Industry Solutions

Common Criteria

Cisco continues to be a global leader in completing and pursuing Common Criteria (CC) standard to which security products are evaluated. CC product certifications are mutually recognized by 26 nations, thus an evaluation that is conducted in one country is recognized by the other supporting countries.

For more information about Common Criteria, please go to: www.niap-ccevs.org and www.commoncriteriaportal.org

Table 1. Common Criteria Current Certifications

Technology Product Optional IPSec Hardware Acceleration Module Software Version EAL Certification Collateral
Switches Cisco Catalyst Switches 2960S, 2960S-F, 2960C, 3560C, 3560V2, 3560X, 3750V2, 3750X running 15.0(2)SE1 N/A 15.0(2)SE1 NDPP Compliant  
Routers 7600-Series Routers No 15.1(3)S3 EAL2 Certificate/User Guide
Storage Assurance Maintenance: NIAP #10015 Cisco MDS 9000 Family NX-OS Release 4.1(3a) Optional IPSec Hardware Acceleration Module: None Software Version: Assurance Maintenance: NX-OS Release 4.1(3a)   Assurance Maintenance: NX-OS Release 4.1(3a) EAL3 Certification
Embedded Services Router (ESR) Cisco 5940 Series Embedded Services Router (ESR) running IOS 15.1.2GC2 Yes 15.2(3)GC EAL2 Admin/User Guide
Embedded Services Router (ESR) Cisco 5915 Series Embedded Services Router (ESR) N/A 15.2(2)GC EAL2 Certificate
Embedded Services Router (ESR) Cisco 5915 Series Embedded Services Router (ESR) N/A 15.2(3)GC EAL2 Certificate
Wireless Cisco Aironet 1131, 1142, 1242, 1252, 1262, 1522, 1524, 1552E, 3502E and 3502I AG Series Access Points

Cisco Wireless LAN Controller 5508

Cisco Wireless LAN Controllers 4402 and 4404

Cisco Catalyst 6500 Series Wireless Integrated Services Module (WiSM) with the Supervisory 720 module

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
Yes 7.0.230.0 EAL4+ ALC_FLR Certification Collateral
Unified Computing Cisco UCS 5100 Series Blade Server Chassis, B-Series Blade Servers, C-Series Rack-Mount Servers, 2100 and 2200 Series Fabric Extenders, and 6100 and 6200 Series Fabric Interconnects with UCSM 2.0(4b) No 2.0(4b) EAL4 Certificate
Aggregation Services Router (ASR)
Carrier Routing System (CRS)
Cisco Aggregation Services Router (ASR) 9000 series, Cisco Carrier Routing System (CRS) routers CRS-1 and CRS-3 No IOS XR v4.1.1 EAL3 Certificate
Collateral
Data Center Cisco Nexus 5000 Series Switch (5010, 5020, 5548P, 5596UP) with Nexus 2000

Series Fabric Extenders (2148T, 2224TP, 2248TP, 2232PP)

and Secure Access Control Server (ACS)
No NX-OS 5.x ACS 5.2 Patch 3 EAL4 Certificate
Adaptive Security Appliance(ASA) Cisco Adaptive Security Appliance 5505, 5510, 5520, 5540, 5550, 5580-20, 5580-40

Cisco ASA Release 8.3.2

Cisco AnyConnect Release 2.5

Cisco VPN Client Release 5.0

Cisco Adaptive Security Device Manager (ASDM) 6.3.2

No 8.3.2 EAL4+ Certificate
Integrated Service Router (ISR) Cisco Integrated Service Routers (ISR): Cisco 800 Series

Cisco 800 Series ISRs: 881, 881G and 891

Cisco 1900 Series ISRs: 1905, 1921, and 1941

Cisco 2900 Series ISRs: 2901, 2911 2921 and 2951

Cisco 3900 Series ISRs: 3925, 3925E, 3945 and 3945E

running IOS 15.1(2)T3
No 15.1(2)T3 EAL4+ Certificate
Data Center Cisco Nexus 7000 Series Switch (7010, 7018) and Secure Access Control Server (ACS) None NX-OS version 5.2(5), ACS version 5.2 P3 EAL4 Collateral 1
Collateral 2
Certificate
Embedded Services Router (ESR) Cisco 5940 Series Embedded Services Router (ESR) running IOS 15.1.2GC2 Yes (pp_fw_tf_br_v1.1) 15.2(3)GC EAL2
Firewall, Router, VPN Cisco Aggregation Services Router (ASR) 1000 Series (ASR 1002, ASR 1002f, ASR 1004, ASR 1006) running Cisco IOS XE 2.4.2t No   EAL4 Certificate / Admin Guide
IronPort IronPort Web Security Appliance (WSA), S-Series (S160, S350 & S660) running AsyncOS 5.6.1 No 5.6.1 EAL2 Certificate
Virtual Private Network (VPN) ASA 5500 Series (5505, 5510, 5520, 5540, 5550); Cisco VPN Client None 7.2.4.18; 7.2.4.30
VPN Client: 5.0.03.0560; 5.0.05.0290
EAL4 Certificate-
Assurance Continuity
Wireless Cisco Unified Wireless Communications [WLAN] Cisco 4400 Series WLAN Controllers, Cisco Catalyst 6500 Series Wireless Services Module (WiSM), Cisco Aironet LWAPP 1130, 1230, and 1242 Series AP's, Cisco Wireless Control System (WCS), Cisco 2710 Location Appliance, and Cisco Secure ACS U.S. Government Protection Profile Wireless LAN Access System Basic Robustness Version 1.1 4.1.185.10 FIPS EAL2+ Certificate
Network Access Control (NAC) Cisco Network Admission Control (NAC) solution including the NAC Appliance
NAC Appliance network module (NME-NAC-K9) for Cisco Internet Services Routers (ISRs), NAC Agent, NAC Profiler and Cisco Secure Access Control Server (ACS v4.1.4.13)
None 4.7.1 and 2.1.8-37 EAL2  
Firewall Assurance Maintenance: NIAP #6016
PIX 515/515E, 525, 535;
ASA 5510/5520/5540
None 7.2.(2)27 EAL4 Assurance Continuity
Storage MDS 9000 Family SAN-OS None 3.2.(2c) EAL3 Certificate
Network Management Cisco Info Center v7.1 with Cisco WebTop v2.0 None 7.1 EAL2 Certificate
Security Management

Intrusion Detection System / Intrusion Prevention System (IPS/IDS)
CS-MARS 110, 110R, Cisco Security MARS 210 and Cisco security MARS GC2 None 5.2.4.2387 EAL2 Certificate
Firewall Cisco ACE XML Gateway and Manager None 5.0.3 EAL3 Certificate
Secure Messaging IronPort Messaging Gateway (C150, C350, C600, C650, X1000 and X1050) None 5.1.2 EAL2 Certificate
Internet Operating System / Authentication, Authorization, and Accounting (IOS AAA) Wireless (1100, 1200, 1400, 3200, MWR), Access Servers (5350, 5400, 5850), Integrated Access Device (AD2430), with Cisco Secure Access Control Server (ACS) for Windows None Various EAL3 Certificate
Catalyst Switches (2900, 3500, 3700, 4500, 4948, 6500) and Cisco Secure ACS for 4.1.4.13 None Various EAL3 Certificate
Routers: 800, 1700, 1800, 2600XM,2800, 3700, 3800, 7200, 7300, 7400, 7600; 10000 and 12000 and Cisco Secure ACS version 4.1.2.12 None Various EAL3 Certificate
Internet Operating System / Internet Protocol Security

(IOS/IPSec)
Cisco IOS IPSec on the Integrated Services Routers 870, 1800, 2800, 3800

Cisco 7204VXR, 7206VXR, 7301 with IOS 12.4(11)T3

Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers

Cisco VPN Services Module (VPNSM)

Cisco IPSec VPN Shared Port Adapter (SPA) including VLAN separation

Assurance Continuity Maintenance Report CCEVS-VR-VID10116-2008 for Cisco IOS IPSec on the ISR, VPN Services Module, and IPSec VPN Shared Port Adaptor (SPA) including VLAN Separation with the following Cisco IOS releases: Cisco IOS 12.4(15)T10 and Cisco IOS 12.2(18)SXF 16
No 12.2(18)SXF10
12.4(11)T3
12.4(15)T3
EAL4 US Certificate
Intrusion Detection System / Intrusion Prevention System

(IDS/IPS)
Cisco IPS 4240, 4255, 4260 and 4270 Sensors   6.0
6.2(1)
EAL2 US Certificate
Cisco IDS 4215 and 4250 Sensors  
Cisco IDSM2 Catalyst 6500 (Intrusion Detection/Prevention Module), AIM-IPS, NME-IPS  
Cisco ASA 5000 family (5510, 5520, 5540) with SSM-AIP-10, SSM-AIP-20  
Cisco NM-CIDS  
Cisco AIP-SSM-10, AIP-SSM-20, AIP-SSM-40  
Assurance Continuity Maintenance Report CCEVS-VR-07-0032a for Cisco IPS v6.2(1) IPS 4200 Series Sensors (IPS-4240, IPS-4255, IPS-4260, IPS-4270); Cisco AIP-SSM-10, AIP-SSM-20 and AIP-SSM-40; IDSM-2, AIM-IPS and NME-IPS  
Intrusion Detection System (IDS) ISDM2   4.1(3) EAL2+ Certificate
IDS 4200 Series   4.1(3) EAL2 Certificate
Internet Protocol Security (IPSec) 1841 AIM-VPN/BPII-PLUS 12.4(6)T3, 12,4(7), 12.2 (33)SRA EAL2
2801, 2811, 2821, 2851 AIM-VPN/EPII-PLUS
3825 AIM-VPN/EPII-PLUS
3845 AIM-VPN/HPII-PLUS
7204, 7206, 7301 SA-VAM2
7600 (Cat 6500) SPA-IPSEC-2G
VPN 3K 3005, 3015, 3020, 3030, 3060, 3080   4.1.7.N (VPN 3K) Certificate
Cisco IPSec VPN Client
(Windows, Solaris, Linux)
4.80 Windows/Linux, 4.6.02 Solaris
3002 4.7.2D
830 12.4(5a) [831, 837]
PIX 501 6.3(5) [PIX]
Movian Software Client 4.0
Host Intrusion Protection CSA   4.5 EAL2 Certificate
Firewall Services Module (FWSM) Firewall Services Module   3.1(4) EAL4 Certificate-Assurance Continuity
3.1(3.17) EAL4 Certificate
Firewall/Private Internet eXchange (PIX) PIX 515, 515E, 520, 525 & 535 (with VAC+) ASA 5510, 5520, 5540   7.0(6) EAL4 Certificate
501,506, 506E, 515, 515E, 520, 525, & 535   6.2(2) EAL4 Certificate
Internet Operating System (IOS/Firewall) 870, 1800, 2800, 3800, 7200 and 7301   12.3(14)T, 12.4(4)T EAL4 Certificate
Internet Operating System / Internet Protocol Security (IOS/IPSec) 1720, 1721, 1760 MOD1700-VPN 12.3(6a) EAL4
2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM AIM-VPN/EP or AIM-VPN/BPII
3660 AIM-VPN/HP
3725 AIM-VPN/EPII
3745 AIM-VPN/HPII
7204, 7206 VAM2
7301 VAM2
Internet Operating System / Internet Protocol Security (IOS/IPSec) 1720, 1750 MOD1700-VPN 12.2(6) EAL4  
2610, 2611, 2612, 2613, 2620, 2621 AIM-VPN/BP 12.2(6) EAL4  
3620, 3640 NM-VPN/MP 12.2(6) EAL4  
3660 AIM-VPN/HP 12.2(6) EAL4  
7120, 7140 SM-ISM or SA-ISA 12.2(6) EAL4  
SM-VAM(2) or SA-VAM(2) 12.2(10)E EAL4  
7204, 7206 SA-ISA 12.2(6) EAL4  
SA-VAM(2) 12.2(10)E EAL4  
Intrusion Prevention System

(IPS)
Cisco 871, 876, 877, 851, 851W, 857, 857W Built In 12.4(6)T3 EAL2 Australian Certificate
Cisco 1801, 1801, 1803, 1811, 1812 Built In
Cisco 1841 AIM-VPN/BPII-PLUS 12.4(7)
Cisco 2801, 2811, 2821, 2851 AIM-VPN/EPII-PLUS
Cisco 3825 AIM-VPN/EPII-PLUS
Cisco 3845 AIM-VPN/HPII-PLUS
Cisco 7204, 7206, 7301 SA-VAM2+
Cisco 7600 (CAT6500): models include any 6500/7600 with Sup Engine 720, 720-3B or 720-3BXL SPA-IPSEC-2G 12.2 (33)SRA
Voice over Internet Protocol (VoIP) Cisco VoIP Telephony System   Cisco IP Telephone 7960, 7.0(2) EAL1 Certificate
Cisco IP Telephone 7970G, 6.0(2)
Cisco CallManager, 4.1(2)
Cisco Unity, 4.0(4)
Cisco 2651XM-V, 12.3(10)
MultiService Provisioning Platform (MSPP) Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP) and Cisco ONS 15454 SDH Multiservice Provisioning Platform (MSPP) n/a 4.1.3 EAL2 Certificate
Wide Area Application Services
(WAAS)
Cisco Wide Area Application Services
Wide Area Application Engine (WAE) 512, 612, 674, 7341 & 7371
Cisco NME-WAE 502
Cisco NME WAE 522
No 4.1.5 EAL4 US Certificate
Cisco Adaptive Security Appliances (ASA) Firewall
and Virtual Private Network (VPN)
ASA 5500 & 5585 Series Security Appliances including:
Cisco ASA 5505, 5510, 5520, 5540, 5550, 5580-20, 5580-40,
5585-S10, 5585-S20, 5585-S40, and 5585-S60
Support single or multiple contexts, routed or transparent mode, and support interoperability with Cisco or non-Cisco components including: peer- to-peer VPN gateways over IPsec; clientless SSL VPN over TLS; syslog servers over TLS; AAA servers using RADIUS and/or TACACS+; peer Certificate Authorities using OCSP; and time servers supporting NTPv3 Cisco ASA Release 8.4(4.1) EAL4+ AU/NZ Certificate 2012/8282

Note:
1) Cisco 7100 and 7200 routers without optional IPSec hardware acceleration modules can be configured with either the 12.2(6) or 12.1(10)E software release.
2) Cisco 7100 or 7200 router equipped with an SM-VAM or SA-VAM does not support RSA public/private keys pairs for IKE authentication.

Table 2. Common Criteria in Progress Evaluations

Technology Product Testing Status PP Compliance Level
Security Cisco ASA 5512-x, 5515-x, 5525-x, 5545-x, 5555-x & 5500 Series; 5505, 5510, 5520, 5540, 5550, and 5585 Adaptive Security Appliances In-Process N/A Network Device Protection Profile (NDPP) & Traffic Filter Firewall Protection Profile (TTFWPP)
Security Cisco Identity Services Engine (ISE) 1.2 In-Process N/A Network Device Protection Profile
Security (IPS) 4300 and 4500 series along with ASA-5500-x and ASA-5585 IPS intergrated In-Process N/A Network Device Protection Profile
Switches Cisco Catalyst Switches (4503-E, 4506-E, 4507R+E, 4507R-E, 4510R+E, 4510R-E, with Sup7-E and Sup7L-E, and 4500X) running IOS-XE 3.3.1SG   N/A EAL2
Network Access Cisco Network Admission Control (NAC) solution including the NAC Appliance

NAC Appliance network module (NME-NAC-K9) for Cisco Internet Services Routers (ISRs), NAC Agent, NAC Profiler and Cisco Secure Access Control Server (ACS 4.1.4.13)

Assurance Maintenance 4.7.1
  Yes EAL2

For more information about Common Criteria, please go to: www.niap-ccevs.org and www.commoncriteriaportal.org