U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #2388

Details

Module Name
IOS Common Cryptographic Module (IC2M) Rel5
Standard
FIPS 140-2
Status
Active
Sunset Date
6/30/2025
Validation Dates
05/28/2015;11/20/2017;07/31/2018;07/01/2020
Overall Level
1
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
  • Tested: Cisco ASR1K RP2 with processor Intel Xeon on IOS XE3.13
  • Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.13
  • Cisco ISR 2951 with processor Freescale 8752E on IOS 15.4
  • Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.4
  • Cisco ISR 2921 with processor Cavium CN5220 on IOS 15.4
  • Cisco ISR 891 with processor MPC8358E on IOS 15.4
  • ESR 5940 with processor MPC8572C on IOS 15.4
Module Type
Firmware
Embodiment
Multi-chip standalone
Description
The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols.
Tested Configuration(s)
  • Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.13
  • Cisco ASR1K RP1 with processor Intel Xeon on IOS 16.3.2
  • Cisco ASR1K RP2 with processor Intel Xeon on IOS XE3.13
  • Cisco Catalyst 3560CX with processor PPC 465 on IOS 15.2(4)E
  • Cisco Catalyst 3850 with processor MIPS64 on IOS-XE 16.3.2
  • Cisco Catalyst 4000 with SUP8LE with processor PPC e5500 on IOS-XE 3.90E
  • Cisco Catalyst 6000 with SUP6T with processor Intel Core i3 on IOS 15.4(1)SY1
  • Cisco Catalyst 6840 with processor Intel Pentium on IOS 15.4
  • Cisco Catalyst 6k with Sup2T with processor PPC e500 on IOS 15.4(1)SY1
  • Cisco IE2000 with processor PPC 405 on IOS 15.2(4)E
  • Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.4
  • Cisco ISR 2921 with processor Cavium CN5220 on IOS 15.4
  • Cisco ISR 2951 with processor Freescale 8752E on IOS 15.4
  • Cisco ISR 4321 with processor Intel Atom on IOS 16.3.2
  • Cisco ISR 891 with processor MPC8358E on IOS 15.4
  • ESR 5940 with processor MPC8572C on IOS 15.4
FIPS Algorithms
AES Certs. #2783, #2817, #3278 and #4583
CVL Certs. #252, #253, #1257 and #1258
DRBG Certs. #481 and #1592
ECDSA Certs. #493 and #1122
HMAC Certs. #1764 and #3034
KBKDF Certs. #49 and #139
KTS AES Cert. #3278; key establishment methodology provides 128 bits of encryption strength
KTS AES Cert. #4583; key establishment methodology provides 128 or 256 bits of encryption strength
RSA Certs. #1471 and #2500
SHS Certs. #2338, #2361 and 3760
Triple-DES Certs. #1670, #1671, #1688 and #2436
Other Algorithms
Diffie-Hellman (CVL Certs. #252 and #1257, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #252 and #1257, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Firmware Versions
Rel 5

Vendor

Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team
certteam@cisco.com

Related Files

Security Policy
Consolidated Certificate

Lab

Acumen
NVLAP Code: 201029-0