This page was not yet optimized for use on mobile
devices.
Cisco FIPS Object Module
Certificate #4747
Webpage information
Security policy
Symmetric Algorithms
AES-, AES, CAST, Triple-DES, HMAC, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMACAsymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA1, SHA-224, SHA-256, SHA-384, SHA-512, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-512, SHA3-384, PBKDFSchemes
MAC, Key AgreementProtocols
SSH, SSHv2, TLS, TLSv1.2, TLS v1.2, TLS v1.3, TLS 1.3, TLS1.2, TLS 1.2, IKEv2, IKERandomness
DRBGElliptic Curves
P-224, P-256, P-384, P-521, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSVendor
Cisco Systems, Inc, CiscoSecurity level
Level 1, level 1Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 180-4, FIPS 186-4, FIPS 202, FIPS 140, FIPS140-3, SP 800-132, NIST SP 800-140F, SP 800-38D, NIST SP 800-38D, NIST SP 800-132, NIST SP 800-38E, RFC7627, RFC 5288, RFC 5246, RFC 7296, RFC5282, RFC 8446, ISO/IEC 19790, ISO/IEC 24759File metadata
| Title | CISCO FIPS Object Module Security Policy |
|---|---|
| Subject | FIPS 140-2 Security Policy |
| Author | Kelvin Desplanque (kdesplan) |
| Creation date | D:20240731155818-04'00' |
| Modification date | D:20240731155844-04'00' |
| Pages | 27 |
| Creator | Acrobat PDFMaker 24 for Word |
| Producer | Adobe PDF Library 24.2.121 |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4747,
"dgst": "822a8e0aad6a68a9",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC-SHA3-512A4446",
"AES-KWA4446",
"Safe Primes Key VerificationA4446",
"AES-CCMA4446",
"TDES-ECBA4446",
"HMAC-SHA-1A4446",
"SHA2-512/256A4446",
"HMAC-SHA3-256A4446",
"TLS v1.2 KDF RFC7627A4446",
"Counter DRBGA4446",
"SHA3-256A4446",
"SHA3-512A4446",
"KAS-FFC-SSC Sp800-56Ar3A4446",
"AES-ECBA4446",
"SHA3-224A4446",
"HMAC-SHA2-224A4446",
"ECDSA SigVer (FIPS186-4)A4446",
"KDF SSHA4446",
"SHAKE-256A4446",
"TDES-CFB1A4446",
"DSA SigVer (FIPS186-4)A4446",
"RSA KeyGen (FIPS186-4)A4446",
"SHA3-384A4446",
"AES-CFB128A4446",
"TDES-CBCA4446",
"AES-CBCA4446",
"HMAC-SHA2-512A4446",
"TDES-CMACA4446",
"HMAC-SHA2-512/224A4446",
"KAS-IFC-SSCA4446",
"RSA SigVer (FIPS186-4)A4446",
"Safe Primes Key GenerationA4446",
"AES-GCMA4446",
"KDF SP800-108A4446",
"HMAC DRBGA4446",
"TDES-CTRA4446",
"SHA2-384A4446",
"ECDSA SigGen (FIPS186-4)A4446",
"KTS-IFCA4446",
"KDA OneStep Sp800-56Cr1A4446",
"TDES-CFB64A4446",
"DSA KeyGen (FIPS186-4)A4446",
"DSA SigGen (FIPS186-4)A4446",
"AES-CFB1A4446",
"KDF SNMPA4446",
"SHA2-256A4446",
"AES-OFBA4446",
"AES-CMACA4446",
"SHA2-512/224A4446",
"AES-GMACA4446",
"TDES-OFBA4446",
"TDES-CFB8A4446",
"KAS-ECC-SSC Sp800-56Ar3A4446",
"ECDSA KeyGen (FIPS186-4)A4446",
"RSA SigGen (FIPS186-4)A4446",
"KDA HKDF Sp800-56Cr1A4446",
"KDF SRTPA4446",
"SHA-1A4446",
"TLS v1.3 KDFA4446",
"HMAC-SHA3-384A4446",
"HMAC-SHA2-384A4446",
"SHAKE-128A4446",
"PBKDFA4446",
"KDF IKEv2A4446",
"AES-CFB8A4446",
"AES-XTS Testing Revision 2.0A4446",
"DSA PQGGen (FIPS186-4)A4446",
"AES-KWPA4446",
"SHA2-512A4446",
"KAS-ECC CDH-Component SP800-56Ar3A4446",
"ECDSA KeyVer (FIPS186-4)A4446",
"HMAC-SHA2-512/256A4446",
"Hash DRBGA4446",
"DSA PQGVer (FIPS186-4)A4446",
"SHA2-224A4446",
"HMAC-SHA2-256A4446",
"AES-CTRA4446",
"HMAC-SHA3-224A4446"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"7.3"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 9
},
"ECDH": {
"ECDH": 2
},
"ECDSA": {
"ECDSA": 26
}
},
"FF": {
"DH": {
"DH": 2,
"Diffie-Hellman": 7
},
"DSA": {
"DSA": 30
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CCM": {
"CCM": 2
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 8
},
"ECB": {
"ECB": 4
},
"GCM": {
"GCM": 16
},
"OFB": {
"OFB": 4
},
"XTS": {
"XTS": 5
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 1,
"IKEv2": 6
},
"SSH": {
"SSH": 7,
"SSHv2": 3
},
"TLS": {
"TLS": {
"TLS": 10,
"TLS 1.2": 1,
"TLS 1.3": 1,
"TLS v1.2": 3,
"TLS v1.3": 2,
"TLS1.2": 1,
"TLSv1.2": 1
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1
},
"MAC": {
"MAC": 6
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-233": 6,
"B-283": 6,
"B-409": 6,
"B-571": 6,
"K-233": 6,
"K-283": 6,
"K-409": 6,
"K-571": 6,
"P-224": 14,
"P-256": 18,
"P-384": 14,
"P-521": 12
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 2,
"#3": 1
}
},
"fips_certlike": {
"Certlike": {
"AES 128/192/256": 1,
"AES-128/192/256": 1,
"HMAC SHA-1": 2,
"HMAC SHA-224": 1,
"HMAC SHA-256": 1,
"HMAC SHA-384": 1,
"HMAC SHA-512": 1,
"HMAC- SHA-1": 1,
"HMAC-SHA- 512": 2,
"HMAC-SHA-1": 12,
"HMAC-SHA-224": 4,
"HMAC-SHA-256": 4,
"HMAC-SHA-384": 4,
"HMAC-SHA-512": 2,
"HMAC-SHA1": 4,
"PAA 2": 1,
"PAA 3": 1,
"SHA-1": 11,
"SHA-224": 3,
"SHA-256": 4,
"SHA-384": 3,
"SHA-512": 3,
"SHA1": 3,
"SHA2- 256": 2,
"SHA2- 384": 3,
"SHA2-224": 4,
"SHA2-256": 4,
"SHA2-384": 2,
"SHA2-512": 5,
"SHA224": 1,
"SHA256": 1,
"SHA3- 256": 2,
"SHA3- 384": 2,
"SHA3-224": 4,
"SHA3-256": 3,
"SHA3-384": 3,
"SHA3-512": 4,
"SHA384": 1,
"SHA512": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"level 1": 2
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 12
},
"SHA": {
"SHA1": {
"SHA-1": 11,
"SHA1": 3
},
"SHA2": {
"SHA-224": 3,
"SHA-256": 4,
"SHA-384": 3,
"SHA-512": 3,
"SHA224": 1,
"SHA256": 1,
"SHA384": 1,
"SHA512": 1
},
"SHA3": {
"SHA3-224": 4,
"SHA3-256": 3,
"SHA3-384": 3,
"SHA3-512": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 46
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140": 1,
"FIPS 140-3": 15,
"FIPS 180-4": 2,
"FIPS 186-4": 18,
"FIPS 197": 5,
"FIPS 202": 1,
"FIPS PUB 140-3": 1,
"FIPS140-3": 1
},
"ISO": {
"ISO/IEC 19790": 2,
"ISO/IEC 24759": 2
},
"NIST": {
"NIST SP 800-132": 1,
"NIST SP 800-140F": 1,
"NIST SP 800-38D": 3,
"NIST SP 800-38E": 1,
"SP 800-132": 2,
"SP 800-38D": 1
},
"RFC": {
"RFC 5246": 2,
"RFC 5288": 2,
"RFC 7296": 1,
"RFC 8446": 1,
"RFC5282": 1,
"RFC7627": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 34,
"AES-": 4
},
"CAST": {
"CAST": 1
}
},
"DES": {
"3DES": {
"Triple-DES": 1
}
},
"constructions": {
"MAC": {
"CMAC": 5,
"HMAC": 18,
"HMAC-SHA-224": 2,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 7,
"Cisco Systems, Inc": 30
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Kelvin Desplanque (kdesplan)",
"/Category": "FIPS 140-2 Submission Documentation",
"/Comments": "",
"/Company": "Cisco Systems, Inc.",
"/ContentTypeId": "0x0101005E3C2BAEF5B35747AD0598E3776D7DE4",
"/CreationDate": "D:20240731155818-04\u002700\u0027",
"/Creator": "Acrobat PDFMaker 24 for Word",
"/Keywords": "",
"/Manager": "[email protected]",
"/ModDate": "D:20240731155844-04\u002700\u0027",
"/Module Name": "Cisco FIPS Object Module",
"/Module Name Short": "FOM",
"/Producer": "Adobe PDF Library 24.2.121",
"/SourceModified": "D:20240731195802",
"/Subject": "FIPS 140-2 Security Policy",
"/Title": "CISCO FIPS Object Module Security Policy",
"pdf_file_size_bytes": 557457,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 27
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "532fee606ba94aedcc97618b6564e9f1fda506d25989c502bdd421d5f987b175",
"policy_txt_hash": "52dc92aef5c83203fd82da2dcf1a8f8b69e5539d38e6e746f94de9c767d86de1"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
"date_sunset": "2029-07-31",
"description": "The Cisco FIPS Object Module (FOM) is a firmware hybrid library that provides cryptographic services to a vast array of Cisco\u0027s networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead, it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A"
],
"fw_versions": "7.3a",
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Cisco FIPS Object Module",
"module_type": "Firmware-Hybrid",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": [
"Linux 4.4 running on Cisco Catalyst 9300 with Intel Xeon D-1526 (Broadwell) with PAA",
"Linux 4.5 running on Cisco Unified Computing System (UCS) with Intel Xeon Gold 6244 (Cascade Lake) with PAA",
"Linux 5.4 running on ISR 4321 with Intel Atom C2558 (Silvermont) with PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-08-01",
"lab": "Acumen Security",
"validation_type": "Initial"
}
],
"vendor": "Cisco Systems, Inc.",
"vendor_url": "https://www.cisco.com"
}
}