Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #2409


Module Name
Cisco ASR 1001, 1001-X, 1002, 1002-X, 1004, 1006 and 1013
FIPS 140-2
 Historical Reason
Moved to historical list due to sunsetting
Overall Level
When operated in FIPS mode. When installed, initialized and configured as specified in Section 9 of the Security Policy and with the configurations in Table 1 as defined in the Security Policy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Multi-chip standalone
The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments.
Approved Algorithms
AES Certs. #333, #2346, #2783 and #2817
CVL Cert. #253
DRBG Cert. #481
HMAC Certs. #137, #1455 and #1764
RSA Cert. #1471
SHS Certs. #408, #2023, #2338 and #2361
Triple-DES Certs. #397, #1469, #1670, #1671 and #1688
Other Algorithms
DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SHA-1 (non-compliant)
Hardware Versions
ASR1001, ASR1001-X, ASR1002, ASR1002-X, ASR1004, ASR1006 and ASR1013; Embedded Services Processors: ASR1000-ESP5, ASR1000-ESP10, ASR1000-ESP20, ASR1000-ESP40, ASR1000-ESP100 and ASR1000-ESP200; Route Processors: ASR-1000-RP1 and ASR-1000-RP2; Linecards: ASR1000-6TGE and ASR1000-2T+20X1GE
Firmware Versions
IOS XE 3.13


Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134

Global Certification Team

Validation History

Date Type Lab
7/22/2015 Initial ACUMEN SECURITY, LLC