This page was not yet optimized for use on mobile devices.
Wildfire 10.2 WF-500 and WF-500-B
Certificate #4784
Webpage information
Security policy
Symmetric Algorithms
AES, CAST, DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMACAsymmetric Algorithms
RSA 2048, RSA 3072, RSA 4096, ECDHE, ECDH, ECDSA, Diffie-Hellman, DHE, DHHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA2Schemes
Key ExchangeProtocols
SSH, SSHv2, TLS, TLS1.2, TLS v1.2, TLS 1.2, TLSv1.0, IKEv2, IPsec, VPNRandomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, GCM, CCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384Security level
level 2, Level 2, Level 1Standards
FIPS 140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 186-2, SP 800-90B, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-52, SP 800-63B, SP 800-140F, SP 800-56A, PKCS#1, RFC 3526, RFC 5288, RFC 5246, RFC 5282, ISO/IEC 24759File metadata
| Modification date | D:20250224174200--05'00 |
|---|---|
| Pages | 36 |
| Producer | Skia/PDF m135 Google Docs Renderer |
References
Outgoing- 64 - historical - PGP Cryptographic SDK
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates
-
04.04.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The validation_history property was updated, with the
[[1, {'_type': 'sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry', 'date': '2025-03-13', 'validation_type': 'Update', 'lab': 'LEIDOS CSTL'}]]values inserted. - The caveat property was set to
When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy.
The PDF extraction data was updated.
- The keywords property was updated, with the
{'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 2}, '__update__': {'SSH': 63}}}}}data. - The policy_metadata property was updated, with the
{'pdf_file_size_bytes': 2604611, '/ModDate': "D:20250224174200--05'00", '/Producer': 'Skia/PDF m135 Google Docs Renderer'}data.
The state was updated.
- The policy_pdf_hash property was set to
7e64f62f0b9c0f491d28f659dfe07d15b261ba7a9c390e05da0b919ee0c54a16. - The policy_txt_hash property was set to
ef7c214ccf96c71cafe233f555314c9235287d9dcf790bda9efddef4e9040f05.
- The validation_history property was updated, with the
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
09.09.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name Wildfire 10.2 WF-500 and WF-500-B was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4784,
"dgst": "49b3fd5d946ee152",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC-SHA-1A2906",
"KDF SSHA2906",
"KDF TLSA2906",
"ECDSA SigGen (FIPS186-4)A2906",
"SHA2-224A2906",
"Conditioning Component AES-CBC-MAC SP800-90BA2518",
"SHA2-256A2906",
"RSA SigGen (FIPS186-4)A2906",
"SHA2-512A2906",
"Counter DRBGA2906",
"AES-CTRA2906",
"SHA2-384A2906",
"Safe Primes Key GenerationA2906",
"ECDSA SigVer (FIPS186-4)A2906",
"KDF IKEv2A2906",
"AES-GCMA2906",
"AES-CFB128A2906",
"RSA KeyGen (FIPS186-4)A2906",
"AES-CBCA2906",
"KAS-FFC-SSC Sp800-56Ar3A2906",
"HMAC-SHA2-384A2906",
"KAS-ECC-SSC Sp800-56Ar3A2906",
"KDF SNMPA2906",
"ECDSA KeyGen (FIPS186-4)A2906",
"HMAC-SHA2-224A2906",
"RSA SigVer (FIPS186-4)A2906",
"HMAC-SHA2-256A2906",
"Safe Primes Key VerificationA2906",
"SHA-1A2906",
"ECDSA KeyVer (FIPS186-4)A2906",
"HMAC-SHA2-512A2906"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"10.2.3",
"10.2"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"64"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"64"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"64"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 7,
"ECDHE": 4
},
"ECDSA": {
"ECDSA": 69
}
},
"FF": {
"DH": {
"DH": 3,
"DHE": 4,
"Diffie-Hellman": 10
}
},
"RSA": {
"RSA 2048": 12,
"RSA 3072": 3,
"RSA 4096": 3
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CCM": {
"CCM": 2
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 14
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKEv2": 12
},
"IPsec": {
"IPsec": 2
},
"SSH": {
"SSH": 63,
"SSHv2": 2
},
"TLS": {
"TLS": {
"TLS": 61,
"TLS 1.2": 3,
"TLS v1.2": 1,
"TLS1.2": 1,
"TLSv1.0": 1
}
},
"VPN": {
"VPN": 15
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 8
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 48,
"P-384": 38,
"P-521": 32
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#10": 1,
"#11": 2,
"#12": 2,
"#13": 1,
"#18": 1,
"#19": 1,
"#5": 1,
"#64": 1,
"#9": 1
}
},
"fips_certlike": {
"Certlike": {
"# A2906": 3,
"AES (128": 1,
"AES 256": 3,
"HMAC-SHA -1": 6,
"HMAC-SHA-1": 22,
"HMAC-SHA-256": 10,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2,
"PKCS#1": 4,
"RSA 2048": 12,
"RSA 3072": 3,
"RSA 4096": 3,
"SHA-1": 6,
"SHA-256": 10,
"SHA-384": 1,
"SHA-512": 3,
"SHA2": 4,
"SHA2-224": 3,
"SHA2-256": 8,
"SHA2-384": 5,
"SHA2-512": 5
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 2,
"level 2": 1
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 6
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 11,
"SHA-384": 2,
"SHA-512": 4,
"SHA2": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 52
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 8,
"FIPS 180-4": 5,
"FIPS 186-2": 1,
"FIPS 186-4": 80,
"FIPS 198-1": 6
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-140F": 1,
"SP 800-38A": 4,
"SP 800-38D": 2,
"SP 800-38F": 4,
"SP 800-52": 1,
"SP 800-56A": 12,
"SP 800-63B": 1,
"SP 800-90B": 9
},
"PKCS": {
"PKCS#1": 2
},
"RFC": {
"RFC 3526": 2,
"RFC 5246": 1,
"RFC 5282": 1,
"RFC 5288": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 16
},
"CAST": {
"CAST": 1
}
},
"DES": {
"DES": {
"DES": 1
}
},
"constructions": {
"MAC": {
"CMAC": 1,
"HMAC": 18,
"HMAC-SHA-256": 5,
"HMAC-SHA-384": 1,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {
"TLS": {
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/ModDate": "D:20250224174200--05\u002700",
"/Producer": "Skia/PDF m135 Google Docs Renderer",
"/Title": "",
"pdf_file_size_bytes": 2604611,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.paloaltonetworks.com"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 36
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "7e64f62f0b9c0f491d28f659dfe07d15b261ba7a9c390e05da0b919ee0c54a16",
"policy_txt_hash": "ef7c214ccf96c71cafe233f555314c9235287d9dcf790bda9efddef4e9040f05"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
"date_sunset": "2026-08-28",
"description": "The Wildfire 10.2 WF-500 and WF-500-B from Palo Alto Networks Inc. cryptographic modules designed to identify unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, services, and authentication: Level 3",
"Operational environment: N/A",
"Non-invasive security: N/A",
"Life-cycle assurance: Level 3",
"Mitigation of other attacks: N/A"
],
"fw_versions": "10.2.3-h1",
"historical_reason": null,
"hw_versions": "910-000097 with FIPS Kit 920-000145, 910-000270 with FIPS Kit 920-000318",
"level": 2,
"mentioned_certs": {},
"module_name": "Wildfire 10.2 WF-500 and WF-500-B",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-08-29",
"lab": "LEIDOS CSTL",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2025-03-13",
"lab": "LEIDOS CSTL",
"validation_type": "Update"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}