Module Name
IOS Common Cryptographic Module (IC2M)
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols.
Tested Configuration(s)
- IOS-XE 17.3 running on a Cisco ASR1K RP2 with an Intel Xeon L52XX
- IOS-XE 17.3 running on a Cisco ASR1K RP3 with an Intel Xeon D-15XX
- IOS-XE 17.3 running on a Cisco ISR 4321 with an Intel Atom C25XX
Approved Algorithms
AES |
Cert. #A1462 |
CKG |
vendor affirmed |
CVL |
Cert. #A1462 |
DRBG |
Cert. #A1462 |
ECDSA |
Cert. #A1462 |
HMAC |
Cert. #A1462 |
KAS-SSC |
Cert. #A1462 |
KBKDF |
Cert. #A1462 |
KTS |
AES Cert. #A1462; key establishment methodology provides 128 bits of encryption strength |
RSA |
Cert. #A1462 |
SHS |
Cert. #A1462 |
Triple-DES |
Cert. #A1462 |
Allowed Algorithms
RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)