Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.
Palo Alto Networks PA-200 Series, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS v8.0.6
CCEVS-VR-VID-10839-2018
Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0
CCEVS-VR-VID-11063-2020
name Palo Alto Networks PA-200 Series, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS v8.0.6 Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0
category Data Protection Network and Network-Related Devices and Systems
not_valid_after 30.04.2020 14.10.2022
not_valid_before 30.04.2018 14.10.2020
cert_link https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid10839-ci.pdf https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-ci.pdf
report_link https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid10839-vr.pdf https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-vr.pdf
st_link https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid10839-st.pdf https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-st.pdf
dgst 50650dd65fbc726c d0bdbe099855466b
heuristics/cert_id CCEVS-VR-VID-10839-2018 CCEVS-VR-VID-11063-2020
heuristics/extracted_sars AGD_PRE.1, ALC_CMS.1, ADV_FSP.1, AVA_VAN.1, AGD_OPE.1, ATE_IND.1, ALC_CMC.1 ALC_CMS.1, ADV_FSP.1, AVA_VAN.1, ATE_IND.1, ALC_CMC.1
heuristics/extracted_versions 8.0.6 9.0
heuristics/scheme_data
  • category: Firewall, Network Device, Virtual Private Network
  • certification_date: 30.04.2018
  • evaluation_facility: Leidos Common Criteria Testing Laboratory
  • expiration_date: 30.04.2020
  • id: CCEVS-VR-VID10839
  • product: Palo Alto Networks PA-200 Series, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS v8.0.6
  • scheme: US
  • url: https://www.niap-ccevs.org/product/10839
  • vendor: Palo Alto Networks, Inc.
  • category: Firewall, Network Device, Virtual Private Network
  • certification_date: 14.10.2020
  • evaluation_facility: Leidos Common Criteria Testing Laboratory
  • expiration_date: 14.10.2022
  • id: CCEVS-VR-VID11063
  • product: Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0
  • scheme: US
  • url: https://www.niap-ccevs.org/product/11063
  • vendor: Palo Alto Networks, Inc.
maintenance_updates
protection_profiles


pdf_data/cert_filename st_vid10839-ci.pdf st_vid11063-ci.pdf
pdf_data/cert_keywords/cc_cert_id
  • US:
    • CCEVS-VR-VID10839-2018: 1
  • US:
    • CCEVS-VR-VID11063-2020: 1
pdf_data/cert_keywords/crypto_protocol
  • VPN:
    • VPN: 1
pdf_data/cert_metadata
  • /CreationDate: D:20180601141659-04'00'
  • /ModDate: D:20180601141659-04'00'
  • /Producer: iText 2.1.0 (by lowagie.com)
  • pdf_file_size_bytes: 184858
  • pdf_hyperlinks: {}
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 1
  • /CreationDate: D:20201021133635-04'00'
  • /ModDate: D:20201021133635-04'00'
  • /Producer: iText 2.1.0 (by lowagie.com)
  • pdf_file_size_bytes: 182814
  • pdf_hyperlinks: {}
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 1
pdf_data/report_filename st_vid10839-vr.pdf st_vid11063-vr.pdf
pdf_data/report_frontpage
  • US:
    • cert_id: CCEVS-VR-VID10839-2018
    • cert_item: for Palo Alto Networks PA-200 Series, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5200 Series, PA-7000 Series, and VM Series Next- Generation Firewall with PAN-OS v8.0.6
    • cert_lab: US NIAP
  • US:
    • cert_id: CCEVS-VR-VID11063-2020
    • cert_item: for Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0
    • cert_lab: US NIAP
pdf_data/report_keywords/cc_cert_id
  • US:
    • CCEVS-VR-VID10839-2018: 1
  • US:
    • CCEVS-VR-VID11063-2020: 1
pdf_data/report_keywords/cc_sar
  • ADV:
    • ADV_FSP.1: 1
  • AGD:
    • AGD_OPE.1: 1
    • AGD_PRE.1: 1
  • ALC:
    • ALC_CMC.1: 1
    • ALC_CMS.1: 1
  • ATE:
    • ATE_IND.1: 1
  • AVA:
    • AVA_VAN.1: 1
pdf_data/report_keywords/cc_sfr
  • FCS:
    • FCS_CKM.1: 1
    • FCS_CKM.2: 1
    • FCS_TLSS_EXT: 1
  • FMT:
    • FMT_SMF.1.1: 1
pdf_data/report_keywords/vendor
  • Broadcom:
    • Broadcom: 3
  • Microsoft:
    • Microsoft: 6
  • Microsoft:
    • Microsoft: 2
pdf_data/report_keywords/eval_facility
  • Leidos:
    • Leidos: 8
  • Leidos:
    • Leidos: 7
pdf_data/report_keywords/asymmetric_crypto
  • ECC:
    • ECC:
      • ECC: 3
    • ECDH:
      • ECDHE: 1
  • FF:
    • DH:
      • DH: 2
pdf_data/report_keywords/crypto_protocol
  • IKE:
    • IKE: 1
  • IPsec:
    • IPsec: 14
  • SSH:
    • SSH: 1
  • TLS:
    • SSL:
      • SSL: 1
    • TLS:
      • TLS: 23
  • IPsec:
    • IPsec: 12
  • SSH:
    • SSH: 14
  • TLS:
    • TLS:
      • TLS: 10
  • VPN:
    • VPN: 18
pdf_data/report_keywords/cipher_mode
  • CBC:
    • CBC: 1
pdf_data/report_keywords/crypto_library
  • OpenSSL:
    • OpenSSL: 1
pdf_data/report_keywords/standard_id
  • RFC:
    • RFC5280: 1
    • RFC5759: 1
  • X509:
    • X.509: 5
pdf_data/report_keywords/certification_process
  • OutOfScope:
    • and URL Filtering security policies/profiles are not evaluated and therefore, these features are out of scope. API request over HTTP By default, the TOE supports API requests over HTTPS or HTTPS tunneled over: 1
    • Policies The TLS and SSH decryption policies are not evaluated and therefore, these features are out of scope. Anti-Virus, Anti-Spyware, Anti-Malware Security Policies The Anti-Virus, Anti-Spyware: 1
    • by the security functional requirements: TLS, HTTPS, SSH, IKE/IPsec. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP: 1
    • out of scope: 4
    • security policies (i.e., profiles) are not evaluated and therefore, there features are out of scope. File Blocking, DLP, and URL Filtering Security Policies The File Blocking, DLP (Data Loss: 1
pdf_data/report_metadata
  • /CreationDate: D:20180601141515-04'00'
  • /ModDate: D:20180601141515-04'00'
  • pdf_file_size_bytes: 967505
  • pdf_hyperlinks: http://www.niap-ccevs.org/
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 31
  • /CreationDate: D:20210517140421-04'00'
  • /ModDate: D:20210517140421-04'00'
  • pdf_file_size_bytes: 778696
  • pdf_hyperlinks: {}
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 38
pdf_data/st_filename st_vid10839-st.pdf st_vid11063-st.pdf
pdf_data/st_keywords/cc_sfr
  • FAU:
    • FAU_GEN: 6
    • FAU_GEN.1: 3
    • FAU_GEN.1.1: 1
    • FAU_GEN.1.2: 1
    • FAU_GEN.2: 3
    • FAU_GEN.2.1: 1
    • FAU_STG: 3
    • FAU_STG.1: 3
    • FAU_STG.1.1: 1
    • FAU_STG.1.2: 1
    • FAU_STG_EXT: 8
    • FAU_STG_EXT.1: 3
    • FAU_STG_EXT.1.1: 1
    • FAU_STG_EXT.1.2: 1
    • FAU_STG_EXT.1.3: 1
    • FAU_STG_EXT.3: 2
    • FAU_STG_EXT.3.1: 1
  • FCS:
    • FCS_CKM: 9
    • FCS_CKM.1: 6
    • FCS_CKM.1.1: 1
    • FCS_CKM.2: 6
    • FCS_CKM.4: 4
    • FCS_CKM.4.1: 1
    • FCS_COP.1: 29
    • FCS_COP.1.1: 5
    • FCS_RBG_EXT: 3
    • FCS_RBG_EXT.1: 5
    • FCS_RBG_EXT.1.1: 1
    • FCS_RBG_EXT.1.2: 1
    • FCS_TLSC_EXT: 1
    • FCS_TLSC_EXT.1: 8
    • FCS_TLSC_EXT.1.2: 1
    • FCS_TLSC_EXT.1.3: 1
    • FCS_TLSC_EXT.1.4: 1
    • FCS_TLSC_EXT.2: 9
    • FCS_TLSC_EXT.2.2: 1
    • FCS_TLSC_EXT.2.3: 1
    • FCS_TLSC_EXT.2.4: 1
    • FCS_TLSC_EXT.2.5: 1
    • FCS_TLSS_EXT: 1
    • FCS_TLSS_EXT.1: 11
    • FCS_TLSS_EXT.2: 11
    • FCS_TLSS_EXT.2.4: 1
    • FCS_TLSS_EXT.2.5: 1
    • FCS_TLSS_EXT.2.6: 1
  • FDP:
    • FDP_ACC.1: 3
    • FDP_RIP: 3
    • FDP_RIP.2: 3
    • FDP_RIP.2.1: 1
  • FIA:
    • FIA_PMG_EXT: 4
    • FIA_PMG_EXT.1: 3
    • FIA_PMG_EXT.1.1: 1
    • FIA_UAU: 3
    • FIA_UAU.7: 3
    • FIA_UAU.7.1: 1
    • FIA_UAU_EXT: 3
    • FIA_UAU_EXT.2: 4
    • FIA_UAU_EXT.2.1: 1
    • FIA_UIA_EXT: 4
    • FIA_UIA_EXT.1: 5
    • FIA_UIA_EXT.1.1: 1
    • FIA_UIA_EXT.1.2: 1
  • FMT:
    • FMT_MOF.1: 26
    • FMT_MOF.1.1: 4
    • FMT_MTD: 9
    • FMT_MTD.1: 4
    • FMT_MTD.1.1: 1
    • FMT_SMF: 3
    • FMT_SMF.1: 4
    • FMT_SMF.1.1: 1
    • FMT_SMR: 3
    • FMT_SMR.2: 3
    • FMT_SMR.2.1: 1
    • FMT_SMR.2.2: 1
    • FMT_SMR.2.3: 1
  • FPT:
    • FPT_APW_EXT: 4
    • FPT_APW_EXT.1: 3
    • FPT_APW_EXT.1.1: 1
    • FPT_APW_EXT.1.2: 1
    • FPT_SKP_EXT: 4
    • FPT_SKP_EXT.1: 3
    • FPT_SKP_EXT.1.1: 1
    • FPT_STM: 3
    • FPT_STM.1: 3
    • FPT_STM.1.1: 1
    • FPT_TST_EXT: 8
    • FPT_TST_EXT.1: 3
    • FPT_TST_EXT.1.1: 1
    • FPT_TST_EXT.2: 1
    • FPT_TST_EXT.2.1: 1
    • FPT_TUD_EXT: 4
    • FPT_TUD_EXT.1: 4
    • FPT_TUD_EXT.1.2: 1
    • FPT_TUD_EXT.1.3: 1
  • FTA:
    • FTA_SSL: 6
    • FTA_SSL.3: 3
    • FTA_SSL.3.1: 1
    • FTA_SSL.4: 3
    • FTA_SSL.4.1: 1
    • FTA_SSL_EXT: 4
    • FTA_SSL_EXT.1: 3
    • FTA_SSL_EXT.1.1: 1
    • FTA_TAB: 3
    • FTA_TAB.1: 4
    • FTA_TAB.1.1: 1
  • FTP:
    • FTP_ITC: 4
    • FTP_ITC.1: 3
    • FTP_ITC.1.1: 1
    • FTP_ITC.1.2: 1
    • FTP_ITC.1.3: 1
    • FTP_ITC_EXT.1: 1
    • FTP_TRP: 3
    • FTP_TRP.1: 3
    • FTP_TRP.1.1: 1
    • FTP_TRP.1.2: 1
    • FTP_TRP.1.3: 1
  • FAU:
    • FAU_GEN: 2
    • FAU_GEN.1: 4
    • FAU_GEN.1.1: 1
    • FAU_GEN.1.2: 1
    • FAU_GEN.2: 3
    • FAU_GEN.2.1: 1
    • FAU_STG_EXT: 1
    • FAU_STG_EXT.1: 3
    • FAU_STG_EXT.1.1: 1
    • FAU_STG_EXT.1.2: 1
    • FAU_STG_EXT.1.3: 1
  • FCS:
    • FCS_CKM: 7
    • FCS_CKM.1: 4
    • FCS_CKM.1.1: 1
    • FCS_CKM.2: 7
    • FCS_CKM.2.1: 1
    • FCS_CKM.4: 3
    • FCS_CKM.4.1: 1
    • FCS_COP: 15
    • FCS_COP.1: 4
    • FCS_RBG_EXT: 1
    • FCS_RBG_EXT.1: 5
    • FCS_RBG_EXT.1.1: 1
    • FCS_RBG_EXT.1.2: 1
    • FCS_SSHS_EXT: 1
    • FCS_SSHS_EXT.1: 3
    • FCS_SSHS_EXT.1.1: 2
    • FCS_SSHS_EXT.1.2: 1
    • FCS_SSHS_EXT.1.3: 1
    • FCS_SSHS_EXT.1.4: 1
    • FCS_SSHS_EXT.1.5: 2
    • FCS_SSHS_EXT.1.6: 1
    • FCS_SSHS_EXT.1.7: 1
    • FCS_SSHS_EXT.1.8: 2
    • FCS_TLSC_EXT: 1
    • FCS_TLSC_EXT.1: 3
    • FCS_TLSC_EXT.1.1: 2
    • FCS_TLSC_EXT.1.2: 1
    • FCS_TLSC_EXT.1.3: 1
    • FCS_TLSC_EXT.1.4: 1
    • FCS_TLSC_EXT.2: 7
    • FCS_TLSC_EXT.2.1: 2
    • FCS_TLSC_EXT.2.2: 2
    • FCS_TLSC_EXT.2.3: 2
    • FCS_TLSC_EXT.2.4: 2
    • FCS_TLSC_EXT.2.5: 2
    • FCS_TLSS_EXT: 2
    • FCS_TLSS_EXT.1: 3
    • FCS_TLSS_EXT.1.1: 1
    • FCS_TLSS_EXT.1.2: 1
    • FCS_TLSS_EXT.1.3: 1
    • FCS_TLSS_EXT.2: 2
    • FCS_TLSS_EXT.2.1: 1
    • FCS_TLSS_EXT.2.2: 1
    • FCS_TLSS_EXT.2.3: 1
    • FCS_TLSS_EXT.2.4: 1
    • FCS_TLSS_EXT.2.5: 1
    • FCS_TLSS_EXT.2.6: 1
  • FDP:
    • FDP_RIP: 1
    • FDP_RIP.2: 4
  • FIA:
    • FIA_AFL: 1
    • FIA_AFL.1: 6
    • FIA_AFL.1.1: 1
    • FIA_AFL.1.2: 1
    • FIA_PMG_EXT: 1
    • FIA_PMG_EXT.1: 3
    • FIA_PMG_EXT.1.1: 1
    • FIA_UAU: 1
    • FIA_UAU.7: 3
    • FIA_UAU.7.1: 1
    • FIA_UAU_EXT: 1
    • FIA_UAU_EXT.2: 2
    • FIA_UAU_EXT.2.1: 1
    • FIA_UIA_EXT: 1
    • FIA_UIA_EXT.1: 5
    • FIA_UIA_EXT.1.1: 1
    • FIA_UIA_EXT.1.2: 1
  • FMT:
    • FMT_MOF: 12
    • FMT_MOF.1: 3
    • FMT_MTD: 8
    • FMT_MTD.1: 3
    • FMT_SMF: 4
    • FMT_SMF.1: 4
    • FMT_SMF.1.1: 1
    • FMT_SMR: 1
    • FMT_SMR.2: 3
    • FMT_SMR.2.1: 1
    • FMT_SMR.2.2: 1
    • FMT_SMR.2.3: 1
  • FPT:
    • FPT_APW_EXT: 2
    • FPT_APW_EXT.1: 3
    • FPT_APW_EXT.1.1: 1
    • FPT_APW_EXT.1.2: 1
    • FPT_FLS: 4
    • FPT_FLS.1: 1
    • FPT_ITC.1: 1
    • FPT_SKP_EXT: 2
    • FPT_SKP_EXT.1: 2
    • FPT_SKP_EXT.1.1: 1
    • FPT_STM_EXT: 2
    • FPT_STM_EXT.1: 3
    • FPT_STM_EXT.1.1: 1
    • FPT_STM_EXT.1.2: 1
    • FPT_TST_EXT: 3
    • FPT_TST_EXT.1: 4
    • FPT_TST_EXT.1.1: 1
    • FPT_TST_EXT.3: 2
    • FPT_TST_EXT.3.1: 1
    • FPT_TST_EXT.3.2: 1
    • FPT_TUD_EXT: 2
    • FPT_TUD_EXT.1: 3
    • FPT_TUD_EXT.1.1: 1
    • FPT_TUD_EXT.1.2: 1
    • FPT_TUD_EXT.1.3: 2
  • FTA:
    • FTA_SSL: 2
    • FTA_SSL.3: 4
    • FTA_SSL.3.1: 1
    • FTA_SSL.4: 2
    • FTA_SSL.4.1: 1
    • FTA_SSL_EXT: 1
    • FTA_SSL_EXT.1: 4
    • FTA_SSL_EXT.1.1: 1
    • FTA_TAB: 1
    • FTA_TAB.1: 4
    • FTA_TAB.1.1: 1
  • FTP:
    • FTP_ITC: 3
    • FTP_ITC.1: 4
    • FTP_ITC.1.1: 2
    • FTP_ITC.1.2: 2
    • FTP_ITC.1.3: 2
    • FTP_TRP: 4
    • FTP_TRP.1: 3
pdf_data/st_keywords/cc_claims
  • A:
    • A.PHYSICAL_PROTECTION: 1
  • OE:
    • OE.ADMIN_CREDENTIALS_SECURE: 1
    • OE.NO_GENERAL_PURPOSE: 1
    • OE.PHYSICAL: 1
    • OE.TRUSTED_ADMIN: 1
    • OE.UPDATES: 1
  • A:
    • A.PHYSICAL_PROTECTION: 1
  • OE:
    • OE.ADMIN_CREDENTIALS_SECURE: 1
    • OE.CONNECTIONS: 1
    • OE.NO_GENERAL_PURPOSE: 1
    • OE.NO_THRU_TRAFFIC_PROTECTION: 1
    • OE.PHYSICAL: 1
    • OE.RESIDUAL_INFORMATION: 1
    • OE.TRUSTED_ADMIN: 1
    • OE.UPDATES: 1
pdf_data/st_keywords/vendor
  • Broadcom:
    • Broadcom: 3
  • Microsoft:
    • Microsoft: 5
  • Broadcom:
    • Broadcom: 3
  • Microsoft:
    • Microsoft: 4
pdf_data/st_keywords/symmetric_crypto
  • AES_competition:
    • AES:
      • AES: 35
      • AES-: 2
      • AES-256: 7
  • constructions:
    • MAC:
      • HMAC: 15
      • HMAC-SHA-256: 11
      • HMAC-SHA-384: 7
      • HMAC-SHA-512: 6
  • AES_competition:
    • AES:
      • AES: 32
      • AES-: 1
      • AES-256: 6
  • DES:
    • 3DES:
      • 3DES: 1
  • constructions:
    • MAC:
      • HMAC: 11
      • HMAC-SHA-256: 8
      • HMAC-SHA-384: 4
      • HMAC-SHA-512: 6
pdf_data/st_keywords/asymmetric_crypto
  • ECC:
    • ECC:
      • ECC: 6
    • ECDH:
      • ECDH: 2
      • ECDHE: 2
    • ECDSA:
      • ECDSA: 23
  • FF:
    • DH:
      • DH: 21
      • DHE: 2
      • Diffie-Hellman: 7
    • DSA:
      • DSA: 2
  • RSA:
    • RSA 2048: 2
    • RSA-2048: 2
  • ECC:
    • ECC:
      • ECC: 7
    • ECDH:
      • ECDH: 2
      • ECDHE: 6
    • ECDSA:
      • ECDSA: 20
  • FF:
    • DH:
      • DH: 28
      • DHE: 4
      • Diffie-Hellman: 13
    • DSA:
      • DSA: 2
  • RSA:
    • RSA 2048: 1
    • RSA-2048: 1
pdf_data/st_keywords/hash_function
  • SHA:
    • SHA1:
      • SHA-1: 10
    • SHA2:
      • SHA-256: 12
      • SHA-384: 11
      • SHA-512: 10
      • SHA256: 8
  • SHA:
    • SHA1:
      • SHA-1: 6
    • SHA2:
      • SHA-256: 6
      • SHA-384: 6
      • SHA-512: 4
      • SHA256: 13
pdf_data/st_keywords/crypto_scheme
  • KEX:
    • Key Exchange: 1
  • MAC:
    • MAC: 1
  • KEX:
    • Key Exchange: 2
  • MAC:
    • MAC: 2
pdf_data/st_keywords/crypto_protocol
  • IKE:
    • IKE: 17
    • IKEv1: 15
    • IKEv2: 14
  • IPsec:
    • IPsec: 70
  • SSH:
    • SSH: 8
  • TLS:
    • SSL:
      • SSL: 7
      • SSL 2.0: 4
      • SSL 3.0: 4
    • TLS:
      • TLS: 84
      • TLS 1.0: 4
      • TLS 1.1: 8
      • TLS 1.2: 9
      • TLS v1.1: 1
      • TLS v1.2: 1
  • IKE:
    • IKE: 29
    • IKEv1: 14
    • IKEv2: 13
  • IPsec:
    • IPsec: 95
  • SSH:
    • SSH: 54
  • TLS:
    • SSL:
      • SSL: 9
      • SSL 2.0: 4
      • SSL 3.0: 4
    • TLS:
      • TLS: 108
      • TLS 1.0: 4
      • TLS 1.1: 4
      • TLS 1.2: 7
      • TLS1.1: 1
      • TLS1.2: 2
      • TLSv1.1: 2
      • TLSv1.2: 7
  • VPN:
    • VPN: 84
pdf_data/st_keywords/randomness
  • PRNG:
    • DRBG: 13
    • PRNG: 2
  • RNG:
    • RBG: 3
    • RNG: 8
  • PRNG:
    • DRBG: 14
  • RNG:
    • RBG: 3
pdf_data/st_keywords/cipher_mode
  • CBC:
    • CBC: 13
  • CCM:
    • CCM: 5
  • CTR:
    • CTR: 1
  • GCM:
    • GCM: 13
  • CBC:
    • CBC: 11
  • CCM:
    • CCM: 5
  • CTR:
    • CTR: 7
  • GCM:
    • GCM: 14
pdf_data/st_keywords/ecc_curve
  • NIST:
    • P-256: 16
    • P-384: 14
    • P-521: 6
    • secp256r1: 8
    • secp384r1: 8
    • secp521r1: 8
  • NIST:
    • P-256: 18
    • P-384: 16
    • P-521: 12
    • secp256r1: 8
    • secp384r1: 8
    • secp521r1: 4
pdf_data/st_keywords/tls_cipher_suite
  • TLS:
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 3
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: 2
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 3
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: 2
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 6
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 3
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 6
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 6
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 3
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 6
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 3
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 3
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 3
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 3
    • TLS_RSA_WITH_AES_128_CBC_SHA: 6
    • TLS_RSA_WITH_AES_128_CBC_SHA256: 6
    • TLS_RSA_WITH_AES_256_CBC_SHA: 6
  • TLS:
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 8
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 8
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 8
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 5
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 8
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 8
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 5
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 8
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 5
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 3
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 5
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 5
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 3
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 5
    • TLS_RSA_WITH_AES_128_CBC_SHA: 3
    • TLS_RSA_WITH_AES_128_CBC_SHA256: 3
    • TLS_RSA_WITH_AES_256_CBC_SHA: 3
pdf_data/st_keywords/standard_id
  • FIPS:
    • FIPS 140-2: 3
    • FIPS 186-4: 2
    • FIPS PUB 140-2: 1
    • FIPS PUB 186-4: 20
  • ISO:
    • ISO/IEC 10118-: 1
    • ISO/IEC 14888-3: 2
    • ISO/IEC 18031:2011: 5
    • ISO/IEC 9796-2: 2
  • NIST:
    • NIST SP 800-56A: 2
    • SP 800-90A: 2
  • PKCS:
    • PKCS #1: 2
    • PKCS#12: 2
  • RFC:
    • RFC 2460: 1
    • RFC 2560: 1
    • RFC 2818: 3
    • RFC 2986: 2
    • RFC 3268: 18
    • RFC 3513: 2
    • RFC 3602: 5
    • RFC 4106: 3
    • RFC 4109: 2
    • RFC 4301: 3
    • RFC 4303: 1
    • RFC 4304: 2
    • RFC 4346: 8
    • RFC 4443: 1
    • RFC 4492: 18
    • RFC 4868: 1
    • RFC 4945: 1
    • RFC 5246: 26
    • RFC 5280: 6
    • RFC 5289: 24
    • RFC 5735: 2
    • RFC 5759: 1
    • RFC 5996: 2
    • RFC 6125: 6
    • RFC 6598: 2
    • RFC 768: 1
    • RFC 791: 1
    • RFC 792: 1
    • RFC 793: 2
    • RFC 959: 1
    • RFC2409: 1
    • RFC5280: 1
    • RFC5759: 1
  • X509:
    • X.509: 16
    • x.509: 1
  • FIPS:
    • FIPS 140-2: 2
    • FIPS 186-4: 3
    • FIPS PUB 186-4: 15
  • ISO:
    • ISO/IEC 10118-: 1
    • ISO/IEC 14888-3: 2
    • ISO/IEC 18031:2011: 5
    • ISO/IEC 9796-2: 2
  • NIST:
    • NIST SP 800-56A: 2
    • SP 800-90A: 2
  • PKCS:
    • PKCS #1: 2
    • PKCS#12: 2
  • RFC:
    • RFC 2460: 2
    • RFC 2818: 3
    • RFC 2986: 2
    • RFC 3268: 22
    • RFC 3447: 2
    • RFC 3513: 2
    • RFC 3526: 9
    • RFC 35267: 1
    • RFC 3602: 3
    • RFC 3986: 1
    • RFC 4106: 1
    • RFC 4109: 1
    • RFC 4253: 2
    • RFC 4301: 2
    • RFC 4303: 2
    • RFC 4304: 1
    • RFC 4346: 4
    • RFC 4443: 1
    • RFC 4492: 26
    • RFC 4868: 1
    • RFC 4945: 1
    • RFC 5246: 23
    • RFC 5280: 5
    • RFC 5289: 42
    • RFC 5735: 2
    • RFC 5759: 2
    • RFC 5996: 3
    • RFC 6125: 4
    • RFC 6598: 2
    • RFC 6960: 1
    • RFC 768: 2
    • RFC 791: 2
    • RFC 792: 1
    • RFC 793: 3
    • RFC 959: 1
    • RFC2409: 1
    • RFC4945: 1
  • X509:
    • X.509: 8
pdf_data/st_keywords/certification_process
  • OutOfScope:
    • and URL Filtering security policies/profiles are not evaluated and therefore, these features are out of scope. API request over HTTP By default, the TOE supports API requests over HTTPS or HTTPS tunneled over: 1
    • ISP links to ensure application performance and scale capacity. The SD-WAN capability is considered out of scope. PAN OS 9.1.8 Security Target Palo Alto Networks Page 23 of 84 Feature Description Include: 1
    • Policies The TLS and SSH decryption policies are not evaluated and therefore, these features are out of scope. Anti-Virus, Anti-Spyware, Anti- Malware Security Policies The Anti-Virus, Anti-Spyware: 1
    • by the security functional requirements: TLS, HTTPS, SSH, IKE/IPsec. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP: 1
    • is secured with TLS using FIPS-approved algorithms. The threat prevention signatures themselves are out of scope (i.e., not evaluated). Management The next-generation firewall provides both direct and remote: 1
    • malformed, fragmented packets. The protection from viruses, worm, and spyware using signatures are out of scope (i.e., not evaluated). DoS Protection – the firewall is designed to protect against flooding: 1
    • out of scope: 7
    • security policies (i.e., profiles) are not evaluated and therefore, there features are out of scope. File Blocking, DLP, and URL Filtering Security Policies The File Blocking, DLP (Data Loss: 1
pdf_data/st_metadata
  • /CreationDate: D:20180601141548-04'00'
  • /ModDate: D:20180601141548-04'00'
  • pdf_file_size_bytes: 2017617
  • pdf_hyperlinks: https://updates.paloaltonetworks.com/
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 75
state/cert/convert_garbage False True
state/cert/pdf_hash Different Different
state/cert/txt_hash Different Different
state/report/pdf_hash Different Different
state/report/txt_hash Different Different
state/st/pdf_hash Different Different
state/st/txt_hash Different Different