Cryptographic Module Validation Program CMVP

Certificate #2511

Details

Module Name
Cisco Integrated Services Router (ISR) 4351 and 4331 (with SM-ES3X-16-P, SM-ES3X-24-P, SM-D-ES3X-48-P, PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) and Cisco Integrated Services Router (ISR) 4321 (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256)
Standard
FIPS 140-2
Status
Active
Sunset Date
12/23/2020
Validation Dates
12/24/2015
Overall Level
1
Caveat
When operated in FIPS mode
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Cert. #2817
CVL Certs. #252 and #253
DRBG Cert. #481
ECDSA Cert. #493
HMAC Cert. #1764
RSA Cert. #1471
SHS Cert. #2361
Triple-DES Certs. #1671 and #1688
Other Algorithms
AES (non-compliant); DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); KBKDF (non-compliant);
Hardware Versions
ISR 4351 [1], ISR 4331 [2] and ISR 4321 [3] with SM-ES3X-16-P [1,2], SM-ES3X-24-P [1,2], SM-D-ES3X-48-P [1,2], PVDM4-32 [1,2,3], PVDM4-64 [1,2,3], PVDM4-128 [1,2,3] and PVDM4-256 [1,2,3]
Firmware Versions
IOS-XE 3.13.2

Vendor

Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team
certteam@cisco.com

Lab

CGI IT Security Evaluation & Test Facility
NVLAP Code: 200928-0