You see, the US Government is very keen about governing exports. They prohibit shipping many products into restricted countries and they actively police it in a serious manner. Anyone who's product gets found in a restricted country is in hot water. It doesn't matter if the product(s) was sold through an intermediary or 20 middle men, the manufacturer is 100% responsible for asserting, under penalty of law, that their products will not end up in a restricted country and that's that. The treasury department even publishes a monthly list of offenders they catch but I apologize as I cannot seem to find it on google.
To address this issue, many companies that have been caught are required by the US Treasury Dept to document every single end user of their product. Yes, every single unit that is sold must be documented as to where it's final resting place is. I doubt Cisco is under this kind of requirement (unless they've been caught in the past) but it seems this new policy is a huge risk for them in that area. If you were an Iranian supply store trying to procure Cisco equipment, this seems like a good way to do it without anyone knowing or being able to track it --- and that's a serious risk for Cisco.
The minute one of those units gets found in Iran (or any restricted country), all hell will break loose. Again, it doesn't really matter how it got there.....
Here is a good overview of the requirements and
Here is a company that has a good policy summary that they live by. Smart on them.
Understand that this has nothing to do with NSA or espionage. This is just a basic requirement of doing business overseas and exporting products. Doesn't matter whether it's plastic dog poo, Intel CPU's, lab equipment, cranes, or other engineered equipment