This page was not yet optimized for use on mobile devices.
Cisco FIPS Object Module
Certificate #4747
Webpage information ?
Security policy ?
Symmetric Algorithms
AES-, AES, CAST, Triple-DES, HMAC, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMACAsymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA1, SHA-224, SHA-256, SHA-384, SHA-512, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-512, SHA3-384, PBKDFSchemes
MAC, Key AgreementProtocols
SSH, TLS, TLSv1.2, TLS v1.2, TLS v1.3, TLS 1.3, TLS1.2, TLS 1.2, IKEv2, IKERandomness
DRBGElliptic Curves
P-224, P-256, P-384, P-521, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSVendor
Cisco Systems, Inc, CiscoSecurity level
Level 1, level 1Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 180-4, FIPS 186-4, FIPS 202, FIPS 140, FIPS140-3, SP 800-132, NIST SP 800-140F, SP 800-38D, NIST SP 800-38D, NIST SP 800-132, NIST SP 800-38E, RFC7627, RFC 5288, RFC 5246, RFC 7296, RFC5282, RFC 8446, ISO/IEC 19790, ISO/IEC 24759File metadata
Title | CISCO FIPS Object Module Security Policy |
---|---|
Subject | FIPS 140-2 Security Policy |
Author | Kelvin Desplanque (kdesplan) |
Creation date | D:20240731155818-04'00' |
Modification date | D:20240731155844-04'00' |
Pages | 27 |
Creator | Acrobat PDFMaker 24 for Word |
Producer | Adobe PDF Library 24.2.121 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
09.09.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf
.
The computed heuristics were updated.
- The algorithms property was set to
{'_type': 'Set', 'elements': ['ECDSA KeyVer (FIPS186-4)A4446', 'TDES-CTRA4446', 'TLS v1.3 KDFA4446', 'AES-CCMA4446', 'TDES-ECBA4446', 'HMAC DRBGA4446', 'HMAC-SHA3-512A4446', 'AES-GCMA4446', 'AES-KWPA4446', 'Safe Primes Key GenerationA4446', 'AES-KWA4446', 'SHA3-224A4446', 'SHAKE-128A4446', 'AES-CFB1A4446', 'KTS-IFCA4446', 'ECDSA SigGen (FIPS186-4)A4446', 'AES-CMACA4446', 'AES-OFBA4446', 'TDES-CFB64A4446', 'SHA2-256A4446', 'KDA HKDF Sp800-56Cr1A4446', 'KAS-ECC CDH-Component SP800-56Ar3A4446', 'TDES-CFB8A4446', 'DSA KeyGen (FIPS186-4)A4446', 'SHA3-256A4446', 'SHA3-512A4446', 'HMAC-SHA-1A4446', 'Counter DRBGA4446', 'SHA2-384A4446', 'SHA-1A4446', 'KDF SRTPA4446', 'KDF SNMPA4446', 'AES-GMACA4446', 'DSA SigVer (FIPS186-4)A4446', 'AES-CFB8A4446', 'KDF SP800-108A4446', 'RSA SigGen (FIPS186-4)A4446', 'HMAC-SHA3-256A4446', 'TLS v1.2 KDF RFC7627A4446', 'HMAC-SHA2-224A4446', 'RSA KeyGen (FIPS186-4)A4446', 'AES-CFB128A4446', 'HMAC-SHA3-384A4446', 'TDES-CMACA4446', 'KAS-IFC-SSCA4446', 'SHAKE-256A4446', 'DSA PQGGen (FIPS186-4)A4446', 'TDES-CBCA4446', 'SHA2-224A4446', 'AES-XTS Testing Revision 2.0A4446', 'AES-ECBA4446', 'DSA SigGen (FIPS186-4)A4446', 'SHA3-384A4446', 'Hash DRBGA4446', 'DSA PQGVer (FIPS186-4)A4446', 'KAS-ECC-SSC Sp800-56Ar3A4446', 'AES-CBCA4446', 'HMAC-SHA3-224A4446', 'ECDSA SigVer (FIPS186-4)A4446', 'TDES-OFBA4446', 'ECDSA KeyGen (FIPS186-4)A4446', 'Safe Primes Key VerificationA4446', 'AES-CTRA4446', 'RSA SigVer (FIPS186-4)A4446', 'SHA2-512/256A4446', 'SHA2-512/224A4446', 'HMAC-SHA2-512/224A4446', 'KAS-FFC-SSC Sp800-56Ar3A4446', 'TDES-CFB1A4446', 'PBKDFA4446', 'KDF IKEv2A4446', 'KDF SSHA4446', 'HMAC-SHA2-512/256A4446', 'HMAC-SHA2-512A4446', 'KDA OneStep Sp800-56Cr1A4446', 'HMAC-SHA2-256A4446', 'SHA2-512A4446', 'HMAC-SHA2-384A4446']}
.
- The certificate_pdf_url property was set to
-
03.08.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4747,
"dgst": "822a8e0aad6a68a9",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"TDES-CFB8A4446",
"SHA2-256A4446",
"AES-OFBA4446",
"HMAC-SHA-1A4446",
"SHA2-512A4446",
"SHA-1A4446",
"TDES-ECBA4446",
"HMAC-SHA3-384A4446",
"TDES-CFB64A4446",
"ECDSA KeyGen (FIPS186-4)A4446",
"HMAC-SHA2-512A4446",
"DSA KeyGen (FIPS186-4)A4446",
"SHAKE-128A4446",
"KDF SSHA4446",
"AES-XTS Testing Revision 2.0A4446",
"KDF SRTPA4446",
"SHA2-384A4446",
"AES-GMACA4446",
"SHA3-512A4446",
"SHAKE-256A4446",
"Hash DRBGA4446",
"KAS-ECC CDH-Component SP800-56Ar3A4446",
"TDES-CMACA4446",
"AES-KWPA4446",
"DSA SigGen (FIPS186-4)A4446",
"HMAC-SHA3-256A4446",
"KAS-FFC-SSC Sp800-56Ar3A4446",
"ECDSA SigGen (FIPS186-4)A4446",
"ECDSA SigVer (FIPS186-4)A4446",
"AES-CFB1A4446",
"KDA HKDF Sp800-56Cr1A4446",
"HMAC DRBGA4446",
"HMAC-SHA3-512A4446",
"AES-CFB128A4446",
"HMAC-SHA3-224A4446",
"TDES-CTRA4446",
"KTS-IFCA4446",
"KDF SNMPA4446",
"RSA SigGen (FIPS186-4)A4446",
"AES-CCMA4446",
"TDES-CBCA4446",
"HMAC-SHA2-384A4446",
"DSA PQGGen (FIPS186-4)A4446",
"Safe Primes Key GenerationA4446",
"KAS-ECC-SSC Sp800-56Ar3A4446",
"AES-CMACA4446",
"HMAC-SHA2-256A4446",
"HMAC-SHA2-512/256A4446",
"SHA3-384A4446",
"Safe Primes Key VerificationA4446",
"DSA PQGVer (FIPS186-4)A4446",
"AES-CFB8A4446",
"SHA3-224A4446",
"SHA2-224A4446",
"SHA3-256A4446",
"TDES-OFBA4446",
"HMAC-SHA2-512/224A4446",
"AES-CTRA4446",
"AES-CBCA4446",
"AES-KWA4446",
"KDF IKEv2A4446",
"PBKDFA4446",
"TDES-CFB1A4446",
"AES-GCMA4446",
"KDA OneStep Sp800-56Cr1A4446",
"TLS v1.3 KDFA4446",
"TLS v1.2 KDF RFC7627A4446",
"AES-ECBA4446",
"KDF SP800-108A4446",
"SHA2-512/256A4446",
"RSA KeyGen (FIPS186-4)A4446",
"SHA2-512/224A4446",
"DSA SigVer (FIPS186-4)A4446",
"ECDSA KeyVer (FIPS186-4)A4446",
"Counter DRBGA4446",
"HMAC-SHA2-224A4446",
"RSA SigVer (FIPS186-4)A4446",
"KAS-IFC-SSCA4446"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"7.3"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 9
},
"ECDH": {
"ECDH": 2
},
"ECDSA": {
"ECDSA": 26
}
},
"FF": {
"DH": {
"DH": 2,
"Diffie-Hellman": 7
},
"DSA": {
"DSA": 30
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CCM": {
"CCM": 2
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 8
},
"ECB": {
"ECB": 4
},
"GCM": {
"GCM": 16
},
"OFB": {
"OFB": 4
},
"XTS": {
"XTS": 5
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 1,
"IKEv2": 6
},
"SSH": {
"SSH": 7
},
"TLS": {
"TLS": {
"TLS": 10,
"TLS 1.2": 1,
"TLS 1.3": 1,
"TLS v1.2": 3,
"TLS v1.3": 2,
"TLS1.2": 1,
"TLSv1.2": 1
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1
},
"MAC": {
"MAC": 6
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-233": 6,
"B-283": 6,
"B-409": 6,
"B-571": 6,
"K-233": 6,
"K-283": 6,
"K-409": 6,
"K-571": 6,
"P-224": 14,
"P-256": 18,
"P-384": 14,
"P-521": 12
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 2,
"#3": 1
}
},
"fips_certlike": {
"Certlike": {
"AES 128/192/256": 1,
"AES-128/192/256": 1,
"HMAC SHA-1": 2,
"HMAC SHA-224": 1,
"HMAC SHA-256": 1,
"HMAC SHA-384": 1,
"HMAC SHA-512": 1,
"HMAC- SHA-1": 1,
"HMAC-SHA- 512": 2,
"HMAC-SHA-1": 12,
"HMAC-SHA-224": 4,
"HMAC-SHA-256": 4,
"HMAC-SHA-384": 4,
"HMAC-SHA-512": 2,
"HMAC-SHA1": 4,
"PAA 2": 1,
"PAA 3": 1,
"SHA-1": 11,
"SHA-224": 3,
"SHA-256": 4,
"SHA-384": 3,
"SHA-512": 3,
"SHA1": 3,
"SHA2- 256": 2,
"SHA2- 384": 3,
"SHA2-224": 4,
"SHA2-256": 4,
"SHA2-384": 2,
"SHA2-512": 5,
"SHA224": 1,
"SHA256": 1,
"SHA3- 256": 2,
"SHA3- 384": 2,
"SHA3-224": 4,
"SHA3-256": 3,
"SHA3-384": 3,
"SHA3-512": 4,
"SHA384": 1,
"SHA512": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"level 1": 2
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 12
},
"SHA": {
"SHA1": {
"SHA-1": 11,
"SHA1": 3
},
"SHA2": {
"SHA-224": 3,
"SHA-256": 4,
"SHA-384": 3,
"SHA-512": 3,
"SHA224": 1,
"SHA256": 1,
"SHA384": 1,
"SHA512": 1
},
"SHA3": {
"SHA3-224": 4,
"SHA3-256": 3,
"SHA3-384": 3,
"SHA3-512": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 46
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140": 1,
"FIPS 140-3": 15,
"FIPS 180-4": 2,
"FIPS 186-4": 18,
"FIPS 197": 5,
"FIPS 202": 1,
"FIPS PUB 140-3": 1,
"FIPS140-3": 1
},
"ISO": {
"ISO/IEC 19790": 2,
"ISO/IEC 24759": 2
},
"NIST": {
"NIST SP 800-132": 1,
"NIST SP 800-140F": 1,
"NIST SP 800-38D": 3,
"NIST SP 800-38E": 1,
"SP 800-132": 2,
"SP 800-38D": 1
},
"RFC": {
"RFC 5246": 2,
"RFC 5288": 2,
"RFC 7296": 1,
"RFC 8446": 1,
"RFC5282": 1,
"RFC7627": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 34,
"AES-": 4
},
"CAST": {
"CAST": 1
}
},
"DES": {
"3DES": {
"Triple-DES": 1
}
},
"constructions": {
"MAC": {
"CMAC": 5,
"HMAC": 18,
"HMAC-SHA-224": 2,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 7,
"Cisco Systems, Inc": 30
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Kelvin Desplanque (kdesplan)",
"/Category": "FIPS 140-2 Submission Documentation",
"/Comments": "",
"/Company": "Cisco Systems, Inc.",
"/ContentTypeId": "0x0101005E3C2BAEF5B35747AD0598E3776D7DE4",
"/CreationDate": "D:20240731155818-04\u002700\u0027",
"/Creator": "Acrobat PDFMaker 24 for Word",
"/Keywords": "",
"/Manager": "[email protected]",
"/ModDate": "D:20240731155844-04\u002700\u0027",
"/Module Name": "Cisco FIPS Object Module",
"/Module Name Short": "FOM",
"/Producer": "Adobe PDF Library 24.2.121",
"/SourceModified": "D:20240731195802",
"/Subject": "FIPS 140-2 Security Policy",
"/Title": "CISCO FIPS Object Module Security Policy",
"pdf_file_size_bytes": 557457,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 27
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "532fee606ba94aedcc97618b6564e9f1fda506d25989c502bdd421d5f987b175",
"policy_txt_hash": "52dc92aef5c83203fd82da2dcf1a8f8b69e5539d38e6e746f94de9c767d86de1"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
"date_sunset": "2029-07-31",
"description": "The Cisco FIPS Object Module (FOM) is a firmware hybrid library that provides cryptographic services to a vast array of Cisco\u0027s networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead, it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": "7.3a",
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Cisco FIPS Object Module",
"module_type": "Firmware-Hybrid",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": [
"Linux 4.4 running on Cisco Catalyst 9300 with Intel Xeon D-1526 (Broadwell) with PAA",
"Linux 4.5 running on Cisco Unified Computing System (UCS) with Intel Xeon Gold 6244 (Cascade Lake) with PAA",
"Linux 5.4 running on ISR 4321 with Intel Atom C2558 (Silvermont) with PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-08-01",
"lab": "ACUMEN SECURITY, LLC",
"validation_type": "Initial"
}
],
"vendor": "Cisco Systems, Inc.",
"vendor_url": "https://www.cisco.com"
}
}