Module Name
Cisco FIPS Object Module
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.
Tested Configuration(s)
- Linux Kernel 4.9 running on a Cisco Catalyst 3850 with Cavium Octeon II MIPS64 (single-user mode)
- Linux Kernel 5.10 on VMware ESXi 6.5 running on Cisco UCSC-C220-M5SX with Intel Xeon Platinum with PAA (single-user mode)
- macOS 11.5 running on Apple MacBook Pro with Intel Core i7 with PAA (single-user mode)
- Windows 10 running on Dell Inspiron 15 5000 with Intel Core i5 with PAA (single-user mode)
Approved Algorithms
AES |
Cert. #A1773 |
CKG |
vendor affirmed |
CVL |
Cert. #A1773 |
DRBG |
Cert. #A1773 |
DSA |
Cert. #A1773 |
ECDSA |
Cert. #A1773 |
HMAC |
Cert. #A1773 |
KAS-SSC |
Cert. #A1773 |
KBKDF |
Cert. #A1773 |
KTS |
AES Cert. #A1773; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Cert. #A1773 |
SHS |
Cert. #A1773 |
Triple-DES |
Cert. #A1773 |
Allowed Algorithms
MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)