Industry Solutions

Common Criteria

Cisco continues to be a global leader in completing and pursuing Common Criteria evaluations; below are current, completed certifications as well as those evaluations which are not yet finalized.

For more information about Common Criteria, please go to: www.niap-ccevs.org and www.commoncriteriaportal.org

Table 1. Common Criteria Current Certifications

Technology Product Optional IPSec Hardware Acceleration Module Software Version EAL Certification Collateral
Data Center Cisco Nexus 7000 Series Switch (7010, 7018) and Secure Access Control Server (ACS) 0.6(1)
0.5(2)
Collateral 1
Collateral 2
Unified Computing Cisco UCS B200 M1 and M2, B250 M1 and M2, and B440 M1 Blade Servers; Cisco UCS C200 M1 and M2, C210 M1 and M2, C250 M1 and M2, and C460 M1 Rack-Mount Servers; Cisco UCS 6120XP and 6140XP Fabric Switches; Cisco UCS 2104XP and 2248TP Fabric Extenders No 1.4(1) EAL4 Certificate
Aggregation Services Router (ASR)
Carrier Routing System (CRS)
Cisco Aggregation Services Router (ASR) 9000 series, Cisco Carrier Routing System (CRS) routers CRS-1 and CRS-3 No IOS XR v4.1.1 EAL3 Certificate
Collateral
Data Center Cisco Nexus 5000 Series Switch (5010, 5020, 5548P, 5596UP) with Nexus 2000

Series Fabric Extenders (2148T, 2224TP, 2248TP, 2232PP)

and Secure Access Control Server (ACS)
No NX-OS 5.x ACS 5.2 Patch 3 EAL4 Certificate
Adaptive Security Appliance(ASA) Cisco Adaptive Security Appliance 5505, 5510, 5520, 5540, 5550, 5580-20, 5580-40

Cisco ASA Release 8.3.2

Cisco AnyConnect Release 2.5

Cisco VPN Client Release 5.0

Cisco Adaptive Security Device Manager (ASDM) 6.3.2

No 8.3.2 EAL4+ Certificate
Integrated Service Router (ISR) Cisco Integrated Service Routers (ISR): Cisco 800 Series

Cisco 800 Series ISRs: 881, 881G and 891

Cisco 1900 Series ISRs: 1905, 1921, and 1941

Cisco 2900 Series ISRs: 2901, 2911 2921 and 2951

Cisco 3900 Series ISRs: 3925, 3925E, 3945 and 3945E

running IOS 15.1(2)T3
No 15.1(2)T3 EAL4+ Certificate
Data Center Cisco Nexus 7000 Series Switch (7010, 7018) and Secure Access Control Server (ACS) None NX-OS version 5.1(1a), ACS version 5.2 P3 EAL4 Certificate
Embedded Services Router (ESR) Cisco 5940 Series Embedded Services Router (ESR) running IOS 15.1.2GC2 Yes (pp_fw_tf_br_v1.1)   EAL2
Firewall, Router, VPN Cisco Aggregation Services Router (ASR) 1000 Series (ASR 1002, ASR 1002f, ASR 1004, ASR 1006) running Cisco IOS XE 2.4.2t No   EAL4
IronPort IronPort Web Security Appliance (WSA), S-Series (S160, S350 & S660) running AsyncOS 5.6.1 No 5.6.1 EAL2 Certificate
Virtual Private Network (VPN) ASA 5500 Series (5505, 5510, 5520, 5540, 5550); Cisco VPN Client None 7.2.4.18; 7.2.4.30
VPN Client: 5.0.03.0560; 5.0.05.0290
EAL4 Certificate-
Assurance Continuity
Wireless Cisco Unified Wireless Communications [WLAN] Cisco 4400 Series WLAN Controllers, Cisco Catalyst 6500 Series Wireless Services Module (WiSM), Cisco Aironet LWAPP 1130, 1230, and 1242 Series AP's, Cisco Wireless Control System (WCS), Cisco 2710 Location Appliance, and Cisco Secure ACS U.S. Government Protection Profile Wireless LAN Access System Basic Robustness Version 1.1 4.1.185.10 FIPS EAL2+ Certificate
Network Access Control (NAC) Cisco Network Admission Control (NAC) solution including the NAC Appliance
NAC Appliance network module (NME-NAC-K9) for Cisco Internet Services Routers (ISRs), NAC Agent, NAC Profiler and Cisco Secure Access Control Server (ACS v4.1.4.13)
None 12.4(11)T3 and 12.2(18)SXF10 EAL2 Certificate
Firewall Assurance Maintenance: NIAP #6016
PIX 515/515E, 525, 535;
ASA 5510/5520/5540
None 7.2.(2)27 EAL4 Assurance Continuity
Storage MDS 9000 Family SAN-OS None 3.2.(2c) EAL3 Certificate
Network Management Cisco Info Center v7.1 with Cisco WebTop v2.0 None 7.1 EAL2 Certificate
Security Management

Intrusion Detection System / Intrusion Prevention System (IPS/IDS)
CS-MARS 110, 110R, Cisco Security MARS 210 and Cisco security MARS GC2 None 5.2.4.2387 EAL2 Certificate
Firewall Cisco ACE XML Gateway and Manager None 5.0.3 EAL3 Certificate
Secure Messaging IronPort Messaging Gateway (C150, C350, C600, C650, X1000 and X1050) None 5.1.2 EAL2 Certificate
Internet Operating System / Authentication, Authorization, and Accounting (IOS AAA) Wireless (1100, 1200, 1400, 3200, MWR), Access Servers (5350, 5400, 5850), Integrated Access Device (AD2430), with Cisco Secure Access Control Server (ACS) for Windows None Various EAL3 Certificate
Catalyst Switches (2900, 3500, 3700, 4500, 4948, 6500) and Cisco Secure ACS for 4.1.4.13 None Various EAL3 Certificate
Routers: 800, 1700, 1800, 2600XM,2800, 3700, 3800, 7200, 7300, 7400, 7600; 10000 and 12000 and Cisco Secure ACS version 4.1.2.12 None Various EAL3 Certificate
Internet Operating System / Internet Protocol Security

(IOS/IPSec)
Cisco IOS IPSec on the Integrated Services Routers 870, 1800, 2800, 3800

Cisco 7204VXR, 7206VXR, 7301 with IOS 12.4(11)T3

Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers

Cisco VPN Services Module (VPNSM)

Cisco IPSec VPN Shared Port Adapter (SPA) including VLAN separation

Assurance Continuity Maintenance Report CCEVS-VR-VID10116-2008 for Cisco IOS IPSec on the ISR, VPN Services Module, and IPSec VPN Shared Port Adaptor (SPA) including VLAN Separation with the following Cisco IOS releases: Cisco IOS 12.4(15)T10 and Cisco IOS 12.2(18)SXF 16
No 12.2(18)SXF10
12.4(11)T3
12.4(15)T3
EAL4 US Certificate
Intrusion Detection System / Intrusion Prevention System

(IDS/IPS)
Cisco IPS 4240, 4255, 4260 and 4270 Sensors   6.0
6.2(1)
EAL2 US Certificate
Cisco IDS 4215 and 4250 Sensors  
Cisco IDSM2 Catalyst 6500 (Intrusion Detection/Prevention Module), AIM-IPS, NME-IPS  
Cisco ASA 5000 family (5510, 5520, 5540) with SSM-AIP-10, SSM-AIP-20  
Cisco NM-CIDS  
Cisco AIP-SSM-10, AIP-SSM-20, AIP-SSM-40  
Assurance Continuity Maintenance Report CCEVS-VR-07-0032a for Cisco IPS v6.2(1) IPS 4200 Series Sensors (IPS-4240, IPS-4255, IPS-4260, IPS-4270); Cisco AIP-SSM-10, AIP-SSM-20 and AIP-SSM-40; IDSM-2, AIM-IPS and NME-IPS  
Intrusion Detection System (IDS) ISDM2   4.1(3) EAL2+ Certificate
IDS 4200 Series   4.1(3) EAL2 Certificate
Internet Protocol Security (IPSec) 1841 AIM-VPN/BPII-PLUS 12.4(6)T3, 12,4(7), 12.2 (33)SRA EAL2 Certificate
2801, 2811, 2821, 2851 AIM-VPN/EPII-PLUS
3825 AIM-VPN/EPII-PLUS
3845 AIM-VPN/HPII-PLUS
7204, 7206, 7301 SA-VAM2
7600 (Cat 6500) SPA-IPSEC-2G
VPN 3K 3005, 3015, 3020, 3030, 3060, 3080   4.1.7.N (VPN 3K) EAL2 Certificate
Cisco IPSec VPN Client
(Windows, Solaris, Linux)
4.80 Windows/Linux, 4.6.02 Solaris
3002 4.7.2D
830 12.4(5a) [831, 837]
PIX 501 6.3(5) [PIX]
Movian Software Client 4.0
Host Intrusion Protection CSA   4.5 EAL2 Certificate
Firewall Services Module (FWSM) Firewall Services Module   3.1(4) EAL4 Certificate-Assurance Continuity
3.1(3.17) EAL4 Certificate
Firewall/Private Internet eXchange (PIX) PIX 515, 515E, 520, 525 & 535 (with VAC+) ASA 5510, 5520, 5540   7.0(6) EAL4 Certificate
501,506, 506E, 515, 515E, 520, 525, & 535   6.2(2) EAL4 Certificate
Internet Operating System (IOS/Firewall) 870, 1800, 2800, 3800, 7200 and 7301   12.3(14)T, 12.4(4)T EAL4 Certificate
Internet Operating System / Internet Protocol Security (IOS/IPSec) 1720, 1721, 1760 MOD1700-VPN 12.3(6a) EAL4 Certificate
2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM AIM-VPN/EP or AIM-VPN/BPII
3660 AIM-VPN/HP
3725 AIM-VPN/EPII
3745 AIM-VPN/HPII
7204, 7206 VAM2
7301 VAM2
Internet Operating System / Internet Protocol Security (IOS/IPSec) 1720, 1750 MOD1700-VPN 12.2(6) EAL4 Certificate
2610, 2611, 2612, 2613, 2620, 2621 AIM-VPN/BP 12.2(6) EAL4 Certificate
3620, 3640 NM-VPN/MP 12.2(6) EAL4 Certificate
3660 AIM-VPN/HP 12.2(6) EAL4 Certificate
7120, 7140 SM-ISM or SA-ISA 12.2(6) EAL4 Certificate
SM-VAM(2) or SA-VAM(2) 12.2(10)E EAL4 Certificate
7204, 7206 SA-ISA 12.2(6) EAL4 Certificate
SA-VAM(2) 12.2(10)E EAL4 Certificate
Intrusion Prevention System

(IPS)
Cisco 871, 876, 877, 851, 851W, 857, 857W Built In 12.4(6)T3 EAL2 Australian Certificate
Cisco 1801, 1801, 1803, 1811, 1812 Built In
Cisco 1841 AIM-VPN/BPII-PLUS 12.4(7)
Cisco 2801, 2811, 2821, 2851 AIM-VPN/EPII-PLUS
Cisco 3825 AIM-VPN/EPII-PLUS
Cisco 3845 AIM-VPN/HPII-PLUS
Cisco 7204, 7206, 7301 SA-VAM2+
Cisco 7600 (CAT6500): models include any 6500/7600 with Sup Engine 720, 720-3B or 720-3BXL SPA-IPSEC-2G 12.2 (33)SRA
Voice over Internet Protocol (VoIP) Cisco VoIP Telephony System   Cisco IP Telephone 7960, 7.0(2) EAL1 Certificate
Cisco IP Telephone 7970G, 6.0(2)
Cisco CallManager, 4.1(2)
Cisco Unity, 4.0(4)
Cisco 2651XM-V, 12.3(10)
MultiService Provisioning Platform (MSPP) Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP) and Cisco ONS 15454 SDH Multiservice Provisioning Platform (MSPP) n/a 4.1.3 EAL2 Certificate
Wide Area Application Services
(WAAS)
Cisco Wide Area Application Services
Wide Area Application Engine (WAE) 512, 612, 674, 7341 & 7371
Cisco NME-WAE 502
Cisco NME WAE 522
No 4.1.5 EAL4 US Certificate

Note:
1) Cisco 7100 and 7200 routers without optional IPSec hardware acceleration modules can be configured with either the 12.2(6) or 12.1(10)E software release.
2) Cisco 7100 or 7200 router equipped with an SM-VAM or SA-VAM does not support RSA public/private keys pairs for IKE authentication.

Table 2. Common Criteria in Progress Evaluations

Technology Product PP Compliance Level
Embedded Services Router (ESR) Cisco 5915 Series Embedded Services Router (ESR) N/A EAL2
Network Access Cisco Network Admission Control (NAC) solution including the NAC Appliance

NAC Appliance network module (NME-NAC-K9) for Cisco Internet Services Routers (ISRs), NAC Agent, NAC Profiler and Cisco Secure Access Control Server (ACS 4.1.4.13)

Assurance Maintenance 4.7.1
Yes EAL2
Adaptive Security Appliance (ASA) Cisco Adaptive Security Appliance 5505, 5510, 5520, 5540, 5550, 5580-20, 5580-40, 5585-S10, 5585-S20, 5585-S40, and 5585-S60

Cisco ASA Release 8.4

Cisco AnyConnect Release 3.0

Cisco VPN Client Release 5.0

Cisco Adaptive Security Device Manager (ASDM) 6.4
Yes EAL4+
Wireless Cisco Aironet 1131, 1142, 1242, 1252, 1262, 1522, 1524, 3502E and 3502I AG Series Access Points

Cisco Wireless LAN Controller 5508

Cisco Wireless LAN Controllers 4402 and 4404

Cisco Catalyst 6500 Series Wireless Integrated Services Module (WiSM) with the Supervisory 720 module

Cisco Secure Access Control Server (ACS) ver 5.2
Yes EAL4
Switches Cisco Catalyst Switches (3560X and 3750X) running IOS 15.0(1)SE

Cisco Catalyst Switches (4503-E, 4506-E, 4507R+E, 4507R-E, 4510R+E, and 4510R-E) running IOS 15.1(1)SG

Cisco Catalyst 6500 Series Switches running IOS 15.0(1)SY
N/A EAL2

For more information about Common Criteria, please go to: www.niap-ccevs.org and www.commoncriteriaportal.org