Enterprise Management) that modernizes the core enterprise information infrastructure at Army installations (CONUS/Pacific/Europe/SWA) worldwide. I3MP product evaluation is performed by the Army Technology Integration Center (TIC), located at Ft. Huachuca, AZ.
Current Cisco product certifications and validations for the U.S. Army Installation Information Infrastructure Modernization Program (I3MP) evaluation program are listed below.
Current Cisco product certifications and validations for U.S. Army Infrastructure Assurance (AIA) and NATO evaluation programs are listed below.
Testing required to get products on the AIAAPL can be performed in any approved lab. Testing requires a FIPS certificate for the product (if encryption is used) and the product must be in process for Common Criteria evaluation.
