Cisco Blogs


Cisco Blog > Government

ISR G2 and ASR1000 achieve PEPAS Certification!

February 27, 2012 at 11:53 am PST

The Global Certification Team is proud to collaborate with our colleagues across the globe.  Today we have a guest post by Mark Jackson <marjacks@cisco.com>, Technical Solutions Architect, Cisco UK.  Mark will be sharing about the recent PEPAS certification of the Cisco ISR G2 and ASR1000.

The Public Services Network (PSN) is at the heart of the UK Government ICT Strategy and aims to deliver significant cost savings against the current £16.5bn annual ICT spend whilst at the same time providing the foundation to enable the government to transform the way in which it delivers services to the citizen. Maintaining security within the PSN is critical to its success and as such, CESG and the Cabinet Office have laid down a range of technical and information assurance standards against which vendors must comply.

In the UK Government, classified information is protectively marked based on the resulting impact to business should the information be compromised. Often shortened to IL (Impact Level), there are seven levels ranging from IL0 to IL6 where IL6 has the highest impact.  The discipline of information assurance (IA) is used to provide confidence that systems systems handling protectively marked information do so in a robust fashion. Effective IA is widely seen as providing an important role in reducing the Nation’s vulnerabilities to cyber attack (Nation Cyber Security Strategy) and takes on a wide range of forms across the domains of technology, people and process. In the technology domain, the use of assured products is a key element in providing confidence that classified information will remain protected in accordance with its IL marking.

Within the context of the PSN, the baseline infrastructure will be assured to protect IL2 information passing in the clear; IL2 is used by many government departments and local authorities. The PSN will also be used extensively to transport IL3 information, more often seen in central government departments and law enforcement. In the PSN, protecting IL3 information requires the use of CESG assured cryptography and historically this has meant CAPS Baseline assured devices. CAPS devices are often criticised for their high cost and complexity of management, requiring customers to deploy two physical devices per site; a situation that is clearly not ideal when the primary goal of the PSN is to reduce cost. The CESG PEPAS assurance scheme was developed specifically to address the information assurance requirements of for using commercial-grade cryptography to deliver large-scale secure network overlay solutions for IL3 information within the PSN.

Cisco are pleased to announce that their ISR G2 and ASR 1000 Series routers have successfully completed and passed CESG PEPAS evaluation and can be used to support the secure transportation of IL3 information in the PSN. This announcement provides our customers and partners with the confidence to deploy Cisco IPsec VPN technology to protect IL3 information, whilst at the same time taking advantage of the wide range of capabilities offered by the ISR G2 and ASR 1000 series platforms. The Cisco ISR G2 and ASR 1000 series deliver an all-in-one solution combining WAN and IPsec VPN termination, whilst at the same time being able to deliver non-encrypted IL2 transport and additional services such as firewalling, application optimisation and voice.

Read More »

Tags: , , , , , , , , , , , , ,

Why do we need an IPv6 certification process?

February 14, 2012 at 1:22 pm PST

To answer that question first we need to look at the significance the current IP layer has in our day to day lives. Beyond that we need to, for lack of better words, “follow the money” that these IP based applications, services and infrastructure support. Stability of IP based communication is something we may take for granted but what would happen if that stable IPv4 layer was replaced with a not so stable upgrade? My home network connection goes out, kind of irritating but in the big picture I will probably forget it… the first time. Service Providers realize that if they cannot provide you with a stable service you may not be a happy customer, which may open the door for you to look elsewhere. Beyond that, the loss of IP based communication in many industries is seen as a loss of hundreds of thousands of dollars per second both in revenue generation and loss of opportunity. The point is, much of the world economy relies on a stable network at all times.

Read More »

Tags: , , ,

ASR 9K with CRS 1-3 Common Criteria Certified!

January 11, 2012 at 9:26 am PST

The Global Certification Team is pleased to announce that we have achieved Common Criteria certification on the CRS 1-3 and the ASR 9K!

Link to the certification: http://www.niap-ccevs.org/st/vid10439/

Read More »

Tags: , , , , , , , , , , ,

The Cisco 5940 Embedded Services Router (ESR) awarded Common Criteria Certification

December 15, 2011 at 2:15 pm PST

The Global Certification Team is pleased to announce thati  the 5940 Embedded Services Router (ESR) has been awarded Common Criteria certification.  The 5940 ESR is certified at EAL2+ against the Traffic Filter Firewall in Basic Robustness Environments v1.1.  The Cisco 5940 ESR validated for IOS Version: 15.1(2)GC1.

More information on the validation effort can be found at: http://www.niap-ccevs.org/cc-scheme/st/vid10429/

Read More »

Tags: , , , , , , , , , , ,

Cisco Common Crypto Module is now FIPS certified!

December 2, 2011 at 11:40 am PST

The Global Certification Team is proud to announce the FIPS Certification of the Cisco Common Crypto Module (C3M).  The Official listing can be found on the NIST website at http://goo.gl/3vPaa.

The Cisco Common Cryptographic Module (C3M) is a software library that provides cryptographic services to a vast array of Cisco’s networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols.

Tags: , , , , , , , , , , , ,