Firepower Management Center Virtual VMware Cryptographic Module

Certificate #4710

Webpage information ?

Status active
Validation dates 17.06.2024
Sunset date 16-06-2026
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim Validation. When installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description Cisco FMCv Module provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Delivering in-depth analysis, streamlined security management across the network and cloud, and accelerated incident investigation and response, working across Cisco and third-party technologies.
Tested configurations
  • Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA
  • Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA
  • Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA
  • Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, CAST, HMAC, HMAC-SHA-512, HMAC-SHA-256, HMAC-SHA-384
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DH
Hash functions
SHA-1, SHA-256
Schemes
MAC, Key Agreement
Protocols
SSH, TLS v1.2, TLSv1.2, TLS
Randomness
DRBG, RBG
Libraries
Crypto Library 3
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
CBC, GCM

Trusted Execution Environments
PSP, SSC
Vendor
Cisco Systems, Inc, Cisco

Security level
Level 1, level 1

Standards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS140-3, FIPS 180-4, SP 800-140, SP 800-38D, SP 800-52, NIST SP 800-140F, RFC7627, RFC 5288, ISO/IEC 19790, ISO/IEC 24759:2017

File metadata

Title Security Policy
Subject FIPS 140 Security Policy
Author Steven Ratcliffe (steratcl)
Creation date D:20240614141658-04'00'
Modification date D:20240614141658-04'00'
Pages 19
Creator Microsoft® Word 2016
Producer Microsoft® Word 2016

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 08.07.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf.
  • 04.07.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4710,
  "dgst": "6aa7d46a7422b6d6",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "ECDSA KeyVer (FIPS186-4)A3376",
        "ECDSA SigVer (FIPS186-4)A3376",
        "KDF SSHA3376",
        "SHA-1A3376",
        "ECDSA KeyGen (FIPS186-4)A3376",
        "TLS v1.2 KDF RFC7627A3376",
        "RSA SigGen (FIPS186-4)A3376",
        "HMAC-SHA2-384A3376",
        "HMAC-SHA2-512A3376",
        "HMAC-SHA2-256A3376",
        "RSA SigVer (FIPS186-4)A3376",
        "RSA KeyGen (FIPS186-4)A3376",
        "AES-CBCA3376",
        "SHA2-256A3376",
        "HMAC-SHA-1A3376",
        "AES-GCMA3376",
        "Counter DRBGA3376",
        "SHA2-384A3376",
        "Safe Primes Key GenerationA3376",
        "SHA2-512A3376",
        "ECDSA SigGen (FIPS186-4)A3376"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 6
          },
          "ECDH": {
            "ECDH": 2
          },
          "ECDSA": {
            "ECDSA": 38
          }
        },
        "FF": {
          "DH": {
            "DH": 1,
            "Diffie-Hellman": 16
          }
        },
        "RSA": {
          "RSA 2048": 2
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "GCM": {
          "GCM": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "Generic": {
          "Crypto Library 3": 1
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 27
        },
        "TLS": {
          "TLS": {
            "TLS": 24,
            "TLS v1.2": 9,
            "TLSv1.2": 16
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2
        },
        "MAC": {
          "MAC": 2
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 30,
          "P-384": 12,
          "P-521": 14
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES-256": 1,
          "AES-CBC 256": 2,
          "AES-GCM 256": 2,
          "HMAC-SHA- 1": 2,
          "HMAC-SHA-1": 12,
          "HMAC-SHA-256": 2,
          "HMAC-SHA-384": 2,
          "HMAC-SHA-512": 8,
          "PAA 2": 1,
          "PAA 3": 1,
          "PAA 4": 1,
          "RSA 2048": 2,
          "SHA-1": 6,
          "SHA-256": 4,
          "SHA2-256": 6,
          "SHA2-384": 6,
          "SHA2-512": 5
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 6
          },
          "SHA2": {
            "SHA-256": 4
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 15
        },
        "RNG": {
          "RBG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 10,
          "FIPS 180-4": 4,
          "FIPS 186-4": 11,
          "FIPS 197": 2,
          "FIPS 198-1": 4,
          "FIPS140-3": 2
        },
        "ISO": {
          "ISO/IEC 19790": 4,
          "ISO/IEC 24759:2017": 2
        },
        "NIST": {
          "NIST SP 800-140F": 1,
          "SP 800-140": 1,
          "SP 800-38D": 1,
          "SP 800-52": 1
        },
        "RFC": {
          "RFC 5288": 1,
          "RFC7627": 13
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 5,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 2
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 7,
            "HMAC-SHA-256": 1,
            "HMAC-SHA-384": 1,
            "HMAC-SHA-512": 4
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 6
        },
        "IBM": {
          "SSC": 6
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 12,
          "Cisco Systems, Inc": 21
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Steven Ratcliffe (steratcl)",
      "/CreationDate": "D:20240614141658-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word 2016",
      "/ModDate": "D:20240614141658-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word 2016",
      "/Subject": "FIPS 140 Security Policy",
      "/Title": "Security Policy",
      "pdf_file_size_bytes": 544104,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-c-series-rack-servers/c220m5-sff-specsheet.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 19
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "794d25f3c7d1718752f1e191351ae6f68f43fbd162252d3cd62fefbe25d5fca3",
    "policy_txt_hash": "4b73702bd07262e4502f1507666eafeeb7e2bba24dc9f6520177bfa21f86c9e6"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf",
    "date_sunset": "2026-06-16",
    "description": "Cisco FMCv Module provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Delivering in-depth analysis, streamlined security management across the network and cloud, and accelerated incident investigation and response, working across Cisco and third-party technologies.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Firepower Management Center Virtual VMware Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "7.0.5",
    "tested_conf": [
      "Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
      "Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA",
      "Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
      "Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-06-17",
        "lab": "GOSSAMER SECURITY SOLUTIONS INC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}