On December 29, 2013, the German news publication Der Spiegel
published an article referencing leaked documents from the U.S. National Security Agency (NSA) that mentioned "software implants" for networking devices. Cisco is one of a number of technology companies mentioned in the article:
On December 30, 2013, the Cisco Product Security Incident Response Team (PSIRT) opened an incident to investigate the alleged creation of implants for some Cisco PIX and Cisco ASA platforms.
Cisco formally requested additional information about these allegations from both the United States Government and the German news publication Der Spiegel. No further details were provided.
The Cisco PSIRT led a comprehensive evaluation of the Cisco ASA platform, working closely with the company’s engineering, support, and supply chain organizations around the world. The Cisco ASA platform was the primary focus, as the Cisco PIX platform has reached End of Support
The investigation (PSIRT-1384943056) reviewed Cisco’s development and supply chain procedures, historical customer support data for ASA and PIX platforms, and operational data from devices installed in various production networks in different parts of the world.
Advice from internal and external industry experts was used to create and implement different test scenarios focusing on the Cisco ASA platform’s BIOS, operating system, and applications. Cisco professionals from around the world conducted tests of every existing model of the Cisco ASA family.
No evidence of any procedural irregularities or tampering of the BIOS, operating system, or applications was revealed. As a result, Cisco PSIRT has now closed this investigation.