Industry Solutions

FIPS 140

Hierarchical Navigation

Cisco is dedicated to information assurance and complying to standards for both product depth and breadth. Cisco is a leader in securing FIPS 140 validations. The following tables provide current CMVP certifications, and those Cisco is currently pursuing with CMVP for FIPS 140.

For more information on FIPS 140, please visit: http://csrc.nist.gov/groups/STM/cmvp/index.html

For software certifications, go to the Software Download Center. If you are unable to locate the software image, use the GCT Image Request.

Cisco TrustSec Security Association Protocol for the Cisco Nexus 7000 - protocol supporting Cisco Trusted Security

Cisco has implemented a new cryptographic protocol to support Cisco TrustSec for the Cisco Nexus 7000 Series Switches. Please read the end user license agreement for more information.

Go Now

 

Table 1. Current FIPS 140 Certifications

Product IPSec Acceleration Module FIPS Level / Security Policy Software Version Certification
Cisco Catalyst 6506-E and 6509-E Cisco Catalyst 6506-E, Catalyst 6509-E and Catalyst 6513-E Switches with Supervisor Cards (VS-S2T-10G and VS-S2T-10G-XL) and Line Cards (WS-X6908-10G and WS-X6908-10G-2TXL) FIPS 140-2 Level 2 15.0(1)SY1 Cert.#1717
Cisco Identity Services Engine (ISE) 1.1 IPSec Acceleration Module: Cisco Common Cryptographic Module (C3M) (FIPS 140-2 Cert#1643), Cisco Secure Access Control Server (ACS) and FIPS module Network Services (NSS) (FIPS 140-2 Cert#1497) FIPS Level 1 ISE 1.1 Compliance Letter
(PDF - 60 KB)
Router ISR 881W and ISR 881GW FIPS 140-2 15.1(3)T2 Certification # 1700
Catalyst Switch Cisco Catalyst 3560-X & 3750-X Switches FIPS 140-2 Level 2 15.0(1)SE Certification # 1657
Embedded Services Router (ESR) Cisco 5940 Series Embedded Services Router (ESR) FIPS 140-2 Level 1 IOS 15.1.2GC2 Certification # 1639
Cryptographic Module Cisco Common Cryptographic Module (C3M) FIPS 140-2 Level 1 C3M - C 1.0 Certification # 1643
Certification # 1668
Cisco 7606-S, 7609-S chassis with SUP720-3B None FIPS 140-2 Level 2 15.1(2)S Certification # 1621
Cisco Unified MeetingPlace None FIPS 140-2, Level 1 8.5.2 Compliance Letter
(PDF - 90 KB)
Cisco AnyConnect Secure Mobility Crypto Accel None FIPS 140-2 Level 1 3.0 Compliance Letter
(PDF - 74 KB)
Cisco Unified Communications Manager None FIPS 140-2 Level 1 8.6(1a) Compliance Letter
(PDF - 82 KB)
Cisco 3925E and Cisco 3945E Integrated Services Routers (ISRs) None FIPS 140-2 Level 2 15.1(2)T3 Certificate #1560
Cisco 881, Cisco 881G and Cisco 891 Integrated Services Routers (ISRs) None FIPS 140-2 Level 2 15.1(2)T2A Certificate # 1529
Cisco 2951, Cisco 3925 and Cisco 3945 Integrated Services Routers (ISRs) None FIPS 140-2 Level 2 15.1(2)T2A Certificate #1521
Cisco 1905, Cisco 1921, Cisco 1941, Cisco 2901, Cisco 2911, and Cisco 2921 Integrated Services Routers (ISRs) None FIPS 140-2 Level 2 15.1(2)T2A Certificate #1520
Cisco Secure Access Control Server (ACS) FIPS module (NSS) None FIPS 140-2 Level 1 5.2 Certificate #1497
Cisco Secure Access Control Server (ACS) FIPS module (cryptolib) None FIPS 140-2 Level 1 5.2 Certificate #1496

Cisco Integrated Service Router 7206VXR NPEG2 with VSA

None

FIPS 140-2 Level 2

12.4(15)T10

Certificate #1455
Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e & CAP3502i Wireless LAN Access Points None FIPS 140-2 Level 2 7.0.98.0
7.0.98.213
7.0.116.0		 Certificate #1448
Cisco 5508 Wireless LAN Controller None FIPS 140-2 Level 2 7.0.98.0
7.0.98.213
7.0.116.0		 Certificate #1447
Cisco Aironet Lightweight AP1522, AP1524PS & AP1524SB Wireless LAN Access Points None FIPS 140-2 Level 2 7.0.98.0
7.0.98.213
7.0.116.0		 Certificate #1446
Cisco Adaptive Security Appliance (ASA)5505, 5510,5520, 5540, 5550, 5580-20 & 5580-40 None FIPS 140-2 Level 2 & Level 3 for Roles, Services, Authentication & Design Assurance 8.3.2 Certificate #1436
None FIPS 140-2 Level 2 8.3.1.4
None FIPS 140-2 Level 2 8.3.1.4
Cisco 4402 & 4404 Wireless LAN Controllers None FIPS 140-2 Level 2 7.0.98.0
7.0.98.213
7.0.116.0		 Certificate #1435
Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) None FIPS 140-2 Level 2 7.0.98.0
7.0.98.213
7.0.116.0		 Certificate #1434
Cisco Catalyst 3750G Integrated Wireless LAN Controller None FIPS 140-2 Level 2 7.0.98.0
7.0.98.213
7.0.116.0		 Certificate #1425
Cisco Email Security Appliance (ESA) C670 None FIPS 140-2 Level 2 7.3 Compliance Letter (PDF - 58 KB)
Cisco Web Security Appliance (WSA) S670 None FIPS 140-2 Level 2 6.5.0 Compliance Letter (PDF - 48 KB)
Cisco Aggregation Services Router (ASR) None FIPS 140-2 Level 2 2.4.2t Certificate #1390
Cisco 4402 and 4404 Wireless LAN Controllers None FIPS 140-2 Level 2 5.2.157.0
5.2.178.5		 Certificate #1213
Cisco AnyConnect Virtual Private Network (VPN) Client None FIPS 140-2 Level 2 2.4 Compliance Letter (PDF - 53 KB)
Cisco Catalyst 3750G Integrated Wireless LAN Controller None FIPS 140-2 Level 2 5.2.157.0
5.2.178.5
7.0.98.213
7.0.116.0		 Certificate #1206
Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1522 Wireless LAN Access Points None FIPS 140-2 Level 2 5.2.157.0
5.2.178.5		 Certificate #1188
Cisco Network Access Control (NAC) (Hardware versions 3315, 3355, 3395) None FIPS 140-2 Level 2 4.7.1 Compliance Letter (PDF - 47 KB)
Cisco Network Access Control (NAC) Agent None FIPS 140-2 Level 2 4.7.1 Compliance Letter
Cisco Catalyst 6506, Catalyst 6506E, Catalyst 6509 and Catalyst 6509E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec3) IPSec VPN SPA FIPS 140-2 Level 2 Firmware Versions: Modular IOS 12.2(33)SXI and 12.2(33)SXI1 Certificate #1155
FIPS 140-2 Level 2 IOS 12.2(33)SXI and IOS 12.2(33)SXI1 Certificate #1153
Cisco Virtual Private Network (VPN) Client None FIPS 140-2 Level 2 5.0.05.0570 Compliance Letter (PDF - 651 KB)
Cisco Unified Wireless IP Phone 7921G and 7925G None FIPS 140-2 Level 2 1.3 (2) Certificate #1148
Cisco ASA 5505, 5510, 5520, 5540 and 5550 Security Appliances None FIPS 140-2 Level 2 8.04.16; 8.0.4.28; 8.0.5; 8.2.1, 8.2.2.9 Certificate #1141
Cisco 3271 High Performance Mobile Access Router Card HMARC None FIPS 140-2 Level 2 12.4(15)T7 Certificate #1139
Cisco 3825 and Cisco 3845 Integrated Services Routers None FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1040
Cisco 2851 Integrated Services Routers None FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1039
Cisco 2811 and Cisco 2821 Integrated Services Routers None FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1038
Cisco 1841 and Cisco 2801 Integrated Services Routers None FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1037
Cisco 1841 Integrated Services Router
Cisco 2801 Integrated Services Router		 AIM-VPN/BPII-Plus
AI-VPN/EPII Plus		 FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1036
Cisco 2811 and 2821 Integrated Service Routers AIM-VPN/EPII-Plus FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1035
Cisco 2851 Integrated Services Router AIM-VPN/EPII-Plus FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1034
Cisco 3825 Integrated Services Router
Cisco 3845 Integrated Services Router		 AIM-VPN/EPII-Plus
AIM-VPN/HPII-Plus		 FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1033
Cisco 1841 Integrated Services Router
Cisco 2801 Integrated Services Router		 AIM-VPN/SSL-1
AIM-VPN/SSL-2		 FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1031
Cisco 2811 and Cisco 2821 Integrated Services Router AIM-VPN/SSL-2 FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1030
Cisco 3825 and Cisco 3845 Integrated Services Router AIM-VPN/SSL-3 FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1029
Cisco 2851 Integrated Service Router AIM-VPN/SSL-2 FIPS 140-2 Level 2 12.4(15)T3
12.4(15)T10		 Certificate #1028
Cisco Secure Services Client FIPS Module None FIPS 140-2 Level 1 1.0.0.0 Certificate #1016
Cisco 3201 Wireless Mobile Interface Card for the Cisco 3200 Series with Thermal Plates None FIPS 140-2 Level 2 S3201W7K9-12308JK Certificate #975
Cisco MDS 9506, 9509, MDS 9513, Cisco MDS 9216i (w/ 14/2 line card), MDS 9216i (w/o 14/2 line card) Multilayer SAN Switches None FIPS 140-2 Level 2 3.2 (2) Certificate #969
Cisco Catalyst 3750G Integrated Wireless LAN Controller None FIPS 140-2 Level 2 4.1.171.0
4.1.1.85.10
7.0.98.213
7.0.116.0		 Certificate #958
Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) None FIPS 140-2 Level 2 12.2(18)SXF7
4.1.171.0
4.1.185.10		 Certificate #957
Cisco 4402 and 4404 Wireless LAN Controllers None FIPS 140-2 Level 2 4.1.171.0
4.1.185.10		 Certificate #955
Cisco Secure ACS FIPS Module 1.1 None FIPS 140-2 Level 1 4.1.2
4.1.4
4.2		 Certificate # 948
Cisco Aironet LWAPP AP1131AG and AP1242AG Wireless LAN Access Points None FIPS 140-2 Level 2 4.1.171.0
4.1.185.10		 Certificate #913
Cisco ASA 5505 and 5550 Security Appliances None FIPS 140-2 Level 2 7.2.2.18
7.2.4.18
7.2.4.30		 Certificate #906
Cisco PIX 515 and PIX 515E Security Appliances None FIPS 140-2 Level 2 7.2.2.18 Certificate #879
Cisco Integrated Service Router 7206VXR NPE-G1, Cisco 7206VXR NPE-G2 Cisco 7206 VXR NPE-G1 with VSA and 7301 with VAM2+ VAM2+ FIPS 140-2 Level 2 12.4(11)T1 Certificate #877
Cisco PIX 525 and 535 None FIPS 140-2 Level 1 7.2.2.18 Certificate #872
Cisco ASA 5510, ASA 5520, ASA 5540 None FIPS 140-2 Level 2 7.2.2.18
7.2.2.27
7.2.4.18
7.2.4.30		 Certificate #821
Cisco PIX 525/535 Security Appliance None FIPS 140-2 Level 2 7.0.4 Certificate #758
Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with Wireless Services Modules (WiSMs) None FIPS 140-2 Level 2 3.2.116.21 Certificate #729
Cisco Integrated Service Routers 871,876,877,878 None FIPS 140-2 Level 2 12.4(4)T2 Certificate #707
Cisco 1801, 1802, 1803, 1811 and 1812 Integrated Services Routers Fixed Configuration Models None FIPS 140-2 Level 2 12.4(4)T2 Certificate #702
Cisco Aironet AP1131AG, AP1232AG, and AP1242AG Wireless Access Points and BR1310G Wireless Bridge None FIPS 140-2 Level 2 12.3(8)JA2 Certificate #701
Cisco Aironet LWAPP AP1131AG, AP1231G, AP1232AG, AP1242AG Wireless Access Points None FIPS 140-2 Level 2 3.2.116.21 Certificate #695
Cisco 4402 and 4404 Wireless LAN Controllers None FIPS 140-2 Level 2 3.2.116.21 Certificate #693
Cisco Catalyst 6509, 6506, 6509E, 6506E, 7606 and 7609 Routers with VPNSM VPNS FIPS 140-2 Level 2 12.2(18)SXE2 Certificate #676
7206VXR NPE-G1 and 7301 (with VAM2+) NPE-G1 FIPS 140-2 Level 2 12.3(11) T10 Certificate #673
Cisco Catalyst 6509, 6506, 6509E, 6506E, 7606 and 7609 Routers VPN Shared Port Adapter FIPS 140-2 Level 2 12.2(18)SXE2 Certificate #658
Cisco PIX 515/515E Security Appliance VAC+ FIPS 140-2 Level 2 7.0(4) Certificate #656
ASA 5510, 5520, 5540 None FIPS 140-2 Level 2 7.0(4) Certificate #655
Cisco 3251 Mobile Access Router Card None FIPS 140-2 Level 2 12.3(14)T2 Certificate #633
Cisco 3220 Mobile Access Router Card None FIPS 140-2 Level 1 12.3(14)T2 Certificate #632
Cisco 1841 Integrated Services Router, Cisco 2801 Integrated Services Router AIM-VPN/BPII-Plus, AIM- VPN/EPII-Plus FIPS 140-2 Level 2 12.3(11)T03 Certificate #620
Cisco 2851 Integrated Services Router AIM-VPN/EPII-Plus FIPS 140-2 Level 2 12.3(11)T03 Certificate #619
Cisco 3825 and 3845 Integrated Services Routers AIM-VPN/EPII-Plus, AIM-VPN/HPII-Plus FIPS 140-2 Level 2 12.3(11)T03 Certificate #618
Cisco 2811 and Cisco 2821 Integrated Services Routers AIMVPN/ EPII-Plus FIPS 140-2 Level 2 12.3(11)T03 Certificate #617
Cisco 1841 and Cisco 2801 Integrated Services Routers Onboard FIPS 140-2 Level 2 12.3(11)T03 Certificate #616
Cisco 2851 Integrated Services Router Onboard FIPS 140-2 Level 2 12.3(11)T03 Certificate #613
Cisco 2811 and 2821 Integrated Services Routers Onboard FIPS 140-2 Level 2 12.3(11)T03 Certificate #612
Cisco 3825 and 3845 Integrated Services Routers Onboard FIPS 140-2 Level 2 12.3(11)T03 Certificate #596
Cisco 831 Secure Broadband Routers n/a FIPS 140-2 Level 2 12.3(8)T5 Certificate #518
Cisco 2621XM and 2651XM Modular Access Routers AIM-VPN/EP FIPS 140-2 Level 2 12.3(3d) Certificate #438
Cisco 3220 and 3251 Mobile Access Router Cards n/a FIPS 140-2 Level 1 12.2(11r)YQ4 Certificate #432
Cisco Catalyst 6509 Switch and 7606 and 7609 Router with VPN Services Module n/a FIPS 140-2 Level 2 12.2(14)SY3 Certificate #429
Cisco 7206 VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) VAM2 and Dual VAM2 FIPS 140-2 Level 2 12.3(3d) Certificate #428
Cisco 3745 Modular Access Router AIM-VPN/HPII FIPS 140-2 Level 2 12.3(3d) Certificate #427
Cisco 2691 and 3725 Modular Access Router AIM-VPN/EPII FIPS 140-2 Level 2 12.3(3d) Certificate #427
Cisco 1721 and 1760 Modular Access Routers MOD1700-VPN FIPS 140-2 Level 2 12.3(3d) Certificate #426
Cisco 7206 VXR NPE-400 Router VAM FIPS 140-2 Level 2 12.3(3d) Certificate #423
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, 7206-VXR NPE-400 Routers (all non-accelerated) n/a FIPS 140-2 Level 2 12.3(3d) Certificate #422
Cisco VPN 3000 Series Concentrators VPN 3005, 3015, 3030, 3060, 3080 n/a FIPS 140-2 Level 2 3.6.7.F Certificate #421
Cisco VPN Client n/a FIPS 140-2 Level 1 3.6.5 Certificate #407
Cisco VPN 3002 and 3002-8E Hardware Clients n/a FIPS 140-2 Level 2 3.6.7.F Certificate #388
Cisco CSS Series 11000 Secure Content Accelerator/SonicWALL SSL-RX n/a FIPS 140-2 Level 2 4.1 Certificate #340
Cisco VPN 3002 and 3002-8E Hardware Clients n/a FIPS 140-1 Level 2 3.1 Certificate #211
Cisco VPN 3000 Concentrator Series 3005, 3015, 3030, 3060, 3080 n/a FIPS 140-1 Level 2 3.1 Certificate #210
Cisco 2621 and 2651 Modular Access Routers AIM-VPN/BP FIPS 140-1 Level 2 12.1(5)T Certificate #196
  FIPS 140-1 Level 2 12.1(5)T Certificate #194
Cisco 7206VXR NPE-400 SA-ISA FIPS 140-1 Level 2 12.1(9)E Certificate #193
Cisco 7206VXR NPE-400   FIPS 140-1 Level 2 12.1(9)E Certificate #192
Cisco 7140 VPN Router with ISM SM-ISM and SA-ISA FIPS 140-1 Level 2 12.1(9)E Certificate #191
Cisco 7140 Router   FIPS 140-1 Level 2 12.1(9)E Certificate #190
Cisco 3640 and 3660 Modular Access Router NM-VPN/MP, AIM-VPN/HP FIPS 140-1 Level 2 12.1(5)T Certificate #189
  FIPS 140-1 Level 2 12.1(5)T Certificate #188
Virtual Private Network (VPN) Cisco AnyConnect Secure Mobility Client None FIPS 140-1 Level 1 3.0 Certification Ltr

*Validated to Level 2 for all sections except Physical Security, which meet Level 1 requirements. This gives an overall Level 1 rating, but the Level 2 rating for all other sections is shown with the FIPS validation certificate.

Additionally, here is a link to the FIPS validated images on CCO: www.cisco.com/cgi-bin/tablebuild.pl/ifge0mdspif1.

Cisco sells FIPS kits that contain tamper-evidence labels and instructions on where to download the FIPS approved images and Security Policies. The part numbers for the FIPS kits are as follows:

  • CVPN2600FIPS/KIT
  • CVPN3600FIPS/KIT
  • CVPN7100FIPS/KIT
  • CVPN7200FIPS/KIT
  • CVPN3000FIPS/KIT

Table 2. FIPS 140 Validations in Progress

Technology Product Testing Status Level
Embedded Services Router (ESR) Cisco 5915 Series Embedded Services Router (ESR) In Lab IUT FIPS 140-2 Level 1
Adaptive Security Appliance (ASA) Cisco ASA 5505, 5510, 5520, 5540, 5550, and 5585-X Adaptive Security Appliances In Lab IUT1 FIPS 140-2 Level 2
Current FIPs 140 Certifications Cisco Nexus 7010 IPSec Acceleration
NX-OS version 5.1(1a)
Certificate #1533		   FIPS 140-2 Level 2
Cisco Nexus 7018 IPSec Acceleration
NX-OS version 5.1(1a)
Certificate #1534		   FIPS 140-2 Level 1
Switch Cisco Catalyst 4500 Series In Lab IUT FIPS 140-2 Level 2
Unified Communications TANDBERG C20, C40, C60, C90, and EX90 Video Endpoints In Lab IUT2 FIPS 140-2 Level 2
Cisco Unified IP Phone 6921, 6941, 6945, and 6961 In Lab IUT FIPS 140-1 Level 1
Cisco Unified IP Phone 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE and 7975G In Lab IUT FIPS 140-1 Level 1
Cisco Unified IP Phone 6901 and 6911 In Lab IUT FIPS 140-1 Level 1
Cryptographic Module IOS Common Crypto Module (IC2M) In Lab IUT FIPS 140-2 Level 1

1 Implementation Under Test

Let Us Help

Social Media

Certification