This page was not yet optimized for use on mobile devices.
Adaptive Security Appliance Virtual Cryptographic Module
Certificate #4712
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-256, HMACAsymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DHHash functions
SHA-1, SHA-256Schemes
Key AgreementProtocols
SSH, TLSv1.2, TLS v1.2, TLS, IKEv2, IKERandomness
DRBG, RBGElliptic Curves
P-256, P-384, P-521Block cipher modes
CBC, GCMTrusted Execution Environments
PSP, SSCVendor
Cisco Systems, Inc, CiscoSecurity level
Level 1, level 1Standards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-140, SP 800-38D, SP 800-52, NIST SP 800-140F, RFC7627, RFC 7627, RFC 5288, RFC 7296, ISO/IEC 19790, ISO/IEC 24759:2017File metadata
| Title | Security Policy |
|---|---|
| Subject | FIPS 140 Security Policy |
| Author | Steven Ratcliffe (steratcl) |
| Creation date | D:20240617151300-04'00' |
| Modification date | D:20240617151300-04'00' |
| Pages | 21 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
08.07.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf.
- The certificate_pdf_url property was set to
-
04.07.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4712,
"dgst": "4f0e70f993083de9",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA KeyVer (FIPS186-4)A3376",
"ECDSA SigVer (FIPS186-4)A3376",
"KDF SSHA3376",
"KAS-FFC-SSC Sp800-56Ar3A3376",
"SHA-1A3376",
"ECDSA KeyGen (FIPS186-4)A3376",
"TLS v1.2 KDF RFC7627A3376",
"RSA SigGen (FIPS186-4)A3376",
"HMAC-SHA2-384A3376",
"HMAC-SHA2-512A3376",
"HMAC-SHA2-256A3376",
"RSA SigVer (FIPS186-4)A3376",
"KDF IKEv2A3376",
"RSA KeyGen (FIPS186-4)A3376",
"AES-CBCA3376",
"SHA2-256A3376",
"HMAC-SHA-1A3376",
"AES-GCMA3376",
"Counter DRBGA3376",
"SHA2-384A3376",
"Safe Primes Key GenerationA3376",
"KAS-ECC-SSC Sp800-56Ar3A3376",
"SHA2-512A3376",
"ECDSA SigGen (FIPS186-4)A3376"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 10
},
"ECDH": {
"ECDH": 1
},
"ECDSA": {
"ECDSA": 49
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 34
}
},
"RSA": {
"RSA 2048": 5
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 1
},
"GCM": {
"GCM": 5
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 1,
"IKEv2": 16
},
"SSH": {
"SSH": 29
},
"TLS": {
"TLS": {
"TLS": 28,
"TLS v1.2": 10,
"TLSv1.2": 16
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 28,
"P-384": 24,
"P-521": 12
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1
}
},
"fips_certlike": {
"Certlike": {
"AES-256": 1,
"AES-CBC 256": 2,
"AES-GCM 256": 2,
"HMAC-SHA-1": 10,
"PAA 2": 1,
"PAA 3": 1,
"PAA 4": 1,
"PAA 5": 1,
"PAA 6": 1,
"RSA 2048": 5,
"SHA-1": 5,
"SHA-256": 2,
"SHA2-256": 5,
"SHA2-384": 5,
"SHA2-512": 11
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"level 1": 1
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 5
},
"SHA2": {
"SHA-256": 2
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 24
},
"RNG": {
"RBG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 11,
"FIPS 180-4": 4,
"FIPS 186-4": 11,
"FIPS 197": 2,
"FIPS 198-1": 4
},
"ISO": {
"ISO/IEC 19790": 4,
"ISO/IEC 24759:2017": 2
},
"NIST": {
"NIST SP 800-140F": 1,
"SP 800-140": 1,
"SP 800-38D": 1,
"SP 800-52": 1
},
"RFC": {
"RFC 5288": 1,
"RFC 7296": 1,
"RFC 7627": 1,
"RFC7627": 14
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 7,
"AES-256": 1
}
},
"constructions": {
"MAC": {
"HMAC": 4
}
}
},
"tee_name": {
"AMD": {
"PSP": 6
},
"IBM": {
"SSC": 2
}
},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 3,
"Cisco Systems, Inc": 24
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Steven Ratcliffe (steratcl)",
"/CreationDate": "D:20240617151300-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20240617151300-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"/Subject": "FIPS 140 Security Policy",
"/Title": "Security Policy",
"pdf_file_size_bytes": 612715,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.cisco.com/c/dam/global/da_dk/assets/training/seminaria-materials/enterprise_network_compute_system_encs_.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 21
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "70ac28ff61c6a8da62d224fd1c4a6466b29cd39cc0468aecb839ef589f3e7824",
"policy_txt_hash": "3169dfdc493ddb20eca346c7555e7a3684248b1f120adb5813d2b0bc19d9f3ed"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf",
"date_sunset": "2026-06-27",
"description": "Virtual Adaptive Security Appliances offers the combination of the industry\u0027s most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications. Delivering robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Adaptive Security Appliance Virtual Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "9.16.4",
"tested_conf": [
"Linux 4 (FX-OS) on NFVIS 4.4 running on ENCS 5412 Server with Intel Xeon Processor D-1557 (Broadwell) With PAA",
"Linux 4 (FX-OS) on NFVIS 4.4 running on ENCS 5412 Server with Intel Xeon Processor D-1557 (Broadwell) without PAA",
"Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
"Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA",
"Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
"Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-06-28",
"lab": "GOSSAMER SECURITY SOLUTIONS INC",
"validation_type": "Initial"
}
],
"vendor": "Cisco Systems, Inc.",
"vendor_url": "http://www.cisco.com"
}
}