This page was not yet optimized for use on mobile devices.
Firepower Next-Generation IPS Virtual VMware Cryptographic Module
Certificate #4734
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-256, CAST, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DHHash functions
SHA-1, SHA-256Schemes
MAC, Key AgreementProtocols
SSH, TLSv1.2, TLS v1.2, TLSRandomness
DRBG, RBGElliptic Curves
P-256, P-384, P-521Block cipher modes
CBC, GCMTrusted Execution Environments
PSP, SSCVendor
Cisco Systems, Inc, CiscoSecurity level
Level 1, level 1Standards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS140-3, FIPS 180-4, SP 800-140, SP 800-38D, SP 800-52, NIST SP 800-140F, SP 800-90A, RFC7627, RFC 5288, ISO/IEC 19790, ISO/IEC 24759File metadata
| Title | Security Policy |
|---|---|
| Subject | FIPS 140 Security Policy |
| Author | Steven Ratcliffe (steratcl) |
| Creation date | D:20240610171655-04'00' |
| Modification date | D:20240610171655-04'00' |
| Pages | 18 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
12.08.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf.
- The certificate_pdf_url property was set to
-
24.07.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4734,
"dgst": "1e8be1a00f7702b3",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"RSA SigGen (FIPS186-4)A3376",
"Safe Primes Key GenerationA3376",
"HMAC-SHA2-384A3376",
"ECDSA SigVer (FIPS186-4)A3376",
"Counter DRBGA3376",
"TLS v1.2 KDF RFC7627A3376",
"ECDSA SigGen (FIPS186-4)A3376",
"HMAC-SHA2-512A3376",
"AES-GCMA3376",
"RSA KeyGen (FIPS186-4)A3376",
"RSA SigVer (FIPS186-4)A3376",
"SHA-1A3376",
"SHA2-384A3376",
"KDF SSHA3376",
"SHA2-256A3376",
"HMAC-SHA-1A3376",
"HMAC-SHA2-256A3376",
"AES-CBCA3376",
"ECDSA KeyVer (FIPS186-4)A3376",
"ECDSA KeyGen (FIPS186-4)A3376",
"SHA2-512A3376"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 6
},
"ECDH": {
"ECDH": 1
},
"ECDSA": {
"ECDSA": 38
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 16
}
},
"RSA": {
"RSA 2048": 2
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 1
},
"GCM": {
"GCM": 3
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 27
},
"TLS": {
"TLS": {
"TLS": 24,
"TLS v1.2": 9,
"TLSv1.2": 17
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"MAC": {
"MAC": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 28,
"P-384": 12,
"P-521": 12
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1
}
},
"fips_certlike": {
"Certlike": {
"AES-256": 1,
"AES-CBC 256": 2,
"AES-GCM 256": 2,
"HMAC-SHA- 1": 2,
"HMAC-SHA-1": 12,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2,
"PAA 2": 1,
"PAA 3": 1,
"RSA 2048": 2,
"SHA-1": 6,
"SHA-256": 4,
"SHA2-256": 6,
"SHA2-384": 6,
"SHA2-512": 5
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"level 1": 1
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 6
},
"SHA2": {
"SHA-256": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 14
},
"RNG": {
"RBG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 9,
"FIPS 180-4": 4,
"FIPS 186-4": 11,
"FIPS 197": 2,
"FIPS 198-1": 4,
"FIPS140-3": 2
},
"ISO": {
"ISO/IEC 19790": 4,
"ISO/IEC 24759": 2
},
"NIST": {
"NIST SP 800-140F": 1,
"SP 800-140": 1,
"SP 800-38D": 1,
"SP 800-52": 1,
"SP 800-90A": 1
},
"RFC": {
"RFC 5288": 1,
"RFC7627": 13
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 5,
"AES-256": 1
},
"CAST": {
"CAST": 2
}
},
"constructions": {
"MAC": {
"HMAC": 7,
"HMAC-SHA-256": 1,
"HMAC-SHA-384": 1,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {
"AMD": {
"PSP": 6
},
"IBM": {
"SSC": 6
}
},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 4,
"Cisco Systems, Inc": 20
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Steven Ratcliffe (steratcl)",
"/CreationDate": "D:20240610171655-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20240610171655-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"/Subject": "FIPS 140 Security Policy",
"/Title": "Security Policy",
"pdf_file_size_bytes": 572577,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-c-series-rack-servers/c220m5-sff-specsheet.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 18
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "9c5850c15106f6e575a18e879e957d485eb0d3ab71dc25c70ef9a20c44ecc7f9",
"policy_txt_hash": "3c56e8c134e52fe48223b2e3c9abaa9f9140ed9064ad1b656bb03265401f18b9"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf",
"date_sunset": "2026-07-21",
"description": "The virtualized offering of the Cisco FirePOWER next-generation IPS (NGIPS) solution providing the Industry-leading threat protection. Real-time contextual awareness. Full-stack visibility. Intelligent security automation. This virtualized highly effective intrusion prevention system provides reliable performance and a low total cost of ownership. Threat protection can be expanded with optional subscription licenses to provide Advanced Malware Protection (AMP), application visibility and control, and URL filtering capabilities.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Firepower Next-Generation IPS Virtual VMware Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "7.0.5",
"tested_conf": [
"Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
"Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA",
"Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
"Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-07-22",
"lab": "GOSSAMER SECURITY SOLUTIONS INC",
"validation_type": "Initial"
}
],
"vendor": "Cisco Systems, Inc.",
"vendor_url": "http://www.cisco.com"
}
}