U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3341

Details

Module Name
Cisco FIPS Object Module
Standard
FIPS 140-2
Status
Active
Sunset Date
12/16/2023
Validation Dates
12/17/2018;05/09/2019
Overall Level
1
Caveat
When installed, initialized and configured as specified in the Security Policy Section 4.2 and operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.
Tested Configuration(s)
  • Android 7.1 running on Google Nexus 5x with ARMv8 without PAA
  • iOS 11.2 running on Apple iPhone 8 with ARMv8 without PAA
  • macOS 10.12 on a MacBook Pro with Intel Core i7 with PAA
  • macOS 10.12 on a MacBook Pro with Intel Core i7 without PAA
  • SUSE Linux Enterprise 11 on Vmware ESXi 6.0 running on Cisco UCSC-C220-M5SX with Intel Xeon Bronze without PAA
  • SUSE Linux Enterprise 11 running on Cisco UCSC-C220-M5SX with Intel Xeon Bronze with PAA
  • Wind River Linux 4 running on a Advantech NCP-3110 with Cavium Octeon II 68XX without PAA
  • Wind River Linux 5 running on a Cisco N3K-C3172PQ-10GE with Intel Pentium without PAA (single-user mode)
  • Windows 10 on a Lenovo ThinkCentre M900 with Intel Core i5 with PAA
  • Windows 10 on a Lenovo ThinkCentre M900 with Intel Core i5 without PAA
FIPS Algorithms
AES Cert. #5310
CKG vendor affirmed
CVL Certs. #1779 and #1780
DRBG Cert. #2048
DSA Cert. #1374
ECDSA Cert. #1395
HMAC Cert. #3513
KBKDF Cert. #186
KTS AES Cert. #5310; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #2845
SHS Cert. #4267
Triple-DES Cert. #2685
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1779 with CVL Cert. #1780, key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1779 with CVL Cert. #1780, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 132 bits of encryption strength)
Software Versions
7.0; 7.0a

Vendor

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team
certteam@cisco.com

Related Files

Security Policy
Consolidated Certificate

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0