Cryptographic Module Validation Program CMVP

Certificate #2505

Details

Module Name
Cisco FIPS Object Module
Standard
FIPS 140-2
Status
Active
Sunset Date
12/20/2020
Validation Dates
12/21/2015
Overall Level
1
Caveat
When installed, initialized and configured as specified in the Security Policy Section 4.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.
Tested Configuration(s)
  • Android v4.4 running on a Qualcomm Snapdragon Pro APQ8064 ARMv7 on a Google Nexus 4
  • FreeBSD 9.2 running on an Intel Xeon on a Cisco UCS C200 M2 (single-user mode)
  • Linux 2.6 running on an Intel Xeon on a Cisco UCS C22 M3
  • Linux 2.6 running on an Octeon Evaluation Board CN5645 on a Cisco WLC 5508 with Octeon
  • Linux 2.6 running on an Octeon Evaluation Board CN5645 on a Cisco WLC 5508 without Octeon
  • Windows 8.1 running on an Intel Core i7 on a Gateway FX6860 with PAA
  • Windows 8.1 running on an Intel Core i7 on a Gateway FX6860 without PAA
FIPS Algorithms
AES Certs. #3404 and #3405
CVL Certs. #504, #505, #506 and #507
DRBG Certs. #817 and #818
DSA Certs. #961 and #962
ECDSA Certs. #678 and #679
HMAC Certs. #2172 and #2173
KBKDF Certs. #52 and #53
RSA Certs. #1743 and #1744
SHS Certs. #2817 and #2818
Triple-DES Certs. #1926 and #1927
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Software Versions
6.0

Vendor

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team
certteam@cisco.com

Lab

CGI IT Security Evaluation & Test Facility
NVLAP Code: 200928-0