Cisco Adaptive Security Appliance Cryptographic Module (FPR 4200 Series)

Certificate #5067

Webpage information

Status active
Validation dates 22.09.2025
Sunset date 21-09-2030
Standard FIPS 140-3
Security level 2
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy
Exceptions
  • Roles, services, and authentication: Level 3
  • Operational environment: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
Description Next generation security services on Cisco Firepower 4200 Series, capable of running multiple (firewall (NGFW), traffic management) security services simultaneously.
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES-128, AES-192, AES-256, AES, AES-, CAST, HMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDHE, ECDSA, ECC, Diffie-Hellman, DH, DSA
Hash functions
SHA-1, SHA2
Schemes
MAC
Protocols
SSHv2, SSH, TLS v1.2, TLSv1.2, TLS, IKEv2, IKE, IPsec, VPN
Randomness
DRBG, RBG
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
CTR, GCM

Trusted Execution Environments
PSP, SSC
Vendor
Cisco Systems, Inc, Cisco

Security level
Level 2, Level 1
Certification process
out of scope, fails. Any firmware loaded into the module that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation. 4.6 Bypass Actions and Status The

Standards
FIPS 140-3, FIPS186-4, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-140, SP 800-38A, SP 800-38D, SP 800-90A, SP 800-56A, SP 800-135, SP 800-52, PKCS 1, RFC7627, RFC 5288, RFC 7296, RFC 4419, RFC 7919, RFC 3526, ISO/IEC 19790

File metadata

Author Hawes, David J. (Fed)
Creation date D:20250922090837-04'00'
Modification date D:20250922091052-04'00'
Pages 75
Creator Acrobat PDFMaker 25 for Word
Producer Adobe PDF Library 25.1.51

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 5067,
  "dgst": "197a2971491b3b3a",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": []
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "4200"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 3
          },
          "ECDH": {
            "ECDH": 103,
            "ECDHE": 1
          },
          "ECDSA": {
            "ECDSA": 93
          }
        },
        "FF": {
          "DH": {
            "DH": 100,
            "Diffie-Hellman": 1
          },
          "DSA": {
            "DSA": 3
          }
        },
        "RSA": {
          "RSA 2048": 3
        }
      },
      "certification_process": {
        "OutOfScope": {
          "fails. Any firmware loaded into the module that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation. 4.6 Bypass Actions and Status The": 1,
          "out of scope": 1
        }
      },
      "cipher_mode": {
        "CTR": {
          "CTR": 1
        },
        "GCM": {
          "GCM": 24
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 3,
          "IKEv2": 92
        },
        "IPsec": {
          "IPsec": 2
        },
        "SSH": {
          "SSH": 136,
          "SSHv2": 127
        },
        "TLS": {
          "TLS": {
            "TLS": 151,
            "TLS v1.2": 9,
            "TLSv1.2": 119
          }
        },
        "VPN": {
          "VPN": 6
        }
      },
      "crypto_scheme": {
        "MAC": {
          "MAC": 21
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 34,
          "P-384": 8,
          "P-521": 12
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 3,
          "#2": 3,
          "#3": 3,
          "#7": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "- PKCS 1": 2,
          "AES-128": 5,
          "AES-128/192/256": 1,
          "AES-192": 2,
          "AES-256": 2,
          "DRBG 384": 1,
          "HMAC-SHA-1": 16,
          "PKCS 1": 2,
          "RSA 2048": 3,
          "SHA-1": 12,
          "SHA2": 1,
          "SHA2- 256": 2,
          "SHA2- 384": 2,
          "SHA2- 512": 1,
          "SHA2-224": 3,
          "SHA2-256": 13,
          "SHA2-384": 5,
          "SHA2-512": 14,
          "SHA3- 256": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 1,
          "Level 2": 2
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 12
          },
          "SHA2": {
            "SHA2": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 90
        },
        "RNG": {
          "RBG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 6,
          "FIPS 180-4": 9,
          "FIPS 186-4": 8,
          "FIPS 198-1": 9,
          "FIPS186-4": 34
        },
        "ISO": {
          "ISO/IEC 19790": 2
        },
        "NIST": {
          "SP 800-135": 4,
          "SP 800-140": 1,
          "SP 800-38A": 2,
          "SP 800-38D": 2,
          "SP 800-52": 1,
          "SP 800-56A": 3,
          "SP 800-90A": 2
        },
        "PKCS": {
          "PKCS 1": 2
        },
        "RFC": {
          "RFC 3526": 2,
          "RFC 4419": 2,
          "RFC 5288": 1,
          "RFC 7296": 1,
          "RFC 7919": 2,
          "RFC7627": 6
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 27,
            "AES-": 6,
            "AES-128": 5,
            "AES-192": 2,
            "AES-256": 2
          },
          "CAST": {
            "CAST": 76
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 25
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 18
        },
        "IBM": {
          "SSC": 22
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 7,
          "Cisco Systems, Inc": 79
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Hawes, David J. (Fed)",
      "/ClassificationContentMarkingFooterFontProps": "#000000,8,Calibri",
      "/ClassificationContentMarkingFooterShapeIds": "76b99bd2,3faae116,5e41b8de",
      "/ClassificationContentMarkingFooterText": "Cisco Confidential",
      "/Comments": "",
      "/Company": "",
      "/CreationDate": "D:20250922090837-04\u002700\u0027",
      "/Creator": "Acrobat PDFMaker 25 for Word",
      "/Keywords": "",
      "/MSIP_Label_c8f49a32-fde3-48a5-9266-b5b0972a22dc_ActionId": "8e222a41-a2fa-4afa-aea3-427b99154667",
      "/MSIP_Label_c8f49a32-fde3-48a5-9266-b5b0972a22dc_ContentBits": "2",
      "/MSIP_Label_c8f49a32-fde3-48a5-9266-b5b0972a22dc_Enabled": "true",
      "/MSIP_Label_c8f49a32-fde3-48a5-9266-b5b0972a22dc_Method": "Standard",
      "/MSIP_Label_c8f49a32-fde3-48a5-9266-b5b0972a22dc_Name": "Cisco Confidential",
      "/MSIP_Label_c8f49a32-fde3-48a5-9266-b5b0972a22dc_SetDate": "2024-05-08T11:43:39Z",
      "/MSIP_Label_c8f49a32-fde3-48a5-9266-b5b0972a22dc_SiteId": "5ae1af62-9505-4097-a69a-c1553ef7840e",
      "/ModDate": "D:20250922091052-04\u002700\u0027",
      "/Producer": "Adobe PDF Library 25.1.51",
      "/SourceModified": "",
      "/Subject": "",
      "/Title": "",
      "pdf_file_size_bytes": 1294490,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/threat-defense/use-case/multi-instance-sec-fw/multi-instance-sec-fw.html",
          "https://www.cisco.com/c/en/us/products/collateral/security/firewalls/secure-firewall-4200-ds.html",
          "https://www.cisco.com/c/en/us/td/docs/security/asa/asa923/asdm723/general/asdm-723-general-config.html",
          "https://www.cisco.com/c/en/us/td/docs/security/asa/special/cluster-sec-fw/secure-firewall-cluster.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 75
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "c469f57e1b34c3a59699c90748b165299201fe9b8b66ed52251b21e804407c88",
    "policy_txt_hash": "941d9f01bbfe9695fdca404ce7a05a83cd496235b48e50860d68cc32ab4a6114"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy",
    "certificate_pdf_url": null,
    "date_sunset": "2030-09-21",
    "description": "Next generation security services on Cisco Firepower 4200 Series, capable of running multiple (firewall (NGFW), traffic management) security services simultaneously.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, services, and authentication: Level 3",
      "Operational environment: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 2,
    "mentioned_certs": {},
    "module_name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 4200 Series)",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2025-09-22",
        "lab": "Gossamer Security Solutions",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}