Cisco Blogs


Cisco Blog > Government

Common Criteria Certificate awarded for the ASR 1000 Family

July 14, 2011 at 4:25 pm PST

We are very pleased to announce that the ASR 1000 family of routers has been evaluated using the Common Methodology for IT Security Evaluation (Version 3.1) for conformance to the Common Criteria for IT Security Evaluation (Version 3.1) and was awarded a Common Criteria Certificate by NIAP (National Information Assurance Partnership). The evaluation assurance level (EAL) for the product is EAL4 augmented with ALC_FLR.2.

The ASR 1000 is functionally compliant with three Protection Profiles:

  1. Router: U.S. Government Router Protection Profile For Medium Robustness Environments, version 1.1
  2. VPN: U.S. Government Virtual Private Network (VPN) Boundary Gateway Protection Profile For Medium Robustness Environments, version 1.2
  3. Firewall: U.S. Government Protection Profile for Traffic Filter Firewall For Medium Robustness Environments, version 1.1

In fact, the ASR 1000 is the only product in the market that is certified as a router, firewall and VPN device!

The following ASR 1000 platforms have been certified:

  • ASR 1002-F
  • ASR 1002 with ESP5 or ESP10
  • ASR 1004 with RP1 or RP2 and ESP10 or ESP20
  • ASR 1006 with dual RP1 or RP2 and dual ESP10 or ESP20

For more information about the certification, and for the security target document, validation report and actual certificate, please refer to the NIAP/CCEVS web site at http://www.niap-ccevs.org/st/vid10361.

For further information on Global Government Certifications, please visit here: http://www.cisco.com/web/strategy/government/sec_cert.html

Tags: , , , ,

SBA for Government? – Yes, there’s an App for that!

June 9, 2011 at 9:22 am PST

It seems that every time I talk to customers and partners lately they want to know more about Smart Business Architectures.

I think we all agree that Networking has become quite complicated these days with many choices to be made.  Since most organizations rely on the network for every aspect of their business today, they need to provide an infrastructure that allows for anytime, anywhere, anything and anyone connectivity in a secure, reliable, and seamless fashion.

Poor choices can be extremely costly, and I’ve seen recent examples of customers having deployed the wrong technology (like GPON in a Campus environment) only to find that they were unable to provide the necessary Network services to support the applications that their customers demand.  This is not good for one’s career, nor the organizations budget when a forklift replacement of the network must be done.

Building and maintaining a network is complicated problem that can only be addressed properly with “a plan” or in network terminology, an “Architecture”.

The good news is that you don’t have to start from scratch.  Cisco has already done much of the baseline work for you with a number of very well written documents on the Smart Business Architecture (SBA) site.  Cisco has made a healthy investment in SBA to ensure our customers and partners are successful.

The SBA guides are very prescriptive and based on use cases from customers and partners and have been assembled and tested in our lab.  The target level of expertise is the CCNA/CCNP level engineer so you don’t have to keep a staff of CCIE’s to run your network, especially in the mid-size business environment where this is not a very cost effective approach.

If you’d like more detail, check out my talk on the subject recently at the Government Solutions Forum.

And oh by the way, yes there’s no an App on the Apple Store for “Cisco SBA”.  All you need is your CCO password to access all of the documents that are currently available.

Tags: , , , , ,

Smart Business Architectures and the Case for Borderless Networks

May 3, 2011 at 8:15 am PST

From a talk I did at the Government Solutions Forum on “Smart Business Architectures and the Case for Borderless Networks

 

 

If you would like to follow along with the visuals, they are available on the Prezi site here.

Tags: , , , , , ,

National Town Hall on Cybersecurity

May 2, 2011 at 3:53 pm PST

Cyberspace has emerged as the “fourth commons” after sea, air, and space in the defense world, and a broad variety of private and public networks make up the critical infrastructure that enables governments to provide essential services. The network has become both a platform for innovation and a mission-critical resource for the civilian, defense, and intelligence operations of governments. - Cisco’s Don Proctor, SVP -- Office of the CEO

The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”  Addressing these issues means working across the government, partnering with the private sector, and empowering the general public to create a safe, secure, and resilient cyber environment, and promote cybersecurity knowledge and innovation.

If you are, or want to be part of this effort, please join us at the National Town Hall on Cybersecurity, a provocative on-line discussion, May 24th at 1:00 PM ET.

It’s free, and you can register here.

Tags: , , , , ,

LISP – Locator ID Separation Protocol & IPv6

April 26, 2011 at 5:12 pm PST

Cisco Locator/ID Separation Protocol (LISP) is routing architecture that provides new semantics for IP addressing. The current IP routing and addressing architecture uses a single numbering space, the IP address, to express two pieces of information:

  • Device identity
  • The way the device attaches to the network

The LISP routing architecture design separates the device identity, or endpoint identifier (EID), from its location, or routing locator (RLOC), into two different numbering spaces. Splitting EID and RLOC functions yields several advantages.

Check out this video for a quick review of LISP.

Although LISP was designed to deal with the route scalability problem in the Internet, it turns out is has the capability to help with the transition to IP Version 6 (IPv6), the next-generation Internet protocol.

The transition to IPv6 is an immediate challenge facing Public Sector, and specifically Federal customers today due to Government mandates and impending IPv4 address exhaustion for consumers of Government services.

Because IPv6 is not backward compatible with IPv4, and because its deployment and operation are different from that of IPv4, development and implementation of an IPv6 transition strategy is imperative. Many techniques exist to ease the transition to IPv6, and the network-based IPv6 transition techniques can be divided generally into three categories: dual-stack IPv4 and IPv6, IPv6 tunneling, and IPv6 translation.

Each approach has its features, benefits, and limitations; they are not all equivalent in terms of cost, complexity, or capabilities. Most likely, a combination of these techniques will provide the best solution. The role that the Locator/ID Separation Protocol (LISP) being developed by Cisco and the IETF can play in IPv6 transition strategies is documented in this Whitepaper.

Incorporating LISP into an IPv6 transition strategy can simplify the initial rollout of IPv6 by taking advantage of the LISP mechanisms to encapsulate IPv6 host packets within IPv4 headers (or IPv4 host packets within IPv6 headers). For example, you can build IPv6 islands and connect them with existing IPv4 Internet connectivity.

LISP is a Cisco innovation that is being promoted as an open standard. Cisco participates in standards bodies such as the IETF LISP Working Group to develop the LISP architecture.

For further information, check the Cisco site on LISP.

Tags: , , , , , ,