Cisco Catalyst 8000V Edge (C8000V) running IOS-XE 17.15

The Target of Evaluation (TOE) is a virtual Network Device (vND) that includes VPN functionality as defined in NDcPP v3.0e, PKG_SSH_V1.0, and MOD_VPNGW v1.3.

The TOE consists of the C8000V software image running IOS-XE 17.15, deployed as a virtual machine on ESXi 8.0 on a Cisco UCS C-Series M7 server. The TOE provides extensive auditing capabilities, generating audit records for events related to cryptographic functionality, identification and authentication, and administrative actions. Administrators can configure auditable events, manage audit data storage, and perform backup operations. Audit logs are backed up over an encrypted channel to an external audit server, with options for a circular audit trail or a configurable audit trail threshold.

The TOE supports cryptographic functions with CAVP-certified algorithms for the Intel Xeon Platinum 8452Y processor. It performs device-level authentication of VPN peers and user authentication for Authorised Administrators, using IKE/IPsec mutual authentication and X.509v3 certificates.

Administrative services are secured through SSHv2 sessions or local console connections, with roles for non-privileged and privileged administrators. The TOE also provides packet filtering and secure IPsec tunnelling, allowing administrators to define protected traffic via access lists. It protects against interference and tampering by implementing strict access controls and preventing unauthorized access to cryptographic keys and passwords.