U.S. flag   An official website of the United States government

Cryptographic Module Validation Program CMVP

Certificate #2100

Details

Module Name
Cisco FIPS Object Module
Standard
FIPS 140-2
Status
Historical
 Historical Reason
Moved to historical list due to sunsetting
Validation Dates
03/07/2014
Overall Level
1
Caveat
When installed, initialized and configured as specified in the Security Policy Section 3.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-chip standalone
Description
The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.
Tested Configuration(s)
  • Android v4.0 running on a Samsung Galaxy S II
  • FreeBSD 9.0 running on a Cisco UCS C210 M2 without-PAA
  • Linux 2.6 running an Intel Xeon on a Cisco UCS C200 M2 without PAA (single-user mode)
  • Linux 2.6 running on a Cisco ASR1002
  • Linux 2.6 running on a Cisco UCS C22 M3 with PAA
  • Linux 2.6 running on an Octeon Evaluation Board EBH5200 with Octeon
  • Linux 2.6 running on an Octeon Evaluation Board EBH5200 without Octeon
  • Windows 7 running on a Cisco UCS C200 M2 without PAA
  • Windows 7 running on a Cisco UCS C210 M2 with PAA
FIPS Algorithms
AES Certs. #2678 and #2685
CVL Certs. #151 and #153
DRBG Certs. #431 and #435
DSA Certs. #812 and #814
ECDSA Certs. #467 and #471
HMAC Certs. #1664 and #1672
RSA Certs. #1377 and #1385
SHS Certs. #2247 and #2256
Triple-DES Certs. #1606 and #1611
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less then 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)
Software Versions
4.1

Vendor

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team
certteam@cisco.com

Lab

CGI
NVLAP Code: 200928-0