This page was not yet optimized for use on mobile
devices.
PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
Certificate #4829
Webpage information
Security policy
Symmetric Algorithms
AES, CAST, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMACAsymmetric Algorithms
RSA 2048, RSA 3072, RSA 4096, ECDHE, ECDH, ECDSA, Diffie-Hellman, DHE, DHHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA2Schemes
Key ExchangeProtocols
SSH, SSHv2, SSL, TLS v1.2, TLS, TLSv1.2, TLS 1.2, TLSv1.0, TLSv1.3, IKEv2, IKE, IPsec, VPNRandomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, CFB, GCM, CCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384Security level
Level 2, Level 1Standards
FIPS 140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 186-2, SP 800-90B, SP 800-38A, SP 800-38C, SP 800-38D, SP 800-38F, SP 800-52, SP 800-140E, SP 800-63B, SP 800-56A, PKCS#1, RFC 3526, RFC7627, RFC 5288, RFC 5246, RFC 5282, ISO/IEC 24759File metadata
| Modification date | D:20250515132629--04'00 |
|---|---|
| Pages | 72 |
| Producer | Skia/PDF m138 Google Docs Renderer |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4829,
"dgst": "1ec08285a725fe5e",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"RSA KeyGen (FIPS186-4)A3453",
"KAS-ECC-SSC Sp800-56Ar3A3453",
"SHA2-512A3453",
"HMAC-SHA2-256A3453",
"HMAC-SHA2-512A3453",
"Safe Primes Key VerificationA3453",
"RSA SigGen (FIPS186-4)A3453",
"KDF IKEv2A3453",
"SHA2-256A3453",
"KDF SSHA3453",
"HMAC-SHA-1A3453",
"AES-GCMA3453",
"RSA SigVer (FIPS186-4)A3453",
"AES-CCMA3453",
"Safe Primes Key GenerationA3453",
"AES-CBCA3453",
"SHA2-384A3453",
"ECDSA KeyGen (FIPS186-4)A3453",
"SHA2-224A3453",
"HMAC-SHA2-224A3453",
"ECDSA KeyVer (FIPS186-4)A3453",
"Conditioning Component AES-CBC-MAC SP800-90BA2541",
"HMAC-SHA2-384A3453",
"KDF SNMPA3453",
"KAS-FFC-SSC Sp800-56Ar3A3453",
"ECDSA SigGen (FIPS186-4)A3453",
"ECDSA SigVer (FIPS186-4)A3453",
"AES-CFB128A3453",
"TLS v1.2 KDF RFC7627A3453",
"AES-CTRA3453",
"Counter DRBGA3453",
"SHA-1A3453"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"11.0.3",
"11.0",
"11.0.6"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 6,
"ECDHE": 5
},
"ECDSA": {
"ECDSA": 63
}
},
"FF": {
"DH": {
"DH": 2,
"DHE": 10,
"Diffie-Hellman": 8
}
},
"RSA": {
"RSA 2048": 12,
"RSA 3072": 3,
"RSA 4096": 3
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 5
},
"CCM": {
"CCM": 4
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 14
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 2,
"IKEv2": 12
},
"IPsec": {
"IPsec": 4
},
"SSH": {
"SSH": 56,
"SSHv2": 2
},
"TLS": {
"SSL": {
"SSL": 2
},
"TLS": {
"TLS": 68,
"TLS 1.2": 2,
"TLS v1.2": 18,
"TLSv1.0": 1,
"TLSv1.2": 1,
"TLSv1.3": 1
}
},
"VPN": {
"VPN": 60
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 9
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 48,
"P-384": 38,
"P-521": 38
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#16": 1
}
},
"fips_certlike": {
"Certlike": {
"AES (128": 2,
"AES 128/192/256": 1,
"AES 256": 3,
"AES-GCM 128": 1,
"HMAC 128": 2,
"HMAC-SHA- 1": 8,
"HMAC-SHA-1": 22,
"HMAC-SHA-1, 160": 2,
"HMAC-SHA-256": 10,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2,
"HMAC-SHA2": 18,
"HMAC\u2013SHA-1/224": 1,
"PKCS#1": 4,
"RSA 2048": 12,
"RSA 3072": 3,
"RSA 4096": 3,
"SHA-1": 5,
"SHA-256": 11,
"SHA-384": 2,
"SHA-512": 4,
"SHA2": 4,
"SHA2-224": 3,
"SHA2-256": 8,
"SHA2-384": 5,
"SHA2-512": 5
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 3
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 5
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 12,
"SHA-384": 3,
"SHA-512": 5,
"SHA2": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 43
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 9,
"FIPS 180-4": 5,
"FIPS 186-2": 1,
"FIPS 186-4": 71,
"FIPS 198-1": 6
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-140E": 1,
"SP 800-38A": 4,
"SP 800-38C": 2,
"SP 800-38D": 2,
"SP 800-38F": 6,
"SP 800-52": 1,
"SP 800-56A": 14,
"SP 800-63B": 1,
"SP 800-90B": 7
},
"PKCS": {
"PKCS#1": 2
},
"RFC": {
"RFC 3526": 2,
"RFC 5246": 1,
"RFC 5282": 1,
"RFC 5288": 1,
"RFC7627": 17
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 19
},
"CAST": {
"CAST": 1
}
},
"constructions": {
"MAC": {
"CMAC": 1,
"HMAC": 20,
"HMAC-SHA-256": 5,
"HMAC-SHA-384": 1,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {
"TLS": {
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/ModDate": "D:20250515132629--04\u002700",
"/Producer": "Skia/PDF m138 Google Docs Renderer",
"/Title": "",
"pdf_file_size_bytes": 20841792,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.paloaltonetworks.com",
"https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/11-0/pan-os-admin/pan-os-admin.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 72
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "fcd9f5fa48f155db2cac32b194a0184c0c8660349564b492f11352f80e5139d5",
"policy_txt_hash": "b3ca036183673d96d6f1eee88ed70e3b053b66fda7402d49afe999b48236c36d"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy",
"certificate_pdf_url": null,
"date_sunset": "2026-10-10",
"description": "Palo Alto Networks offers a full line of next-generation security appliances. Our platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, services, and authentication: Level 3",
"Operational environment: N/A",
"Non-invasive security: N/A",
"Life-cycle assurance: Level 3",
"Mitigation of other attacks: N/A"
],
"fw_versions": "11.0.3-h12 [1] and 11.0.6-h2 [2]",
"historical_reason": null,
"hw_versions": "910-000102 with components 910-000185, 910-000169, 910-000183 and 910-000156 with Physical Kit 920-000112 [1], 910-000122 with components 910-000186, 910-000169, 910-000183 and 910-000156 with Physical Kit 920-000119 [1], 910-000223 with components 920-000293, 910-000195, 910-000194 and 910-000204 with Physical Kit 920-000309 [1], [910-000119 and 910-000120] with Physical Kit 920-000185 [1], [910-000125, 910-000131, 910-000132, and 910-000157] with Physical Kit 920-000186 [1], [910-000162, 910-000163, and 910-000164] with Physical Kit 920-000212 [1], [910-000212, 910-000230, 910-000231, and 910-000232] with Physical Kit 920-000454 [1], [910-000241, 910-000242, 910-000243, and 910-000244] with Physical Kit 920-000333 [1], [910-000252, 910-000253, 910-000254, and 910-000255] with Physical Kit 920-000320 [2], [910-000267 and 910-000269] with Physical Kit 920-000392 [1], and [910-000280 and 910-000281] with Physical Kit 920-000455 [1]",
"level": 2,
"mentioned_certs": {},
"module_name": "PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-10-11",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2025-09-19",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Update"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}