Cisco Blogs


Cisco Blog > Security

One Small Step…

More and more, we ask technology to play critical roles in our businesses, and our lives.  Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more.  For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.

Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today.  Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper.  For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/

We foresaw the need for trustworthiness by listening to our customers, and we started early.  Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper.  Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.

Tags: , , , , , , ,

ICCC 2012: Raising Awareness of Common Criteria, Promoting Security for Emerging Technologies

In this age of emerging technologies and increasingly complex cyber threats, government and enterprise organizations of all types need to ensure that products they use meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.

As these organizations adopt new emerging technologies in hopes of saving on infrastructure and maintenance costs, is this at the risk of security? Without the proper security mechanisms in place and validated, the results could be catastrophic.

Common Criteria is an international standard for evaluating IT product security and reliability, recognized by more than 26 countries around the world. Common Criteria is considered a mandatory requirement for purchasing network security products by many governments.

The 13th International Common Criteria Conference, this year being held in Paris from September 18-20, will bring together leaders from governments and organizations of all types from around the world.

The ICCC Conference offers certification/validation schemes, evaluation laboratories, product developers, system integrators and product users to exchange expertise, experiences and skills on the application of the Common Criteria and security for Information and Communication Technology [ICT] solutions, such as Cloud Computing.

Cisco will participate in speaking sessions at the conference focused on topics including Supply Chain Security, Architectural approaches to Technical Communities and Collaborative Protection Profiles, Cloud Security and Innovation.

Details on the speaking sessions presented by and in collaboration with Cisco are below:

Progress Report from the Supply Chain Security Technical Workgroup
Sept. 19 at 11:30 CET
Track 1 – Room B/Chagall + Van Dongen
Michael Grimm, senior program manager, Microsoft and Terrie Diaz, product certification engineer, Cisco

An Architectural Framework Approach in the Development of Technical Communities and Collaborative Protection Profiles
Sept. 19 at 11:30 CET
Track 2 – Room C/Soutine & Utrillo
Axel Munde, BSI
Dirk Jan Out, Brightsight
Jen Gilbert, lead, global certifications strategy and policy, Cisco

Cloud Security and Common Criteria
Sept. 19 at 14:30 CET
Track 3 – Room D/Picasso
Ashit Vora, manager, security assurance – FIPS/Common Criteria, Cisco

Innovation and the Common Criteria
Sept. 19 at 15:00 CET
Track 3 – Room D/Picasso
Audrey Plonk, Intel
Jen Gilbert, lead, global certifications strategy and policy, Cisco

Visit ICCC and Cisco Global Government Certifications for more information.

Tags: , , , , , ,

BYOD and Government Certifications

It’s summer and my kids have been testing for swim certification so they can swim in the big pool. When they complain about the swim exam, I assure them that it’s not only to be safe, but also  to validate that they have reached a recognized standard of performance.  Similarly, governments worldwide require proof of certification before allowing equipment, including commercial wireless devices and technology, to be deployed on their networks.

With the growing trend towards BYOD, countless organizations must strategize how to best protect data in-transit across wireless networks, while optimizing the benefits of a mobile workforce.  For government and public sector organizations, it is especially imperative that the solutions employed to mitigate risks associated with BYOD and WLAN are compliant with the highest standards and certifications.

Certification is an ongoing effort in a changing landscape.  Cisco maintains an active product certification program for government customers by staying as current as possible with certifications to enable our customers to confidently deploy our solution.  As of July 26, 2012, we are proud to announce the Common Criteria Certification award to one of our recent 7.0 software releases.

Read More »

Tags: , , , , , , , , , ,

Cisco Integrated Services Routers (ISR) 881W/GW achieve FIPS 140-2 Certification!

April 13, 2012 at 7:12 am PST

The Global Certification Team (GCT) is thrilled to announce that the ISR 881W/881GW has completed the FIPS certification process.  The official listing has been posted to the NIST website, being awarded certificate #1700, as FIPS 140-2, Level 2 Certified.

The Cisco 881W and Cisco 881GW ISR’s provide connectivity and security services in a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch and teleworkers. The module is also a wireless access point that provide secure wireless access to clients.

Read More »

Tags: , , , , , , , , , , , ,

Cisco Unified IP Phones earn FIPS Certification!

March 9, 2012 at 1:37 pm PST

The Global Certification Team is proud to announce the FIPS 140-2 Crypto certification of the 6900 and 7900 Series IP Phones.

The phones received FIPS certificate #1647 for Models 6901 and 6911 and Certificate #1650 for 6921, 6941, 6945, and 6961.  Finally the 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE, and 7975G were awarded FIPS certificate #1689.

Take full advantage of converged voice and data networks while retaining the convenience and user-friendliness you expect from a business phone. Cisco Unified IP Phones can help improve productivity by meeting the needs of users throughout your organization. Advanced media endpoints in this innovative suite of Cisco Unified IP Phones enhance the end-user experience.

6900 Series on Cisco.com

7900 Series Phones on Cisco.com

FIPS-140 is a US and Canadian government standard that specifies security requirements for cryptographic modules. A cryptographic module is defined as “the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.” The cryptographic module is what is being validated.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,