Panorama 9.0 M-100, M-200, M-500 and M-600

Certificate #3896

Webpage information

Status active
Validation dates 15.04.2021 , 05.07.2022
Sunset date 14-04-2026
Standard FIPS 140-2
Security level 2
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy
Exceptions
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description Panorama 9.0 on the M-100, M-200, M-500 and M-600 provides centralized management and visibility of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network. The M-500 and M-600 provide an additional service, the PAN-DB private cloud, which is an on-premise solution suitable for organizations that prohibit or restrict the use of the PAN-DB public cloud service.
Version (Hardware) P/Ns 910-000030 Version 00D [1], 910-000092 Version 00D [1], 910-000176 Version 00A [2], 910-000073 Version 00D [3], and 910-000175 Version 00A [4]; FIPS Kit P/Ns 920-000140 Version 00A [1], 920-000208 Version 00A [2], 920-000145 Version 00A [3], and 920-000209 Version 00A [4]
Version (Firmware) 9.0.9
Vendor Palo Alto Networks, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-, AES-256, CAST, RC4, DES, Triple-DES, Blowfish, Camellia, SEED, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMAC
Asymmetric Algorithms
RSA 2048, RSA 3072, RSA 4096, ECDHE, ECDH, ECDSA, Diffie-Hellman, DHE, DH, DSA
Hash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-2, MD5, RIPEMD
Schemes
Key Exchange
Protocols
SSH, SSHv2, TLS, TLSv1.0, TLS v1.0, IKE
Randomness
DRBG, RNG
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
ECB, CBC, CTR, CFB, GCM, CCM
TLS cipher suites
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Security level
Level 2, Level 3

Standards
FIPS 140-2, FIPS 197, FIPS 186-4, FIPS 198, FIPS 186-2, FIPS 180-4, SP 800-56A, SP 800-135, SP 800-52, RFC 5288, RFC 5246

File metadata

Title Panorama 9.0 Security Policy
Author Palo Alto Networks Technical Documentation Department
Creation date D:20220629131646-07'00'
Modification date D:20220629131646-07'00'
Pages 57
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 3896,
  "dgst": "55f5054a626756a7",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "HMAC#C1005",
        "KAS-SSC#A2670",
        "KTS#C1005",
        "CVL#C1005",
        "KAS#C1005",
        "DSA#C1005",
        "KAS#A2670",
        "RSA#C1005",
        "DRBG#C1005",
        "ECDSA#C1005",
        "SHS#C1005",
        "AES#C1005"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "9.0",
        "9.0.9"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECDH": {
            "ECDH": 8,
            "ECDHE": 5
          },
          "ECDSA": {
            "ECDSA": 24
          }
        },
        "FF": {
          "DH": {
            "DH": 9,
            "DHE": 3,
            "Diffie-Hellman": 8
          },
          "DSA": {
            "DSA": 1
          }
        },
        "RSA": {
          "RSA 2048": 7,
          "RSA 3072": 1,
          "RSA 4096": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 4
        },
        "CCM": {
          "CCM": 2
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 3
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 13
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 2
        },
        "SSH": {
          "SSH": 40,
          "SSHv2": 1
        },
        "TLS": {
          "TLS": {
            "TLS": 39,
            "TLS v1.0": 1,
            "TLSv1.0": 3
          }
        }
      },
      "crypto_scheme": {
        "KEX": {
          "Key Exchange": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 36,
          "P-384": 32,
          "P-521": 34
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1,
          "#10": 2,
          "#11": 3,
          "#12": 2,
          "#13": 1,
          "#14": 1,
          "#15": 1,
          "#18": 1,
          "#19": 1,
          "#2": 1,
          "#20": 1,
          "#3": 1,
          "#32": 1,
          "#4": 3,
          "#40": 1,
          "#5": 2,
          "#6": 1,
          "#9": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 256": 1,
          "AES-256": 2,
          "AES-GCM (128": 1,
          "Cert. # AES": 1,
          "DRBG 2": 1,
          "HMAC- SHA-1": 1,
          "HMAC-SHA-1": 6,
          "HMAC-SHA-256": 6,
          "HMAC-SHA-384": 4,
          "HMAC-SHA-512": 4,
          "RSA 2048": 7,
          "RSA 3072": 1,
          "RSA 4096": 1,
          "SHA-1": 5,
          "SHA-2": 3,
          "SHA-224": 5,
          "SHA-256": 6,
          "SHA-384": 5,
          "SHA-512": 6
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 2": 4,
          "Level 3": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 2
          }
        },
        "RIPEMD": {
          "RIPEMD": 1
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 5
          },
          "SHA2": {
            "SHA-2": 3,
            "SHA-224": 5,
            "SHA-256": 6,
            "SHA-384": 5,
            "SHA-512": 6
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 13
        },
        "RNG": {
          "RNG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 17,
          "FIPS 180-4": 1,
          "FIPS 186-2": 1,
          "FIPS 186-4": 3,
          "FIPS 197": 1,
          "FIPS 198": 1
        },
        "NIST": {
          "SP 800-135": 1,
          "SP 800-52": 1,
          "SP 800-56A": 2
        },
        "RFC": {
          "RFC 5246": 1,
          "RFC 5288": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 15,
            "AES-": 1,
            "AES-256": 2
          },
          "CAST": {
            "CAST": 1
          },
          "RC": {
            "RC4": 1
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 1
          },
          "DES": {
            "DES": 2
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 2,
            "HMAC": 6,
            "HMAC-SHA-256": 3,
            "HMAC-SHA-384": 2,
            "HMAC-SHA-512": 2
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 1
          },
          "Camellia": {
            "Camellia": 1
          },
          "SEED": {
            "SEED": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {
        "TLS": {
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_RSA_WITH_AES_256_GCM_SHA384": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Palo Alto Networks Technical Documentation Department",
      "/CreationDate": "D:20220629131646-07\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20220629131646-07\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "Panorama 9.0 Security Policy",
      "pdf_file_size_bytes": 5384419,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.paloaltonetworks.com/company/trademarks.html",
          "http://www.paloaltonetworks.com/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 57
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "187d1952c7c88513201b3b37a98cab0649ce0682a7175e63342513be137df196",
    "policy_txt_hash": "a20bf3591ca76b5752a14c730ab72ad40064386b1fdbbde3a24e9e8920d7231b"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/April 2021_030521_0757_signed.pdf",
    "date_sunset": "2026-04-14",
    "description": "Panorama 9.0 on the M-100, M-200, M-500 and M-600 provides centralized management and visibility of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network. The M-500 and M-600 provide an additional service, the PAN-DB private cloud, which is an on-premise solution suitable for organizations that prohibit or restrict the use of the PAN-DB public cloud service.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "9.0.9",
    "historical_reason": null,
    "hw_versions": "P/Ns 910-000030 Version 00D [1], 910-000092 Version 00D [1], 910-000176 Version 00A [2], 910-000073 Version 00D [3], and 910-000175 Version 00A [4]; FIPS Kit P/Ns 920-000140 Version 00A [1], 920-000208 Version 00A [2], 920-000145 Version 00A [3], and 920-000209 Version 00A [4]",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "Panorama 9.0 M-100, M-200, M-500 and M-600",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2021-04-15",
        "lab": "UL Verification Services, Inc.",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2022-07-05",
        "lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
        "validation_type": "Update"
      }
    ],
    "vendor": "Palo Alto Networks, Inc.",
    "vendor_url": "http://www.paloaltonetworks.com"
  }
}