GlobalProtect App

Certificate #4012

Webpage information

Status historical
Historical reason SP 800-56Arev3 transition
Validation dates 19.08.2021
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode
Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description The GlobalProtect App is a software cryptographic module that runs on commerically available operating systems and provides security for mobile users. The GlobalProtect App secures traffic using TLS or IPsec, and allows users to connect to corporate networks to access a company's resources from anywhere in the world (e.g., when users are remote).
Tested configurations
  • macOS Mojave 10.14 running on an Apple Macbook Pro with Intel Core i5 with PAA
  • macOS Mojave 10.14 running on an Apple Macbook Pro with Intel Core i5 without PAA (single-user mode)
  • Microsoft Windows 10 Enterprise running on a Dell Precision 5520 with Intel Core i7 with PAA
  • Microsoft Windows 10 Enterprise running on a Dell Precision 5520 with Intel Core i7 without PAA
Vendor Palo Alto Networks, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-128, AES-256, RC4, Triple-DES, TDES, IDEA, Camellia, SEED, HMAC
Asymmetric Algorithms
RSA 2048, ECDHE, ECDH, ECDSA, Diffie-Hellman, DH
Hash functions
SHA-1, SHA-256, SHA-384, SHA-512, SHA-224, MD5
Protocols
TLS, IKE, IPsec, VPN
Randomness
DRBG, RNG
Elliptic Curves
P-224, P-256, P-384, P-521
Block cipher modes
ECB, CBC, CTR, GCM
TLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Vendor
Microsoft

Security level
Level 1

Standards
FIPS 140-2, FIPS 197, FIPS 186-4, FIPS 198, FIPS 180-4, SP 800-38A, SP 800-38D, SP 800-135, SP 800-90A, SP 800-56A, SP 800-38F, PKCS#1, RFC 5289

File metadata

Author Palo Alto Networks Technical Documentation Department
Creation date D:20210426130346-07'00'
Modification date D:20210426130352-07'00'
Pages 15
Creator Acrobat PDFMaker 17 for Word
Producer Adobe PDF Library 17.11.238

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4012,
  "dgst": "46529058fd79c8ef",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "CVL#C1544",
        "ECDSA#C1544",
        "HMAC#C1544",
        "AES#C1544",
        "RSA#C1544",
        "SHS#C1544",
        "DRBG#C1544",
        "KTS#C1544",
        "KAS#C1544"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECDH": {
            "ECDH": 1,
            "ECDHE": 3
          },
          "ECDSA": {
            "ECDSA": 9
          }
        },
        "FF": {
          "DH": {
            "DH": 1,
            "Diffie-Hellman": 3
          }
        },
        "RSA": {
          "RSA 2048": 2
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 8
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 2
        },
        "IPsec": {
          "IPsec": 3
        },
        "TLS": {
          "TLS": {
            "TLS": 16
          }
        },
        "VPN": {
          "VPN": 4
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 20,
          "P-256": 12,
          "P-384": 12,
          "P-521": 12
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES 128/256": 1,
          "AES CBC (128": 1,
          "AES GCM (128": 1,
          "AES-128": 1,
          "AES-256": 1,
          "AES-CBC (128": 1,
          "AES-GCM (128": 1,
          "Cert. # AES": 1,
          "HMAC-SHA-1": 6,
          "PKCS#1": 2,
          "RSA 2048": 2,
          "SHA- 384": 1,
          "SHA- 512": 1,
          "SHA-1": 6,
          "SHA-224": 4,
          "SHA-256": 13,
          "SHA-384": 10,
          "SHA-512": 9
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 1
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 6
          },
          "SHA2": {
            "SHA-224": 4,
            "SHA-256": 13,
            "SHA-384": 10,
            "SHA-512": 9
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 11
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 20,
          "FIPS 180-4": 1,
          "FIPS 186-4": 3,
          "FIPS 197": 1,
          "FIPS 198": 1
        },
        "NIST": {
          "SP 800-135": 1,
          "SP 800-38A": 1,
          "SP 800-38D": 1,
          "SP 800-38F": 1,
          "SP 800-56A": 4,
          "SP 800-90A": 2
        },
        "PKCS": {
          "PKCS#1": 1
        },
        "RFC": {
          "RFC 5289": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 7,
            "AES-128": 1,
            "AES-256": 1
          },
          "RC": {
            "RC4": 1
          }
        },
        "DES": {
          "3DES": {
            "TDES": 1,
            "Triple-DES": 1
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 6
          }
        },
        "miscellaneous": {
          "Camellia": {
            "Camellia": 1
          },
          "IDEA": {
            "IDEA": 1
          },
          "SEED": {
            "SEED": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {
        "TLS": {
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
        }
      },
      "vendor": {
        "Microsoft": {
          "Microsoft": 2
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Palo Alto Networks Technical Documentation Department",
      "/Company": "",
      "/CreationDate": "D:20210426130346-07\u002700\u0027",
      "/Creator": "Acrobat PDFMaker 17 for Word",
      "/ModDate": "D:20210426130352-07\u002700\u0027",
      "/Producer": "Adobe PDF Library 17.11.238",
      "/SourceModified": "D:20210426200247",
      "pdf_file_size_bytes": 344300,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://www.paloaltonetworks.com/",
          "about:blank",
          "https://support.paloaltonetworks.com/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 15
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "94509b31bb3f9beafa11b75f9c71ed03d1059170711377dc03b0fe45dc4e9727",
    "policy_txt_hash": "dcfdd638998dd6e7335d391ac5969dbcdd5dd6574accbe8a25f76b503cf8d0db"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2021_010921_0733.pdf",
    "date_sunset": null,
    "description": "The GlobalProtect App is a software cryptographic module that runs on commerically available operating systems and provides security for mobile users. The GlobalProtect App secures traffic using TLS or IPsec, and allows users to connect to corporate networks to access a company\u0027s resources from anywhere in the world (e.g., when users are remote).",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": "SP 800-56Arev3 transition",
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "GlobalProtect App",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": "5.1.4",
    "tested_conf": [
      "macOS Mojave 10.14 running on an Apple Macbook Pro with Intel Core i5 with PAA",
      "macOS Mojave 10.14 running on an Apple Macbook Pro with Intel Core i5 without PAA (single-user mode)",
      "Microsoft Windows 10 Enterprise running on a Dell Precision 5520 with Intel Core i7 with PAA",
      "Microsoft Windows 10 Enterprise running on a Dell Precision 5520 with Intel Core i7 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2021-08-19",
        "lab": "UL Verification Services, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Palo Alto Networks, Inc.",
    "vendor_url": "http://www.paloaltonetworks.com"
  }
}