This page was not yet optimized for use on mobile
devices.
Cisco Adaptive Security Appliances Cryptographic Module
Certificate #3286
Webpage information
Security policy
Symmetric Algorithms
AES-256, AES, RC4, DES, Triple-DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512Asymmetric Algorithms
RSA 2048, RSA-2048, ECDSA, Diffie-Hellman, DHHash functions
SHA-1, SHA-512, SHA-256, SHA-384, MD5Protocols
SSHv2, SSH, SSL, TLSv1.2, TLS, TLS v1.2, TLS 1.2, IKEv2, IKE, IPsec, VPNRandomness
DRBGElliptic Curves
P-256, P-384, P-521Block cipher modes
CBC, CTR, GCMVendor
Cisco, Cisco Systems, Inc, Cisco SystemsSecurity level
Level 2, Level 1, level 2Side-channel analysis
SPACertification process
out of scope, of the TEL as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The Crypto Officer shall inspect the seals for evidence of tamper asStandards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, FIPS 186-4, SP 800-90A, SP 800-52, RFC 5288, RFC 7296, RFC 5246, RFC 4253, RFC 6071File metadata
| Title | CISCO 831 Security Policy |
|---|---|
| Subject | FIPS 140-2 Security Policy |
| Author | Scott Shorter |
| Creation date | D:20180827154621-04'00' |
| Modification date | D:20180827154621-04'00' |
| Pages | 39 |
| Creator | Microsoft® Word 2013 |
| Producer | Microsoft® Word 2013 |
References
Outgoing- 3261 - historical - Cisco Firepower Cryptographic Module
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3286,
"dgst": "617c14bb6cfaff0a",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA#1254",
"AES#3301",
"HMAC#2811",
"SHS#2091",
"Triple-DES#1321",
"HMAC#1247",
"AES#2050",
"RSA#2297",
"HMAC#3272",
"Triple-DES#2307",
"HMAC#2095",
"DRBG#1337",
"AES#2444",
"DRBG#1735",
"AES#2472",
"SHS#3512",
"DRBG#819",
"HMAC#1514",
"AES#4266",
"SHS#4012",
"CVL#1008",
"Triple-DES#2559",
"DRBG#336",
"SHS#2737",
"SHS#1794",
"Triple-DES#1513",
"AES#4905",
"DRBG#332",
"CVL#1521",
"RSA#2678",
"Triple-DES#1881"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"9.8"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3261"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3261"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"3261"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3261"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3261"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"3261"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDSA": {
"ECDSA": 16
}
},
"FF": {
"DH": {
"DH": 7,
"Diffie-Hellman": 15
}
},
"RSA": {
"RSA 2048": 7,
"RSA-2048": 1
}
},
"certification_process": {
"OutOfScope": {
"of the TEL as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The Crypto Officer shall inspect the seals for evidence of tamper as": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CTR": {
"CTR": 2
},
"GCM": {
"GCM": 9
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 37,
"IKEv2": 9
},
"IPsec": {
"IPsec": 19
},
"SSH": {
"SSH": 20,
"SSHv2": 25
},
"TLS": {
"SSL": {
"SSL": 3
},
"TLS": {
"TLS": 44,
"TLS 1.2": 1,
"TLS v1.2": 1,
"TLSv1.2": 8
}
},
"VPN": {
"VPN": 10
}
},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 6,
"P-384": 2,
"P-521": 2
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 2,
"#1008": 2,
"#1521": 1,
"#3261": 2
}
},
"fips_certlike": {
"Certlike": {
"AES 128/192/256": 4,
"AES-256": 6,
"Diffie-Hellman (CVL Cert. #1008": 2,
"Diffie-Hellman (CVL Cert. #1521": 1,
"HMAC- SHA256/384": 1,
"HMAC-SHA-1": 6,
"HMAC-SHA-1 160": 2,
"HMAC-SHA-256": 4,
"HMAC-SHA-384": 4,
"HMAC-SHA-512": 4,
"HMAC-SHA1": 4,
"RSA 2048": 7,
"SHA-1": 2,
"SHA-256": 2,
"SHA-384": 1,
"SHA-512": 8,
"SHA\u2013384": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"Level 2": 3,
"level 2": 2
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 8
}
},
"SHA": {
"SHA1": {
"SHA-1": 2
},
"SHA2": {
"SHA-256": 2,
"SHA-384": 1,
"SHA-512": 8
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 68
}
},
"side_channel_analysis": {
"SCA": {
"SPA": 2
}
},
"standard_id": {
"FIPS": {
"FIPS 140": 2,
"FIPS 140-2": 20,
"FIPS 186-4": 4,
"FIPS PUB 140-2": 1
},
"NIST": {
"SP 800-52": 2,
"SP 800-90A": 7
},
"RFC": {
"RFC 4253": 2,
"RFC 5246": 2,
"RFC 5288": 2,
"RFC 6071": 1,
"RFC 7296": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 14,
"AES-256": 6
},
"RC": {
"RC4": 4
}
},
"DES": {
"3DES": {
"Triple-DES": 12
},
"DES": {
"DES": 7
}
},
"constructions": {
"MAC": {
"HMAC": 5,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 31,
"Cisco Systems": 4,
"Cisco Systems, Inc": 37
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Scott Shorter",
"/CreationDate": "D:20180827154621-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2013",
"/ModDate": "D:20180827154621-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2013",
"/Subject": "FIPS 140-2 Security Policy",
"/Title": "CISCO 831 Security Policy",
"pdf_file_size_bytes": 2799507,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.cisco.com/c/en/us/products/index.html",
"http://csrc.nist.gov/groups/STM/index.html",
"http://csrc.nist.gov/groups/STM/cmvp/validation.html",
"http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eot_edge.html",
"http://www.cisco.com/",
"http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-installation-and-configuration-guides-list.html",
"http://www.cisco.com/en/US/products/ps6120/index.html"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 39
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "8e762291b95af3e8ec9c3f6e84bc8a4c9de2898a3f2f6192fcda554f8883fb27",
"policy_txt_hash": "9b04d98cc48719f890a251ea231502debb6fcf0c7e0a9fd690d2ef396f4747a5"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy. This module contains the embedded module Cisco Firepower Cryptographic Module validated to FIPS 140-2 under Cert. #3261 operating in FIPS mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/SeptConsolidated2018.pdf",
"date_sunset": null,
"description": "Enterprise-class firewall capabilities for the ASA devices in an array of form factors - standalone appliances tailor-made for small and midsize businesses, midsize appliances for businesses improving security . This solution offers the combination of the industry\u0027s most deployed stateful firewall with a comprehensive range of next-generation network security services.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, Services, and Authentication: Level 3",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "9.8",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "[ASA 5506-X, ASA 5506H-X, ASA 5506W-X] with [1][2], ASA 5508-X with [1][3], ASA 5516-X with [1][4], and [ASA 5525-X, ASA 5545-X, ASA 5555-X] with [1]; FIPS Kit: [AIR-AP-FIPSKIT=][1], [ASA5506-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3] or [ASA5516-FIPS-KIT=][4]",
"level": 2,
"mentioned_certs": {
"3261": 1
},
"module_name": "Cisco Adaptive Security Appliances Cryptographic Module",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2018-09-17",
"lab": "Gossamer Security Solutions",
"validation_type": "Initial"
}
],
"vendor": "Cisco Systems, Inc.",
"vendor_url": "http://www.cisco.com"
}
}