IOS Common Cryptographic Module (IC2M)

Certificate #4222

Webpage information

Status historical
Historical reason Moved to historical list due to sunsetting
Validation dates 09.05.2022
Standard FIPS 140-2
Security level 1
Type Firmware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode. No assurance of the minimum strength of generated keys
Exceptions
  • Mitigation of Other Attacks: N/A
Description The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols.
Version (Firmware) Rel5a
Tested configurations
  • IOS-XE 17.3 running on a Cisco ASR1K RP2 with an Intel Xeon L52XX
  • IOS-XE 17.3 running on a Cisco ASR1K RP3 with an Intel Xeon D-15XX
  • IOS-XE 17.3 running on a Cisco ISR 4321 with an Intel Atom C25XX
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, RC2, RC4, DES, Triple-DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
Asymmetric Algorithms
ECDH, ECDSA, DH, Diffie-Hellman
Hash functions
SHA-1, SHA-256, SHA-384, SHA-512, MD5
Protocols
SSH, TLS, IKE, IKEv2, IPsec
Randomness
DRBG, RNG
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
GCM

Vendor
Cisco Systems, Inc, Cisco Systems, Cisco

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 198, SP 800-90A, NIST SP 800-131A, SP 800-108, RFC 4253, RFC 6071

File metadata

Title CISCO 831 Security Policy
Subject FIPS 140-2 Security Policy
Author Clint Winebrenner
Creation date D:20220503161854-04'00'
Modification date D:20220503161854-04'00'
Pages 15
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4222,
  "dgst": "e428a291b4cc64ad",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "Triple-DES#A1462",
        "CVL#A1462",
        "KTS#A1462",
        "DRBG#A1462",
        "KAS-SSC#A1462",
        "KBKDF#A1462",
        "RSA#A1462",
        "ECDSA#A1462",
        "HMAC#A1462",
        "AES#A1462",
        "SHS#A1462"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECDH": {
            "ECDH": 4
          },
          "ECDSA": {
            "ECDSA": 7
          }
        },
        "FF": {
          "DH": {
            "DH": 4,
            "Diffie-Hellman": 5
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "GCM": {
          "GCM": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 11,
          "IKEv2": 2
        },
        "IPsec": {
          "IPsec": 6
        },
        "SSH": {
          "SSH": 9
        },
        "TLS": {
          "TLS": {
            "TLS": 1
          }
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 8,
          "P-384": 8,
          "P-521": 4
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES (128": 3,
          "CVL2": 1,
          "HMAC SHA-1": 1,
          "HMAC SHA-256": 1,
          "HMAC-SHA-1": 12,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-384": 2,
          "HMAC-SHA-512": 2,
          "SHA-1": 2,
          "SHA-1, 256": 1,
          "SHA-256": 2,
          "SHA-384": 1,
          "SHA-512": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 4,
          "level 1": 3
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 2
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 3
          },
          "SHA2": {
            "SHA-256": 2,
            "SHA-384": 1,
            "SHA-512": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 9
        },
        "RNG": {
          "RNG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 14,
          "FIPS 198": 1,
          "FIPS PUB 140-2": 1
        },
        "NIST": {
          "NIST SP 800-131A": 1,
          "SP 800-108": 1,
          "SP 800-90A": 8
        },
        "RFC": {
          "RFC 4253": 1,
          "RFC 6071": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 12
          },
          "RC": {
            "RC2": 2,
            "RC4": 2
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 14
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 5,
            "HMAC-SHA-256": 2,
            "HMAC-SHA-384": 1,
            "HMAC-SHA-512": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 37,
          "Cisco Systems": 3,
          "Cisco Systems, Inc": 13
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Clint Winebrenner",
      "/CreationDate": "D:20220503161854-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20220503161854-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Subject": "FIPS 140-2 Security Policy",
      "/Title": "CISCO 831 Security Policy",
      "pdf_file_size_bytes": 406512,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://csrc.nist.gov/groups/STM/cmvp/validation.html",
          "http://www.cisco.com/",
          "http://csrc.nist.gov/groups/STM/index.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 15
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "c1ef521de45ec1646e8df541c6b7a674679ecffbdb8997644b453b73a9b50e21",
    "policy_txt_hash": "6a8bfa777253dcc35e1309beeffffaf6c7a300b96a738421da48ac7f5e69d457"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2022_010622_0641_signed.pdf",
    "date_sunset": null,
    "description": "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "Rel5a",
    "historical_reason": "Moved to historical list due to sunsetting",
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "IOS Common Cryptographic Module (IC2M)",
    "module_type": "Firmware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": null,
    "tested_conf": [
      "IOS-XE 17.3 running on a Cisco ASR1K RP2 with an Intel Xeon L52XX",
      "IOS-XE 17.3 running on a Cisco ASR1K RP3 with an Intel Xeon D-15XX",
      "IOS-XE 17.3 running on a Cisco ISR 4321 with an Intel Atom C25XX"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2022-05-09",
        "lab": "Acumen Security",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}