U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #2301


Module Name
IOS Common Cryptographic Module (IC2M)
FIPS 140-2
 Historical Reason
Moved to historical list due to sunsetting
Overall Level
When operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
  • Tested: Cisco ASR1K 1NG, Cisco ISR 4451-X, Cisco ISR 4441, Cisco ASR1K RP2 and Cisco ASR1K 2KP (kingpin) with processor Intel Xeon on IOS XE3.10
  • Cisco ISR 3925E and Cisco ISR 3945E with processor Intel Xeon on IOS 15.3
  • Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.10
  • Cisco ISR c2951, Cisco ISR c3925 and Cisco ISR c3945 with processor Freescale 8752E on IOS 15.3
  • Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.3
  • Cisco ISR 1941 and Cisco ISR 2900 with processor Cavium CN5220 on IOS 15.3
  • Cisco Catalyst 4K with processor MPC8572C on IOS XE 3.6
  • Cisco Catalyst 3750x and Cisco Catalyst 3560x with processor Power-PC 405 on IOS 15.2
  • Cisco Catalyst 3650 with processor AMCC PowerPC 405EX on IOS XE3.6
  • Cisco Catalyst 2960 with processor Cavium CN5230 on IOS 15.2
Module Type
Multi-chip standalone
The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols.
Approved Algorithms
AES Certs. #2783 and #2817
CVL Certs. #252 and #253
DRBG Cert. #481
ECDSA Cert. #493
HMAC Cert. #1764
RSA Cert. #1471
SHS Certs. #2338 and #2361
Triple-DES Certs. #1670, #1671 and #1688
Other Algorithms
DES; Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD2; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SEAL
Firmware Versions
Rel 3(1.5.2)


Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134

Global Certification Team

Validation History

Date Type Lab
12/18/2014 Initial LEIDOS CSTL
6/12/2015 Update LEIDOS CSTL