U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3988

Details

Module Name
Cisco ASR 1000 Series Routers without MACSEC
Standard
FIPS 140-2
Status
Active
Sunset Date
7/18/2026
Overall Level
1
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
The Cisco ASR 1000 Series Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services; reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #333, #4583 and #C462
CVL Certs. #1257, #1258 and #C462
DRBG Certs. #1529 and #C462
HMAC Certs. #137, #3034 and #C462
KTS AES Certs. #4583 and #C462; key establishment methodology provides 128 or 256 bits of encryption strength
KTS AES Certs. #4583 and #C462 and HMAC Certs. #3034 and #C462; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS Triple-DES Certs. #2436 and #C462 and HMAC Certs. #3034 and #C462; key establishment methodology provides 112 bits of encryption strength
RSA Certs. #2500 and #C462
SHS Certs. #408, #3760 and #C462
Triple-DES Certs. #397, #2436 and #C462
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1257 with CVL Cert. #1258, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1257 with CVL Cert. #1258, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
ASR1002-X, [ASR1004 and ASR1006 with components ASR-1000-RP2, ASR1000-ESP20 and ASR1000-ESP40]
Firmware Versions
Cisco IOS-XE 16.12

Vendor

Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team
certteam@cisco.com

Related Files

Security Policy
Consolidated Certificate

Validation History

Date Type Lab
7/19/2021 Initial ACUMEN SECURITY, LLC
8/25/2021 Update ACUMEN SECURITY, LLC