This page was not yet optimized for use on mobile
devices.
Huawei USG 9520/9560/9580 Firewall
Certificate #3058
Webpage information
Security policy
Symmetric Algorithms
AES-256, AES-128, AES-192, AES, AES256, RC4, DES, Triple-DES, 3DES, HMAC, HMAC-SHA-256Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA-256, SHA-384, SHA-512, SHA-224, SHA256, SHA-2, MD5Schemes
Key Exchange, Key AgreementProtocols
SSH, SSHv2, SSHv1, SSL, TLS, IKE, IPsec, VPNRandomness
DRBG, RNGLibraries
OpenSSLElliptic Curves
P-256, P-521, P-384Block cipher modes
CBC, CTR, CFB, GCMTLS cipher suites
TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_NULL_MD5, TLS_RSA_WITH_NULL_SHA, TLS_DHE_RSA_WITH_DES_CBC_S, TLS_DHE_DSS_WITH_AES_128_C, TLS_DHE_DSS_WITH_AES_256_CJavaCard API constants
SM2Vendor
Huawei, Huawei Technologies CoSecurity level
Level 2Standards
FIPS 140-2, FIPS 197, FIPS186-4, FIPS 198-1, FIPS 186-2, FIPS 180-4, FIPS 186-4, SP 800-38A, SP 800-133, SP 800-56A, SP 800-67, SP 800-90A, SP 800-90, RFC 4303, RFC 6379, RFC 4511, RFC 2865, RFC 4254, RFC 5246, RFC2574, RFC 3414, RFC 3826, X.509File metadata
| Title | Microsoft Word - 20d - Huawei_USG_Firewall_Security_Policy_v04.docx |
|---|---|
| Author | lgarcia |
| Creation date | D:20171101102041-07'00' |
| Modification date | D:20171101102041-07'00' |
| Pages | 66 |
| Creator | PScript5.dll Version 5.2.2 |
| Producer | Acrobat Distiller 11.0 (Windows) |
References
Outgoing- 72 - historical - Cylink Link Encryptor NRZ-H
- 59 - historical - CERTIFAX Fax Encryptor CF3002 and CF3003
- 75 - historical - Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider
- 58 - historical - LunaCA³
- 54 - historical - PERMIT/Gate 2520™ Cryptographic Module
- 56 - historical - Luna2
- 80 - historical - DS1954B-006 Cryptographic iButton™
- 76 - historical - Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider
- 81 - historical - IBM 4758 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1)
- 57 - historical - LunaCA
- 74 - historical - Personal Ravlin
- 43 - historical - Turbo Crypto Card (TCC), v09, 14.04
- 85 - historical - Entrust Cryptographic Kernel, v5.0
- 84 - historical - ClickStamp™ Online CCV
- 82 - revoked - ASTRO Subscriber Encryption Module
- 88 - revoked - Key Management Facility / Radio Network Controller (KMF/RNC) Encryption Module Controller (EMC)
- 83 - historical - Cylink Link Encryptor NRZ E1-75ohms and Link Encryptor RS-232
- 41 - historical - DS1954B Cryptographic iButton™
- 45 - historical - Netscape Security Module 1.01
- 52 - historical - CERTIFAX Fax Encryptor CF3001
- 44 - revoked - Aegis MR-K I and II System/Scan Radios VHF range: 136-174 MHz UHF range: 378-500 MHz 800 range: 806-870 MHz
- 73 - historical - Cylink Link Encryptor NRZ-L
- 42 - historical - Segmented NetFortress™ GVPN-S
- 55 - historical - Elliptic Curve Security Module (CLv)
- 77 - historical - CryptoConnect ETS
- 53 - historical - PERMIT/Gate 4520™ Cryptographic Module
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3058,
"dgst": "6a6408e6702b2586",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"SHS#3663",
"HMAC#2953",
"CVL#1151",
"KTS#2954",
"DRBG#1441",
"KTS#2393",
"RSA#2432",
"CVL#1153",
"SHS#3664",
"Triple-DES#2392",
"AES#4450",
"HMAC#2954",
"RSA#2431",
"CVL#1150",
"CVL#1152",
"AES#4451",
"ECDSA#1084",
"Triple-DES#2393",
"DRBG#1442"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"4057",
"03056634",
"03057427",
"3",
"20",
"03057520",
"113016",
"2",
"9580",
"03057429",
"03057518",
"03056640",
"03056989",
"03056635",
"03057426",
"03057522",
"1",
"9520",
"03056688",
"03056636",
"9560",
"03056638"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"81",
"41",
"72",
"80",
"56",
"82",
"45",
"73",
"75",
"54",
"83",
"43",
"55",
"53",
"58",
"57",
"76",
"52",
"77",
"85",
"84",
"44",
"74",
"88",
"42",
"59"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"81",
"41",
"72",
"80",
"56",
"82",
"45",
"73",
"75",
"54",
"83",
"43",
"55",
"53",
"484",
"58",
"57",
"76",
"52",
"77",
"85",
"84",
"44",
"74",
"88",
"42",
"59"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"81",
"41",
"72",
"80",
"56",
"82",
"45",
"73",
"75",
"54",
"83",
"43",
"55",
"53",
"58",
"57",
"76",
"52",
"77",
"85",
"84",
"44",
"74",
"88",
"42",
"59"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 2
},
"ECDSA": {
"ECDSA": 11
}
},
"FF": {
"DH": {
"DH": 20,
"Diffie-Hellman": 8
},
"DSA": {
"DSA": 2
}
},
"RSA": {
"RSA 2048": 2
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 5
},
"CFB": {
"CFB": 2
},
"CTR": {
"CTR": 2
},
"GCM": {
"GCM": 5
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 11
}
},
"crypto_protocol": {
"IKE": {
"IKE": 11
},
"IPsec": {
"IPsec": 13
},
"SSH": {
"SSH": 32,
"SSHv1": 3,
"SSHv2": 1
},
"TLS": {
"SSL": {
"SSL": 15
},
"TLS": {
"TLS": 33
}
},
"VPN": {
"VPN": 21
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1
},
"KEX": {
"Key Exchange": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 20,
"P-384": 10,
"P-521": 20
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 3,
"#10": 1,
"#1084": 1,
"#11": 2,
"#1151": 1,
"#1153": 1,
"#12": 2,
"#13": 1,
"#14": 1,
"#1441": 2,
"#1442": 2,
"#17": 1,
"#18": 2,
"#19": 1,
"#20": 1,
"#22": 1,
"#23": 2,
"#2392": 1,
"#2393": 1,
"#24": 1,
"#2431": 1,
"#2432": 1,
"#26": 1,
"#27": 1,
"#28": 1,
"#2953": 1,
"#2954": 1,
"#31": 1,
"#32": 1,
"#33": 2,
"#34": 1,
"#35": 1,
"#36": 1,
"#3663": 1,
"#3664": 1,
"#37": 1,
"#38": 1,
"#39": 1,
"#4": 1,
"#40": 1,
"#41": 2,
"#42": 2,
"#43": 2,
"#44": 2,
"#4450": 2,
"#4451": 1,
"#45": 1,
"#5": 1,
"#52": 1,
"#53": 1,
"#54": 1,
"#55": 1,
"#56": 1,
"#57": 1,
"#58": 1,
"#59": 1,
"#72": 1,
"#73": 1,
"#74": 1,
"#75": 1,
"#76": 1,
"#77": 1,
"#8": 2,
"#80": 1,
"#81": 1,
"#82": 1,
"#83": 1,
"#84": 1,
"#85": 1,
"#88": 1,
"#9": 2
}
},
"fips_certlike": {
"Certlike": {
"AES-128": 17,
"AES-192": 7,
"AES-256": 23,
"AES256": 1,
"DRBG2": 2,
"HMAC-SHA-1": 8,
"HMAC-SHA-1- 96": 2,
"HMAC-SHA-1-96": 2,
"HMAC-SHA-25": 4,
"HMAC-SHA-256": 12,
"HMAC-SHA-38": 4,
"HMAC-SHA-51": 4,
"HMAC-SHA256": 2,
"RSA 2048": 2,
"SHA-1": 19,
"SHA-1, 256": 1,
"SHA-2": 2,
"SHA-224": 2,
"SHA-256": 17,
"SHA-384": 9,
"SHA-512": 8,
"SHA256": 3
}
},
"fips_security_level": {
"Level": {
"Level 2": 1
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 8
}
},
"SHA": {
"SHA1": {
"SHA-1": 20
},
"SHA2": {
"SHA-2": 3,
"SHA-224": 2,
"SHA-256": 17,
"SHA-384": 9,
"SHA-512": 8,
"SHA256": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {
"curves": {
"SM2": 2
}
},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 13
},
"RNG": {
"RNG": 2
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 14,
"FIPS 180-4": 2,
"FIPS 186-2": 1,
"FIPS 186-4": 1,
"FIPS 197": 2,
"FIPS 198-1": 2,
"FIPS186-4": 1
},
"NIST": {
"SP 800-133": 1,
"SP 800-38A": 2,
"SP 800-56A": 1,
"SP 800-67": 2,
"SP 800-90": 2,
"SP 800-90A": 3
},
"RFC": {
"RFC 2865": 1,
"RFC 3414": 1,
"RFC 3826": 1,
"RFC 4254": 1,
"RFC 4303": 1,
"RFC 4511": 1,
"RFC 5246": 1,
"RFC 6379": 1,
"RFC2574": 1
},
"X509": {
"X.509": 3
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 11,
"AES-128": 17,
"AES-192": 7,
"AES-256": 23,
"AES256": 1
},
"RC": {
"RC4": 3
}
},
"DES": {
"3DES": {
"3DES": 7,
"Triple-DES": 12
},
"DES": {
"DES": 4
}
},
"constructions": {
"MAC": {
"HMAC": 8,
"HMAC-SHA-256": 6
}
}
},
"tee_name": {},
"tls_cipher_suite": {
"TLS": {
"TLS_DHE_DSS_WITH_AES_128_C": 3,
"TLS_DHE_DSS_WITH_AES_256_C": 2,
"TLS_DHE_RSA_WITH_DES_CBC_S": 1,
"TLS_RSA_WITH_DES_CBC_SHA": 1,
"TLS_RSA_WITH_NULL_MD5": 1,
"TLS_RSA_WITH_NULL_SHA": 1,
"TLS_RSA_WITH_RC4_128_MD5": 1,
"TLS_RSA_WITH_RC4_128_SHA": 1
}
},
"vendor": {
"Huawei": {
"Huawei": 73,
"Huawei Technologies Co": 68
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "lgarcia",
"/CreationDate": "D:20171101102041-07\u002700\u0027",
"/Creator": "PScript5.dll Version 5.2.2",
"/ModDate": "D:20171101102041-07\u002700\u0027",
"/Producer": "Acrobat Distiller 11.0 (Windows)",
"/Title": "Microsoft Word - 20d - Huawei_USG_Firewall_Security_Policy_v04.docx",
"pdf_file_size_bytes": 5991074,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 66
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "0b0d4d30db43b9514b4b996ce8063a4fc8b7a86bed5fdefddd21aeb7230447dd",
"policy_txt_hash": "ee1265cd8fcb00483889693cc0ac4decd4c789768e83d72f036cd74b800ccc1e"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPS140ConsolidatedCertNov2017.pdf",
"date_sunset": null,
"description": "The Huawei USG Firewalls ensure secure services for large data centers, cloud computing environments, and enterprise campus networks. Integrated switching, routing, and security enable smooth upgrades, easy virtualization, and terabit-level processing capability - all with carrier-grade reliability in a compact, space-saving form factor. NP + multi-core + distributed architecture integrates security, virtualization, and comprehensive service awareness with continuous database updates to optimize protection.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Design Assurance: Level 3",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "V500R001C50",
"historical_reason": "186-2 transition",
"hw_versions": "Base Models: USG9520 (P/N 02350FRU Rev D.2) [1], USG9560 (P/N 02350FRW Rev D.2) [2] and USG9580 (P/N 02350FRX Rev D.2) [3]; SPU/SPC cards: SPU-X3-B (P/N 03056640) [1, 2, 3], SPU-X3-B2 (P/N 03056989) [1, 2, 3], SPU-X8X16-B (P/N 03056638) [1, 2, 3], SPC-20-O-E8KE (P/N 03056636) [1, 2, 3], SPU-X3-20-O-E8KE (P/N 03056634) [1, 2, 3], SPU-X8X16-20-O-E8KE (P/N 03056635) [1, 2, 3], SPC-APPSEC-FW (P/N 03056688) [1, 2, 3], SPUA-20-O-H (P/N 03057426) [1, 2, 3], SPUA-20-O-M (P/N 03057427) [1, 2, 3], SPCA-20-O-H\u0026M (P/N 03057429) [1, 2, 3], SPUB-20-O-H (P/N 03057520) [1, 2, 3], SPUB-20-O-M (P/N 03057518) [1, 2, 3], SPCB-20-O-H\u0026M (P/N 03057522) [1, 2, 3]; External Baffle: 99089JEB, Version A.2 [1, 3]; Tamper Seal 4057-113016, Version A.3 [1, 2, 3]",
"level": 2,
"mentioned_certs": {},
"module_name": "Huawei USG 9520/9560/9580 Firewall",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2017-11-07",
"lab": "UL Verification Services, Inc.",
"validation_type": "Initial"
}
],
"vendor": "Huawei Technologies Co., Ltd.",
"vendor_url": "http://www.huawei.com"
}
}