Cisco FIPS Object Module

Certificate #4747

Webpage information ?

Status active
Validation dates 01.08.2024
Sunset date 31-07-2029
Standard FIPS 140-3
Security level 1
Type Firmware-Hybrid
Embodiment Multi-Chip Stand Alone
Caveat No assurance of the minimum strength of generated SSPs (e.g., keys).
Exceptions
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The Cisco FIPS Object Module (FOM) is a firmware hybrid library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead, it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.
Version (Firmware) 7.3a
Tested configurations
  • Linux 4.4 running on Cisco Catalyst 9300 with Intel Xeon D-1526 (Broadwell) with PAA
  • Linux 4.5 running on Cisco Unified Computing System (UCS) with Intel Xeon Gold 6244 (Cascade Lake) with PAA
  • Linux 5.4 running on ISR 4321 with Intel Atom C2558 (Silvermont) with PAA
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES-, AES, CAST, Triple-DES, HMAC, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMAC
Asymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSA
Hash functions
SHA-1, SHA1, SHA-224, SHA-256, SHA-384, SHA-512, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-512, SHA3-384, PBKDF
Schemes
MAC, Key Agreement
Protocols
SSH, TLS, TLSv1.2, TLS v1.2, TLS v1.3, TLS 1.3, TLS1.2, TLS 1.2, IKEv2, IKE
Randomness
DRBG
Elliptic Curves
P-224, P-256, P-384, P-521, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS

Vendor
Cisco Systems, Inc, Cisco

Security level
Level 1, level 1

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 180-4, FIPS 186-4, FIPS 202, FIPS 140, FIPS140-3, SP 800-132, NIST SP 800-140F, SP 800-38D, NIST SP 800-38D, NIST SP 800-132, NIST SP 800-38E, RFC7627, RFC 5288, RFC 5246, RFC 7296, RFC5282, RFC 8446, ISO/IEC 19790, ISO/IEC 24759

File metadata

Title CISCO FIPS Object Module Security Policy
Subject FIPS 140-2 Security Policy
Author Kelvin Desplanque (kdesplan)
Creation date D:20240731155818-04'00'
Modification date D:20240731155844-04'00'
Pages 27
Creator Acrobat PDFMaker 24 for Word
Producer Adobe PDF Library 24.2.121

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 09.09.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf.

    The computed heuristics were updated.

    • The algorithms property was set to {'_type': 'Set', 'elements': ['ECDSA KeyVer (FIPS186-4)A4446', 'TDES-CTRA4446', 'TLS v1.3 KDFA4446', 'AES-CCMA4446', 'TDES-ECBA4446', 'HMAC DRBGA4446', 'HMAC-SHA3-512A4446', 'AES-GCMA4446', 'AES-KWPA4446', 'Safe Primes Key GenerationA4446', 'AES-KWA4446', 'SHA3-224A4446', 'SHAKE-128A4446', 'AES-CFB1A4446', 'KTS-IFCA4446', 'ECDSA SigGen (FIPS186-4)A4446', 'AES-CMACA4446', 'AES-OFBA4446', 'TDES-CFB64A4446', 'SHA2-256A4446', 'KDA HKDF Sp800-56Cr1A4446', 'KAS-ECC CDH-Component SP800-56Ar3A4446', 'TDES-CFB8A4446', 'DSA KeyGen (FIPS186-4)A4446', 'SHA3-256A4446', 'SHA3-512A4446', 'HMAC-SHA-1A4446', 'Counter DRBGA4446', 'SHA2-384A4446', 'SHA-1A4446', 'KDF SRTPA4446', 'KDF SNMPA4446', 'AES-GMACA4446', 'DSA SigVer (FIPS186-4)A4446', 'AES-CFB8A4446', 'KDF SP800-108A4446', 'RSA SigGen (FIPS186-4)A4446', 'HMAC-SHA3-256A4446', 'TLS v1.2 KDF RFC7627A4446', 'HMAC-SHA2-224A4446', 'RSA KeyGen (FIPS186-4)A4446', 'AES-CFB128A4446', 'HMAC-SHA3-384A4446', 'TDES-CMACA4446', 'KAS-IFC-SSCA4446', 'SHAKE-256A4446', 'DSA PQGGen (FIPS186-4)A4446', 'TDES-CBCA4446', 'SHA2-224A4446', 'AES-XTS Testing Revision 2.0A4446', 'AES-ECBA4446', 'DSA SigGen (FIPS186-4)A4446', 'SHA3-384A4446', 'Hash DRBGA4446', 'DSA PQGVer (FIPS186-4)A4446', 'KAS-ECC-SSC Sp800-56Ar3A4446', 'AES-CBCA4446', 'HMAC-SHA3-224A4446', 'ECDSA SigVer (FIPS186-4)A4446', 'TDES-OFBA4446', 'ECDSA KeyGen (FIPS186-4)A4446', 'Safe Primes Key VerificationA4446', 'AES-CTRA4446', 'RSA SigVer (FIPS186-4)A4446', 'SHA2-512/256A4446', 'SHA2-512/224A4446', 'HMAC-SHA2-512/224A4446', 'KAS-FFC-SSC Sp800-56Ar3A4446', 'TDES-CFB1A4446', 'PBKDFA4446', 'KDF IKEv2A4446', 'KDF SSHA4446', 'HMAC-SHA2-512/256A4446', 'HMAC-SHA2-512A4446', 'KDA OneStep Sp800-56Cr1A4446', 'HMAC-SHA2-256A4446', 'SHA2-512A4446', 'HMAC-SHA2-384A4446']}.
  • 03.08.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4747,
  "dgst": "822a8e0aad6a68a9",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "TDES-CFB8A4446",
        "SHA2-256A4446",
        "AES-OFBA4446",
        "HMAC-SHA-1A4446",
        "SHA2-512A4446",
        "SHA-1A4446",
        "TDES-ECBA4446",
        "HMAC-SHA3-384A4446",
        "TDES-CFB64A4446",
        "ECDSA KeyGen (FIPS186-4)A4446",
        "HMAC-SHA2-512A4446",
        "DSA KeyGen (FIPS186-4)A4446",
        "SHAKE-128A4446",
        "KDF SSHA4446",
        "AES-XTS Testing Revision 2.0A4446",
        "KDF SRTPA4446",
        "SHA2-384A4446",
        "AES-GMACA4446",
        "SHA3-512A4446",
        "SHAKE-256A4446",
        "Hash DRBGA4446",
        "KAS-ECC CDH-Component SP800-56Ar3A4446",
        "TDES-CMACA4446",
        "AES-KWPA4446",
        "DSA SigGen (FIPS186-4)A4446",
        "HMAC-SHA3-256A4446",
        "KAS-FFC-SSC Sp800-56Ar3A4446",
        "ECDSA SigGen (FIPS186-4)A4446",
        "ECDSA SigVer (FIPS186-4)A4446",
        "AES-CFB1A4446",
        "KDA HKDF Sp800-56Cr1A4446",
        "HMAC DRBGA4446",
        "HMAC-SHA3-512A4446",
        "AES-CFB128A4446",
        "HMAC-SHA3-224A4446",
        "TDES-CTRA4446",
        "KTS-IFCA4446",
        "KDF SNMPA4446",
        "RSA SigGen (FIPS186-4)A4446",
        "AES-CCMA4446",
        "TDES-CBCA4446",
        "HMAC-SHA2-384A4446",
        "DSA PQGGen (FIPS186-4)A4446",
        "Safe Primes Key GenerationA4446",
        "KAS-ECC-SSC Sp800-56Ar3A4446",
        "AES-CMACA4446",
        "HMAC-SHA2-256A4446",
        "HMAC-SHA2-512/256A4446",
        "SHA3-384A4446",
        "Safe Primes Key VerificationA4446",
        "DSA PQGVer (FIPS186-4)A4446",
        "AES-CFB8A4446",
        "SHA3-224A4446",
        "SHA2-224A4446",
        "SHA3-256A4446",
        "TDES-OFBA4446",
        "HMAC-SHA2-512/224A4446",
        "AES-CTRA4446",
        "AES-CBCA4446",
        "AES-KWA4446",
        "KDF IKEv2A4446",
        "PBKDFA4446",
        "TDES-CFB1A4446",
        "AES-GCMA4446",
        "KDA OneStep Sp800-56Cr1A4446",
        "TLS v1.3 KDFA4446",
        "TLS v1.2 KDF RFC7627A4446",
        "AES-ECBA4446",
        "KDF SP800-108A4446",
        "SHA2-512/256A4446",
        "RSA KeyGen (FIPS186-4)A4446",
        "SHA2-512/224A4446",
        "DSA SigVer (FIPS186-4)A4446",
        "ECDSA KeyVer (FIPS186-4)A4446",
        "Counter DRBGA4446",
        "HMAC-SHA2-224A4446",
        "RSA SigVer (FIPS186-4)A4446",
        "KAS-IFC-SSCA4446"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "7.3"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 9
          },
          "ECDH": {
            "ECDH": 2
          },
          "ECDSA": {
            "ECDSA": 26
          }
        },
        "FF": {
          "DH": {
            "DH": 2,
            "Diffie-Hellman": 7
          },
          "DSA": {
            "DSA": 30
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 4
        },
        "CCM": {
          "CCM": 2
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 8
        },
        "ECB": {
          "ECB": 4
        },
        "GCM": {
          "GCM": 16
        },
        "OFB": {
          "OFB": 4
        },
        "XTS": {
          "XTS": 5
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 1,
          "IKEv2": 6
        },
        "SSH": {
          "SSH": 7
        },
        "TLS": {
          "TLS": {
            "TLS": 10,
            "TLS 1.2": 1,
            "TLS 1.3": 1,
            "TLS v1.2": 3,
            "TLS v1.3": 2,
            "TLS1.2": 1,
            "TLSv1.2": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1
        },
        "MAC": {
          "MAC": 6
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-233": 6,
          "B-283": 6,
          "B-409": 6,
          "B-571": 6,
          "K-233": 6,
          "K-283": 6,
          "K-409": 6,
          "K-571": 6,
          "P-224": 14,
          "P-256": 18,
          "P-384": 14,
          "P-521": 12
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 2,
          "#3": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128/192/256": 1,
          "AES-128/192/256": 1,
          "HMAC SHA-1": 2,
          "HMAC SHA-224": 1,
          "HMAC SHA-256": 1,
          "HMAC SHA-384": 1,
          "HMAC SHA-512": 1,
          "HMAC- SHA-1": 1,
          "HMAC-SHA- 512": 2,
          "HMAC-SHA-1": 12,
          "HMAC-SHA-224": 4,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-384": 4,
          "HMAC-SHA-512": 2,
          "HMAC-SHA1": 4,
          "PAA 2": 1,
          "PAA 3": 1,
          "SHA-1": 11,
          "SHA-224": 3,
          "SHA-256": 4,
          "SHA-384": 3,
          "SHA-512": 3,
          "SHA1": 3,
          "SHA2- 256": 2,
          "SHA2- 384": 3,
          "SHA2-224": 4,
          "SHA2-256": 4,
          "SHA2-384": 2,
          "SHA2-512": 5,
          "SHA224": 1,
          "SHA256": 1,
          "SHA3- 256": 2,
          "SHA3- 384": 2,
          "SHA3-224": 4,
          "SHA3-256": 3,
          "SHA3-384": 3,
          "SHA3-512": 4,
          "SHA384": 1,
          "SHA512": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 2
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 12
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 11,
            "SHA1": 3
          },
          "SHA2": {
            "SHA-224": 3,
            "SHA-256": 4,
            "SHA-384": 3,
            "SHA-512": 3,
            "SHA224": 1,
            "SHA256": 1,
            "SHA384": 1,
            "SHA512": 1
          },
          "SHA3": {
            "SHA3-224": 4,
            "SHA3-256": 3,
            "SHA3-384": 3,
            "SHA3-512": 4
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 46
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 1,
          "FIPS 140-3": 15,
          "FIPS 180-4": 2,
          "FIPS 186-4": 18,
          "FIPS 197": 5,
          "FIPS 202": 1,
          "FIPS PUB 140-3": 1,
          "FIPS140-3": 1
        },
        "ISO": {
          "ISO/IEC 19790": 2,
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "NIST SP 800-132": 1,
          "NIST SP 800-140F": 1,
          "NIST SP 800-38D": 3,
          "NIST SP 800-38E": 1,
          "SP 800-132": 2,
          "SP 800-38D": 1
        },
        "RFC": {
          "RFC 5246": 2,
          "RFC 5288": 2,
          "RFC 7296": 1,
          "RFC 8446": 1,
          "RFC5282": 1,
          "RFC7627": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 34,
            "AES-": 4
          },
          "CAST": {
            "CAST": 1
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 5,
            "HMAC": 18,
            "HMAC-SHA-224": 2,
            "HMAC-SHA-256": 2,
            "HMAC-SHA-384": 2,
            "HMAC-SHA-512": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 7,
          "Cisco Systems, Inc": 30
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Kelvin Desplanque (kdesplan)",
      "/Category": "FIPS 140-2 Submission Documentation",
      "/Comments": "",
      "/Company": "Cisco Systems, Inc.",
      "/ContentTypeId": "0x0101005E3C2BAEF5B35747AD0598E3776D7DE4",
      "/CreationDate": "D:20240731155818-04\u002700\u0027",
      "/Creator": "Acrobat PDFMaker 24 for Word",
      "/Keywords": "",
      "/Manager": "[email protected]",
      "/ModDate": "D:20240731155844-04\u002700\u0027",
      "/Module Name": "Cisco FIPS Object Module",
      "/Module Name Short": "FOM",
      "/Producer": "Adobe PDF Library 24.2.121",
      "/SourceModified": "D:20240731195802",
      "/Subject": "FIPS 140-2 Security Policy",
      "/Title": "CISCO FIPS Object Module Security Policy",
      "pdf_file_size_bytes": 557457,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 27
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "532fee606ba94aedcc97618b6564e9f1fda506d25989c502bdd421d5f987b175",
    "policy_txt_hash": "52dc92aef5c83203fd82da2dcf1a8f8b69e5539d38e6e746f94de9c767d86de1"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
    "date_sunset": "2029-07-31",
    "description": "The Cisco FIPS Object Module (FOM) is a firmware hybrid library that provides cryptographic services to a vast array of Cisco\u0027s networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead, it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": "7.3a",
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Cisco FIPS Object Module",
    "module_type": "Firmware-Hybrid",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "Linux 4.4 running on Cisco Catalyst 9300 with Intel Xeon D-1526 (Broadwell) with PAA",
      "Linux 4.5 running on Cisco Unified Computing System (UCS) with Intel Xeon Gold 6244 (Cascade Lake) with PAA",
      "Linux 5.4 running on ISR 4321 with Intel Atom C2558 (Silvermont) with PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-08-01",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "https://www.cisco.com"
  }
}