Industry Solutions

FIPS 140

Cisco is a leader in securing FIPS 140 validations and is dedicated to information assurance, complying to standards for both product depth and breadth. The Federal Information Processing Standard (FIPS) 140 is a U.S. and Canadian government standard that specifies security requirements for cryptographic modules. A cryptographic module is defined as "the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary." The cryptographic module is what is being validated.

TRIAD's Global Certification Team and TRIAD's Common Security Modules Team implemented an innovative approach to expedite FIPS certifications. They developed a crypto module that is already FIPS-validated and can be embedded in Cisco products. Because the crypto module is already FIPS-validated, the Cisco product can claim compliance to FIPS 140.

The compliance process verifies that the Cisco product has implemented cryptography according to standards, and all applications that use cryptography do so correctly. Upon verification, the FIPS compliance process is complete and the product is considered to be FIPS-compliant by the virtue of using a FIPS-validated cryptographic module.

For more information on FIPS 140, please visit

FIPS 140-2 Compliance Review

Expediting FIPS Certifications with an innovative approach using FIPS validated crypto modules. The TRIAD's Global Certification Team and TRIAD's Common Security Modules Team has implemented a model of FIPS compliance when Cisco product has embedded a FIPS validated cryptographic library.

The compliance process verifies that the Cisco product has implemented cryptography according to standards and all applications that use cryptography, do so correctly, then a FIPS Compliance process is completed and the product is considered to be FIPS compliant by the virtue of using a FIPS validated cryptographic module.

 

Table 1. Current FIPS 140 Certifications

Cert / TN Number Certification Subtypes Title External Certification
0821 FIPS - 140-2 SL2 ASA 5510, ASA 5520 and ASA 5540 Certification
0872 FIPS - 140-2 SL1 PIX 525 and PIX 535 Certification
0877 FIPS - 140-2 SL2 7206VXR NPE-G1, 7206VXR NPE-G2 and 7301 with VAM2+ and 7206VXR NPE-G2 with VSA Certification
0879 FIPS - 140-2 SL2 PIX 515 and PIX 515E Certification
0906 FIPS - 140-2 SL2 ASA 5505 and ASA 5550 Certification
0913 FIPS - 140-2 SL2 Cisco Aironet LWAPP AP1131AG and AP1242AG Wireless LAN Access Points Certification
0948 FIPS - 140-2 SL1 Cisco Secure ACS FIPS Module Certification
0955 FIPS - 140-2 SL2 Cisco 4402 and 4404 Wireless LAN Controllers Certification
0957 FIPS - 140-2 SL2 Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) Certification
0958 FIPS - 140-2 SL2 Catalyst 3750G Integrated Wireless LAN Controller Certification
0969 FIPS - 140-2 SL2 Cisco MDS 9506, 9509, 9216i and 9513 Multi-Layer SAN Switches Certification
0975 FIPS - 140-2 SL2 3201 Wireless Mobile Interface Card with thermal plates Certification
1028 FIPS - 140-2 SL2 Cisco 2851 Integrated Services Router with AIM-VPN/SSL-2 Certification
1029 FIPS - 140-2 SL2 Cisco 3825 and Cisco 3845 Integrated Services Routers with AIM-VPN/SSL-3 Certification
1030 FIPS - 140-2 SL2 Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/SSL-2 Certification
1031 FIPS - 140-2 SL2 Cisco 1841 with AIM-VPN/SSL-1 and Cisco 2801 with AIM-VPN/SSL-2 Integrated Services Routers Certification
1033 FIPS - 140-2 SL2 Cisco 3825 Integrated Services Routers with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Routers with AIM-VPN/HPII-Plus Certification
1034 FIPS - 140-2 SL2 Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus Certification
1035 FIPS - 140-2 SL2 Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/EPII-Plus Certification
1036 FIPS - 140-2 SL2 Cisco 1841 Integrated Services Routers with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Routers with AIM-VPN/EPII-Plus Certification
1037 FIPS - 140-2 SL2 Cisco 1841 and Cisco 2801 Integrated Services Routers Certification
1038 FIPS - 140-2 SL2 Cisco 2811 and Cisco 2821 Integrated Services Routers Certification
1039 FIPS - 140-2 SL2 Cisco 2851 Integrated Services Router Certification
1040 FIPS - 140-2 SL2 Cisco 3825 and Cisco 3845 Integrated Services Routers Certification
1139 FIPS - 140-2 SL2 Cisco 3271 High Performance Mobile Access Router Card (HMARC) Certification
1141 FIPS - 140-2 SL2 Cisco ASA 5505, 5510, 5520, 5540 and 5550 Security Appliances Certification
1148   7921 and 7925 Chg Ltr Certification
1153 FIPS - 140-2 SL2 Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) Certification
1155 FIPS - 140-2 SL2 Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) Certification
1188 FIPS - 140-2 SL2 Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252 and AP1522 Wireless LAN Access Points Certification
1206 FIPS - 140-2 SL2 Cisco Catalyst 3750G Integrated Wireless LAN Controller Certification
1213 FIPS - 140-2 SL2 Cisco 4402 and 4404 Wireless LAN Controllers Certification
1242 FIPS - 140-2 SL2 Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) Certification
1425 FIPS - 140-2 SL2 Cisco Catalyst 3750G Integrated Wireless LAN Controller Certification
1434 FIPS - 140-2 SL2 Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) Certification
1435 FIPS - 140-2 SL2 Cisco 4402 and 4404 Wireless LAN Controllers Certification
1446 FIPS - 140-2 SL2 Cisco Aironet Lightweight AP1522, AP1524PS and AP1524SB Wireless LAN Access Points Certification
1447 FIPS - 140-2 SL2 Cisco 5508 Wireless LAN Controller Certification
1448 FIPS - 140-2 SL2 Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e and CAP3502i Wireless LAN Access Points Certification
1455 FIPS - 140-2 SL2 7206VXR NPE-G2 with VSA Certification
1497 FIPS - 140-2 SL1 Cisco Secure Access Control Server (ACS) FIPS module (NSS) Certification
1520 FIPS - 140-2 SL2 Cisco 1905, Cisco 1921, Cisco 1941, Cisco 2901, Cisco 2911 and Cisco 2921 Integrated Services Routers (ISRs) Certification
1521 FIPS - 140-2 SL2 Cisco 2951, Cisco 3925 and Cisco 3945 Integrated Services Routers (ISRs) Certification
1529 FIPS - 140-2 SL2 Cisco 881, Cisco 881G and Cisco 891 Integrated Services Routers (ISRs) Certification
1533 FIPS - 140-2 SL2 Nexus 7000 10 Slot Certification
1534 FIPS - 140-2 SL1 Nexus 7000 18 Slot Certification
1560 FIPS - 140-2 SL2 Cisco 3925E and Cisco 3945E Integrated Services Routers (ISRs) Certification
1639 FIPS - 140-2 SL1 Cisco 5940 Embedded Services Routers Certification
1657 FIPS - 140-2 SL2 Cisco Catalyst 3560-X and 3750-X Switches Certification
1717 FIPS - 140-2 SL2 Cisco Catalyst 6506-E [1], Catalyst 6509-E [2] and Catalyst 6513-E [3] Switches with Supervisor Cards (VS-S2T-10G or VS-S2T-10G-XL) and Line Cards (WS-X6908-10G or WS-X6908-10G-2TXL) Certification
1728 FIPS - 140-2 SL2 Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2) Certification
1829 FIPS - 140-2 SL2 Cisco 5508 Wireless LAN Controller Certification
1853 FIPS - 140-2 SL2 Cisco 4402 and 4404 Wireless LAN Controllers Certification
1875 FIPS - 140-2 SL2 Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with Wireless Services Modules (WiSMs) Certification
1888 FIPS - 140-2 SL2 Cisco Aironet 1552E Outdoor Access Point Certification
1907 FIPS - 140-2 SL2 Cisco Aironet? CAP3602E and CAP3602I Wireless LAN Access Points Certification
1909 FIPS - 140-2 SL2 Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2) Certification
1918 FIPS - 140-2 SL1 Cisco 7600 Series Routers with Supervisor RSP720 Certification
1935 FIPS - 140-2 SL1 Cisco 5915 Embedded Services Routers Certification
1940 FIPS - 140-2 SL1 IOS Common Cryptographic Module (IC2M) Certification
2002 FIPS - 140-2 SL2 Cat 6K MA2.bubb FIPS CL Certification
2093 FIPS - 140-2 SL2 Catalyst Switches (3560C, 3560X, and 3750X) Running IOS 15.0(2)SE4 Certification
FIPS-Comp1 FIPS - 140-2 SL1 Cisco Virtual Private Network (VPN) Client Certification
FIPS-Comp17 FIPS - 140-2 SL1 Cisco WebEx Meeting Server CWMS 1.5.1 FIPS CR Certification
FIPS-Comp2 FIPS - 140-2 SL1 Cisco Network Access Control (NAC) Certification
FIPS-Comp3 FIPS - 140-2 SL1 AnyConnect Virtual Private Network (VPN) Client Certification
FIPS-Comp4 FIPS - 140-2 SL1 Cisco Web Security Appliance (WSA) S670 Certification
FIPS-Comp10 FIPS - 140-2 SL1 Cisco Identity Services Engine (ISE) 1.1 Certification
FIPS-Comp11 FIPS - 140-2 SL1 Cisco ACS v5.3 Certification
FIPS-Comp12 FIPS - 140-2 SL1 Cisco ACS v5.2 Certification
FIPS-Comp13 FIPS - 140-2 SL1 Cisco AnyConnect Secure Mobility Certification
FIPS-Comp14 FIPS - 140-2 SL1 Cisco AnyConnect Secure Mobility- Mobile Certification
FIPS-Comp15 FIPS - 140-2 SL1 MDS 9K running NX-OS 5.2(6) Certification
FIPS-Comp16 FIPS - 140-2 SL1 Cisco Nexus 5000 switches (Nexus 2000 managed by N5K) Certification
FIPS-Comp18 FIPS - 140-2 SL1 Cisco Prime NCS Certification
FIPS-Comp19 FIPS - 140-2 SL1 Identity Services Engine v1.2 Certification
FIPS-Comp20 FIPS - 140-2 SL1 Cisco Intrusion Prevention System( IPS) Certification
FIPS-Comp21 FIPS - 140-2 SL1 Cat 2960C, 2960S, 2960SF, 3560C, 3560v2, 3750v2 Certification
FIPS-Comp22 FIPS - 140-2 SL1 MDS 9K running NX-OS 6.2(1) Certification
FIPS-Comp23 FIPS - 140-2 SL1 Unity Connection 8.6.1 Certification
FIPS-Comp24 FIPS - 140-2 SL1 Cisco Web Security Appliance (WSA) 7.7 Certification
FIPS-Comp25 FIPS - 140-2 SL1 ASR9K/CRS-1/3 Certification
FIPS-Comp26 FIPS - 140-2 SL1 MDS 9K running NX-OS 6.2(5) Certification
FIPS-Comp27 FIPS - 140-2 SL1 TC 6.2.1 Compliance Review Certification
FIPS-Comp28 FIPS - 140-2 SL1 Cisco Unity Connect - IP Phones 7821, 7841, 7845, 7861 Certification
FIPS-Comp29 FIPS - 140-2 SL1 Cisco Unity Connect - IP Phones 8961, 9951, 9971 Certification
FIPS-Comp30 FIPS - 140-2 SL1 ACS 5.5 - FIPS CR Certification
FIPS-Comp31 FIPS - 140-2 SL1 Nexus 3K running 6.0(2) Certification
FIPS-Comp32 FIPS - 140-2 SL1 Nexus 5K running 6.0(2) Certification
FIPS-Comp33 FIPS - 140-2 SL1 Nexus 6K running 6.0(2) Certification
FIPS-Comp34 FIPS - 140-2 SL1 Nexus 9K running 6.1(2) Certification
FIPS-Comp35 FIPS - 140-2 SL1 Cisco TelePresence VCS v8.1 FIPS CR Certification
FIPS-Comp36 FIPS - 140-2 SL1 Cat 4948E running 15.2.1E Certification
FIPS-Comp37 FIPS - 140-2 SL1 Cisco Email Security Appliance (ESA) v8.0.2 Certification
FIPS-Comp38 FIPS - 140-2 SL1 Cisco TelePresence Codec 7.1.3 - FIPS CR Certification
FIPS-Comp39 FIPS - 140-2 SL1 Cisco TelePresence VCS 8.2 - FIPS CR Certification
FIPS-Comp5 FIPS - 140-2 SL1 Cisco Email Security Appliance (ESA) C670 Certification
FIPS-Comp6 FIPS - 140-2 SL1 Cisco AnyConnect Secure Mobility Certification
FIPS-Comp7 FIPS - 140-2 SL1 Cisco Email Security Appliance (ESA) V8.0 Certification
FIPS-Comp8 FIPS - 140-2 SL1 Cisco Unified Communications Manager Certification
FIPS-Comp9 FIPS - 140-2 SL1 Cisco Unified MeetingPlace Certification
1390 FIPS - 140-2 SL2 Cisco ASR 1002f, ASR 1002 with ESP5 or ESP10, ASR 1004 with RP 1 or RP 2 and ESP10 or ESP20, and ASR 1006 with dual RP 1 or dual RP 2 and dual ESP10 or dual ESP20 Certification
1496 FIPS - 140-2 SL1 Cisco Secure Access Control Server (ACS) FIPS module (cryptolib) Certification
1621 FIPS - 140-2 SL2 Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B Certification
1643 FIPS - 140-2 SL1 Cisco Common Cryptographic Module (C3M) Certification
1647 FIPS - 140-2 SL1 Cisco Unified IP Phone 6901 and 6911 Certification
1650 FIPS - 140-2 SL1 Cisco Unified IP Phone 6921, 6941, 6945 and 6961 Certification
1668 FIPS - 140-2 SL1 Cisco Common Cryptographic Module (C3M) Certification
1700 FIPS - 140-2 SL2 Cisco 881W and Cisco 881GW Integrated Services Routers (ISRs) Certification
1818 FIPS - 140-2 SL2 Cisco EX60 and EX90 TelePresence Systems Certification
1823 FIPS - 140-2 SL2 Cisco Telepresence C40, C60, and C90 Codecs Certification
1824 FIPS - 140-2 SL1 Cisco Telepresence C20 Codec Certification
1932 FIPS - 140-2 SL2 Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances Certification
1942 FIPS - 140-2 SL2 Cisco Catalyst C4500X-32SFP+ and Catalyst 4500X-F-32SFP+ Certification
1982 FIPS - 140-2 SL2 Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E with Supervisor Cards (WS-X45-SUP7-E and WS-X45-Sup7L-E) and Line Cards (WS-X4748-RJ45V+E, WS-X4712-SFP+E, WS-X4640-CSFP-E, WS-X4748-NGPOE+E, and WS-X4748-RJ45-E) Certification
2034 FIPS - 140-2 SL1 Cisco FIPS Object Module (FOM) Certification
2090 FIPS - 140-2 SL2 ASR 1K XE 3.7.2ts Certification
2091 FIPS - 140-2 SL2 ONS 9.8 Certification
2100 FIPS - 140-2 SL1 C3M Common Crypto - Wood Anniversary Certification
2116 FIPS - 140-2 SL2 Cat 4K running IOS XE 3.5.0E Certification
2125 FIPS - 140-2 SL1 Cisco ACT2Lite Module - FIPS L1 Certification
2145 FIPS - 140-2 SL2 ISR G2s (1900s, 2900s, 3900s) - Cert # 2145 Certification
2146 FIPS - 140-2 SL2 ISR G2s (1941W, 800s) - Cert # 2146 Certification
2152 FIPS - 140-2 SL2 ISR G2s (2900s, 3900s, VG350) - Cert # 2152 Certification
2160 FIPS - 140-2 SL2 ISR G2s (1900s, 800s) - Cert # 2160 Certification

*Validated to Level 2 for all sections except Physical Security, which meet Level 1 requirements. This gives an overall Level 1 rating, but the Level 2 rating for all other sections is shown with the FIPS validation certificate.

Additionally, here is a link to the FIPS validated images on CCO: www.cisco.com/cgi-bin/tablebuild.pl/ifge0mdspif1.

Cisco sells FIPS kits that contain tamper-evidence labels and instructions on where to download the FIPS approved images and Security Policies. The part numbers for the FIPS kits are as follows:

  • CVPN2600FIPS/KIT
  • CVPN3600FIPS/KIT
  • CVPN7100FIPS/KIT
  • CVPN7200FIPS/KIT
  • CVPN3000FIPS/KIT