Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2021-2025 Cisco Systems, Inc.
Cisco Systems logo is registered trademark of Cisco Systems, Inc.
Cisco Systems, Inc.
Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 1000 Series)
FIPS 140-3 Non-Proprietary Security Policy
Page 2 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Table of Contents
1 General................................................................................................................................... 5
1.1 Overview .......................................................................................................................... 5
1.2 Security Levels ................................................................................................................. 5
2 Cryptographic Module Specification........................................................................................ 5
2.1 Description ....................................................................................................................... 5
2.2 Tested and Vendor Affirmed Module Version and Identification........................................ 6
2.3 Excluded Components...................................................................................................... 7
2.4 Modes of Operation.......................................................................................................... 7
2.5 Algorithms ........................................................................................................................ 7
2.6 Security Function Implementations..................................................................................10
2.7 Algorithm Specific Information .........................................................................................14
2.8 RBG and Entropy ............................................................................................................15
2.9 Key Generation................................................................................................................16
2.10 Key Establishment.........................................................................................................16
2.11 Industry Protocols..........................................................................................................17
3 Cryptographic Module Interfaces............................................................................................17
3.1 Ports and Interfaces ........................................................................................................17
4 Roles, Services, and Authentication.......................................................................................17
4.1 Authentication Methods ...................................................................................................17
4.2 Roles...............................................................................................................................19
4.3 Approved Services ..........................................................................................................19
4.4 Non-Approved Services...................................................................................................37
4.5 External Software/Firmware Loaded................................................................................37
4.6 Cryptographic Output Actions and Status ........................................................................38
4.7 Additional Information......................................................................................................38
5 Software/Firmware Security ...................................................................................................38
5.1 Integrity Techniques ........................................................................................................38
5.2 Initiate on Demand ..........................................................................................................38
6 Operational Environment........................................................................................................38
6.1 Operational Environment Type and Requirements ..........................................................38
7 Physical Security....................................................................................................................38
7.1 Mechanisms and Actions Required..................................................................................38
7.2 User Placed Tamper Seals..............................................................................................39
7.3 Filler Panels.....................................................................................................................44
8 Non-Invasive Security ............................................................................................................46
Page 3 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
9 Sensitive Security Parameters Management..........................................................................46
9.1 Storage Areas .................................................................................................................46
9.2 SSP Input-Output Methods..............................................................................................46
9.3 SSP Zeroization Methods................................................................................................47
9.4 SSPs ...............................................................................................................................48
9.5 Transitions.......................................................................................................................64
10 Self-Tests.............................................................................................................................64
10.1 Pre-Operational Self-Tests ............................................................................................64
10.2 Conditional Self-Tests....................................................................................................65
10.3 Periodic Self-Test Information........................................................................................68
10.4 Error States ...................................................................................................................71
11 Life-Cycle Assurance ...........................................................................................................71
11.1 Installation, Initialization, and Startup Procedures..........................................................71
11.2 Administrator Guidance .................................................................................................72
11.3 Non-Administrator Guidance..........................................................................................72
12 Mitigation of Other Attacks ...................................................................................................73
Page 4 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
List of Tables
Table 1: Security Levels............................................................................................................. 5
Table 2: Tested Module Identification – Hardware ..................................................................... 7
Table 3: Modes List and Description .......................................................................................... 7
Table 4: Approved Algorithms.................................................................................................... 9
Table 5: Vendor-Affirmed Algorithms ......................................................................................... 9
Table 6: Security Function Implementations..............................................................................14
Table 7: Entropy Certificates.....................................................................................................15
Table 8: Entropy Sources..........................................................................................................15
Table 9: Ports and Interfaces ....................................................................................................17
Table 10: Authentication Methods.............................................................................................19
Table 11: Roles.........................................................................................................................19
Table 12: Approved Services ....................................................................................................37
Table 13: Mechanisms and Actions Required ...........................................................................39
Table 14: Storage Areas ...........................................................................................................46
Table 15: SSP Input-Output Methods........................................................................................47
Table 16: SSP Zeroization Methods..........................................................................................48
Table 17: SSP Table 1..............................................................................................................55
Table 18: SSP Table 2..............................................................................................................64
Table 19: Pre-Operational Self-Tests........................................................................................64
Table 20: Conditional Self-Tests ...............................................................................................68
Table 21: Pre-Operational Periodic Information.........................................................................69
Table 22: Conditional Periodic Information................................................................................71
Table 23: Error States...............................................................................................................71
List of Figures
Figure 1: FPR 1010................................................................................................................... 6
Figure 2: FPR 1120, FPR 1140 and FPR 1150 ......................................................................... 6
Figure 3: FPR-1010 Front view .................................................................................................39
Figure 4: FPR-1010 Back view..................................................................................................40
Figure 5: FPR-1010 Left view....................................................................................................40
Figure 6: FPR-1010 Right view .................................................................................................40
Figure 7: FPR-1010 Top View...................................................................................................41
Figure 8: FPR-1010 Bottom view ..............................................................................................41
Figure 9: FPR-1140 Front View.................................................................................................42
Figure 10: FPR-1140 Rear View ...............................................................................................42
Figure 11: FPR-1140 Left View.................................................................................................42
Figure 12: FPR-1140 Right View...............................................................................................42
Figure 13: FPR-1140 Top View.................................................................................................43
Figure 14: FPR-1140 Bottom View............................................................................................44
Page 5 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
1 General
1.1 Overview
This is Cisco Systems, Inc. non-proprietary security policy for the Cisco Secure Firewall Threat
Defense Cryptographic Module (FPR 1000 Series) (hereinafter referred to as FTD or Module),
version 7.4. The following details how this module meets the security requirements of FIPS
140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 2 hardware cryptographic module.
The security requirements cover areas related to the design and implementation of a
cryptographic module. These areas include cryptographic module specification; cryptographic
module interfaces; roles, services, and authentication; software/firmware security; operational
environment; physical security; non-invasive security; sensitive security parameter
management; self-tests; life-cycle assurance; and mitigation of other attacks. The following
table indicates the actual security levels for each area of the cryptographic module.
1.2 Security Levels
Section Title Security Level
1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 3
5 Software/Firmware security 2
6 Operational environment N/A
7 Physical security 2
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A
Overall Level 2
Table 1: Security Levels
2 Cryptographic Module Specification
2.1 Description
Purpose and Use:
This module is a multi-chip standalone hardware cryptographic module identified as Firewall
Threat Defense (FTD) which houses ASA and Firepower solutions with underlying operating
system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FX-
OS throughout this document). The Module’s operational environment is Limited.
FTD delivers enterprise-class firewall for businesses, improving security at the Internet edge,
high performance and throughput for demanding enterprise data centers. The FTD solution
offers the combination of the industry's most deployed stateful firewall with a comprehensive
Page 6 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
range of next-generation network security services, intrusion prevention system (IPS), content
security and secure unified communications, HTTPS/TLSv1.2, SSHv2, IPsec/IKEv2, SNMPv3
and Cryptographic Cipher Suite B using the ASA Cryptographic Module.
Module Type: Hardware
Module Embodiment: MultiChipStand
Module Characteristics:
Cryptographic Boundary:
The cryptographic boundary is defined as the entire chassis unit’s physical perimeter
encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case, and
shown in the figures below and in the Physical Security section. The FPR 1010 has a unique
exterior appearance whereas the FPR 1120, FPR 1140 and FPR 1150 all have the same
exterior appearance. Where they differ is in Firewall throughput, IPS throughput, IPsec VPN
throughput and number of VPN peers allowed.
Figure 1: FPR 1010
Figure 2: FPR 1120, FPR 1140 and FPR 1150
2.2 Tested and Vendor Affirmed Module Version and Identification
Tested Module Identification – Hardware:
Model
and/or
Part
Number
Hardware
Version
Firmware
Version
Processors Features
FRP 1010 FPR-1010 7.4 Intel Atom C3558 (Goldmont)
Page 7 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Model
and/or
Part
Number
Hardware
Version
Firmware
Version
Processors Features
FRP 1120 FPR-1120 7.4 Intel Atom C3858 (Goldmont)
FRP 1140 FPR-1140 7.4 Intel Atom C3958 (Goldmont)
FRP 1150 FPR-1150 7.4 Intel Atom C3958 (Goldmont)
Table 2: Tested Module Identification – Hardware
Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets):
N/A for this module.
Tested Module Identification – Hybrid Disjoint Hardware:
N/A for this module.
Tested Operational Environments - Software, Firmware, Hybrid:
N/A for this module.
Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid:
N/A for this module.
2.3 Excluded Components
N/A for this module.
2.4 Modes of Operation
Modes List and Description:
Mode Name Description Type Status Indicator
Approved
Mode of
Operation
The module is always in the approved
mode of operation after initial
operations are performed.
Approved Approved mode
indicator: "FIPS is
currently enabled."
Table 3: Modes List and Description
The module has one approved mode of operation and is always in the approved mode of
operation after initial operations are performed (See Section 11). The module does not claim
implementation of a degraded mode of operation. Section 4 provides details on the service
indicator implemented by the module.
2.5 Algorithms
Approved Algorithms:
Page 8 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Algorithm CAVP
Cert
Properties Reference
AES-CBC A4446 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4446 Direction - Decrypt, Encrypt
IV Generation - Internal
IV Generation Mode - 8.2.1
Key Length - 128, 192, 256
SP 800-38D
Counter DRBG A4446 Prediction Resistance - Yes
Mode - AES-128, AES-192, AES-256
Derivation Function Enabled - Yes
SP 800-90A
Rev. 1
ECDSA KeyGen
(FIPS186-4)
A4446 Curve - P-256, P-384, P-521
Secret Generation Mode - Testing Candidates
FIPS 186-4
ECDSA SigGen
(FIPS186-4)
A4446 Curve - P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-4
ECDSA SigVer
(FIPS186-4)
A4446 Curve - P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-4
HMAC-SHA-1 A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1
HMAC-SHA2-
224
A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1
HMAC-SHA2-
256
A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1
HMAC-SHA2-
384
A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1
HMAC-SHA2-
512
A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1
KAS-ECC-SSC
Sp800-56Ar3
A4446 Domain Parameter Generation Methods - P-
256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KAS-FFC-SSC
Sp800-56Ar3
A4446 Domain Parameter Generation Methods -
ffdhe2048, ffdhe3072, ffdhe4096, modp-2048,
modp-3072, modp-4096
Scheme -
dhEphem -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDF IKEv2
(CVL)
A4446 Diffie-Hellman Shared Secret Length - Diffie-
Hellman Shared Secret Length: 2048
Derived Keying Material Length - Derived
Keying Material Length: 3072
Hash Algorithm - SHA-1
SP 800-135
Rev. 1
KDF SNMP
(CVL)
A4446 Password Length - Password Length: 256, 64 SP 800-135
Rev. 1
KDF SSH (CVL) A4446 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-256
SP 800-135
Rev. 1
RSA KeyGen
(FIPS186-4)
A4446 Key Generation Mode - B.3.4
Modulo - 2048, 3072
FIPS 186-4
Page 9 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Algorithm CAVP
Cert
Properties Reference
Hash Algorithm - SHA2-256
Private Key Format - Standard
RSA SigGen
(FIPS186-4)
A4446 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 2048, 3072
FIPS 186-4
RSA SigVer
(FIPS186-4)
A4446 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 2048, 3072
FIPS 186-4
Safe Primes Key
Generation
A4446 Safe Prime Groups - ffdhe2048, ffdhe3072,
ffdhe4096, modp-2048, modp-3072, modp-
4096
SP 800-56A
Rev. 3
SHA-1 A4446 Message Length - Message Length: 0-65536
Increment 8
FIPS 180-4
SHA2-224 A4446 Message Length - Message Length: 0-65536
Increment 8
FIPS 180-4
SHA2-256 A4446 Message Length - Message Length: 0-65536
Increment 8
FIPS 180-4
SHA2-384 A4446 Message Length - Message Length: 0-65536
Increment 8
FIPS 180-4
SHA2-512 A4446 Message Length - Message Length: 0-65536
Increment 8
FIPS 180-4
TLS v1.2 KDF
RFC7627 (CVL)
A4446 Hash Algorithm - SHA2-256, SHA2-384, SHA2-
512
SP 800-135
Rev. 1
Table 4: Approved Algorithms
Vendor-Affirmed Algorithms:
Name Properties Implementation Reference
CKG Key Type:Asymmetric N/A SP 800-133r2 Section 4, Method 1
Table 5: Vendor-Affirmed Algorithms
Non-Approved, Allowed Algorithms:
N/A for this module.
Non-Approved, Allowed Algorithms with No Security Claimed:
N/A for this module.
Non-Approved, Not Allowed Algorithms:
N/A for this module.
Page 10 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
2.6 Security Function Implementations
Name Type Description Properties Algorithms
KAS-ECC-
KeyGen
(SSHv2)
KAS-KeyGen
CKG
KAS ECC
keygen used in
SSHv2 service
Bit-Strength
Caveat:128 to
256 bits
encryption
strength
Counter DRBG:
(A4446)
CKG: ()
KAS-FFC-
KeyGen
(SSHv2)
KAS-KeyGen
CKG
KAS FFC
keygen used in
SSHv2 service
Bit-strength
Caveat:112 to
152 bits
encryption
strength
Counter DRBG:
(A4446)
Safe Primes Key
Generation:
(A4446)
Safe Prime
Groups: modp-
2048, modp-
3072, modp-
4096
CKG: ()
KAS-ECC-
KeyGen
(TLSv1.2)
KAS-KeyGen
CKG
KAS ECC
keygen used in
TLSv1.2 service
Bit-Strength
Caveat:128 to
256 bits
encryption
strength
Counter DRBG:
(A4446)
CKG: ()
KAS-FFC-
KeyGen
(TLSv1.2)
KAS-KeyGen
CKG
KAS FFC
keygen used in
TLSv1.2 service
Bit-strength
Caveat:112 to
152 bits
encryption
strength
Counter DRBG:
(A4446)
Safe Primes Key
Generation:
(A4446)
Safe Prime
Groups:
ffdhe2048,
ffdhe3072,
ffdhe4096
CKG: ()
KAS-ECC-
KeyGen (IKEv2)
KAS-KeyGen
CKG
KAS ECC
keygen used in
TLSv1.2 service
Bit-strength
Caveat:128 to
256 bits
encryption
strength
Counter DRBG:
(A4446)
CKG: ()
KAS-FFC-
KeyGen (IKEv2)
KAS-KeyGen
CKG
KAS FFC
keygen used in
IKEv2 service
Bit-strength
Caveat:112 to
152 bits
encryption
strength
Counter DRBG:
(A4446)
Safe Primes Key
Generation:
(A4446)
Safe Prime
Groups: modp-
2048, modp-
3072, modp-
Page 11 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Type Description Properties Algorithms
4096
CKG: ()
KAS-ECC
(SSHv2)
KAS-Full KAS-ECC for
SSHv2 service
Bit-strength
Caveat:Provides
between 128
and 256 bits of
encryption
strength
KDF SSH:
(A4446)
KAS-ECC-SSC
Sp800-56Ar3:
(A4446)
KAS-FFC
(SSHv2)
KAS-Full KAS-FFC
SSHv2 service
Bit-strength
Caveat:Provides
between 112 to
152 bits of
encryption
strength
KDF SSH:
(A4446)
KAS-FFC-SSC
Sp800-56Ar3:
(A4446)
Domain
Parameter
Generation
Methods:
MODP-2048,
MODP-3072,
MODP-4096
KAS-ECC
(TLSv1.2)
KAS-Full KAS-ECC for
TLSv1.2 service
Bit-strength
Caveat:Provides
between 128
and 256 bits of
encryption
strength
TLS v1.2 KDF
RFC7627:
(A4446)
KAS-ECC-SSC
Sp800-56Ar3:
(A4446)
KAS-FFC
(TLSv1.2)
KAS-Full KAS-FFC for
TLSv1.2 service
Bit-strength
Caveat:Provides
between 112 to
152 bits of
encryption
strength
TLS v1.2 KDF
RFC7627:
(A4446)
KAS-FFC-SSC
Sp800-56Ar3:
(A4446)
Domain
Parameter
Generation
Methods:
ffdhe2048,
ffdhe3072,
ffdhe4096
KAS-ECC
(IKEv2)
KAS-Full KAS-ECC for
IKEv2 Service
Bit-strength
Caveat:Provides
between 128
and 256 bits of
encryption
strength
KAS-ECC-SSC
Sp800-56Ar3:
(A4446)
KDF IKEv2:
(A4446)
KAS-FFC
(IKEv2)
KAS-Full KAS-FFC for
IKEv2 service
Bit-strength
Caveat:Provides
between 112
and 152 bits of
KAS-FFC-SSC
Sp800-56Ar3:
(A4446)
Domain
Page 12 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Type Description Properties Algorithms
encryption
strength
Parameter
Generation
Methods:
MODP-2048,
MODP-3072,
MODP-4096
KDF IKEv2:
(A4446)
KTS (TLSv1.2
with AES and
HMAC)
KTS-Wrap KTS via TLSv1.2
service by using
AES and HMAC
Bit-strength
Caveat:Provides
between 128
and 256 bits of
encryption
strength
AES-CBC:
(A4446)
HMAC-SHA-1:
(A4446)
HMAC-SHA2-
256: (A4446)
HMAC-SHA2-
384: (A4446)
SHA-1: (A4446)
SHA2-256:
(A4446)
SHA2-384:
(A4446)
KTS (TLSv1.2
with AES-GCM)
KTS-Wrap KTS via TLSv1.2
service by using
AES-GCM
Bit-strength
Caveat:Provides
between 128
and 256 bits of
encryption
strength
AES-GCM:
(A4446)
KTS (SSHv2
with AES and
HMAC)
KTS-Wrap KTS via SSHv2
service by using
AES and HMAC
Bit-strength
Caveat:Provides
between 128
and 256 bits of
encryption
strength
AES-CBC:
(A4446)
HMAC-SHA-1:
(A4446)
HMAC-SHA2-
256: (A4446)
SHA-1: (A4446)
SHA2-256:
(A4446)
KTS (SSHv2
with AES-GCM)
KTS-Wrap KTS via SSHv2
service by using
AES-GCM
Bit-strength
Caveat:Provides
between 128
and 256 bits of
encryption
strength
AES-GCM:
(A4446)
RSA KeyGen
(SSHv2,
TLSv1.2, IKEv2)
AsymKeyPair-
KeyGen
CKG
RSA KeyGen for
SSHv2,
TLSv1.2, and
IKEv2 services
RSA KeyGen
(FIPS186-4):
(A4446)
Counter DRBG:
(A4446)
CKG: ()
Page 13 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Type Description Properties Algorithms
ECDSA KeyGen
(SSHv2,
TLSv1.2 and
IKEv2)
AsymKeyPair-
KeyGen
CKG
ECDSA KeyGen
for TLSv1.2 and
IKEv2 services
ECDSA KeyGen
(FIPS186-4):
(A4446)
Counter DRBG:
(A4446)
CKG: ()
RSA SigGen
(SSHv2,
TLSv1.2, IKEv2)
DigSig-SigGen RSA SigGen for
SSHv2,
TLSv1.2, and
IKEv2 services
RSA SigGen
(FIPS186-4):
(A4446)
ECDSA SigGen
(SSHv2,
TLSv1.2 and
IKEv2)
DigSig-SigGen ECDSA SigGen
for TLSv1.2, and
IKEv2 services
ECDSA SigGen
(FIPS186-4):
(A4446)
RSA SigVer
(SSHv2,
TLSv1.2, and
IKEv2)
DigSig-SigVer RSA SigVer for
SSHv2,
TLSv1.2, and
IKEv2 services
RSA SigVer
(FIPS186-4):
(A4446)
ECDSA SigVer
(SSHv2,
TLSv1.2, and
IKEv2)
DigSig-SigVer ECDSA SigVer
for TLSv1.2 and
IKEv2 services
ECDSA SigVer
(FIPS186-4):
(A4446)
Block Cipher
(SSHv2)
BC-Auth
BC-UnAuth
Block Cipher for
SSHv2 service
AES-CBC:
(A4446)
AES-GCM:
(A4446)
Block Cipher
(TLSv1.2)
BC-Auth
BC-UnAuth
Block Cipher for
TLSv1.2 service
AES-GCM:
(A4446)
AES-CBC:
(A4446)
Block Cipher
(IPSec/IKE)
BC-Auth
BC-UnAuth
Block Cipher for
IPSec/IKEv2
service
AES-CBC:
(A4446)
AES-GCM:
(A4446)
Block Cipher
(SNMPv3)
BC-UnAuth Block Cipher for
SNMPv3 service
AES-CBC:
(A4446)
KDF SNMP:
(A4446)
MAC (SSHv2) MAC MAC for SSHv2
service
HMAC-SHA-1:
(A4446)
HMAC-SHA2-
256: (A4446)
SHA-1: (A4446)
SHA2-256:
(A4446)
MAC (TLSv1.2) MAC Message
Authentication
for TLSv1.2
services
HMAC-SHA-1:
(A4446)
HMAC-SHA2-
256: (A4446)
Page 14 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Type Description Properties Algorithms
HMAC-SHA2-
384: (A4446)
SHA-1: (A4446)
SHA2-256:
(A4446)
SHA2-384:
(A4446)
MAC
(IPSec/IKEv2)
MAC Message
Authentication
for IPSec/IKEv2
services
HMAC-SHA2-
256: (A4446)
HMAC-SHA2-
384: (A4446)
HMAC-SHA2-
512: (A4446)
SHA2-256:
(A4446)
SHA2-384:
(A4446)
SHA2-512:
(A4446)
MAC (SNMPv3) MAC Message
Authentication
for SNMPv3
service
HMAC-SHA-1:
(A4446)
SHA-1: (A4446)
KDF SNMP:
(A4446)
HMAC-SHA2-
256: (A4446)
HMAC-SHA2-
384: (A4446)
SHA2-256:
(A4446)
SHA2-384:
(A4446)
HMAC-SHA2-
224: (A4446)
SHA2-224:
(A4446)
Firmware Load
Test
MAC MAC for
firmware load
test
HMAC-SHA2-
512: (A4446)
Table 6: Security Function Implementations
2.7 Algorithm Specific Information
• The module’s AES-GCM implementation conforms to Implementation Guidance C.H
scenario #1 following RFC 5288 for TLS. The module is compatible with TLSv1.2 and
provides support for the acceptable GCM cipher suites from SP 800-52 Rev1, Section
3.3.1. The operations of one of the two parties involved in the TLS key establishment
Page 15 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
scheme were performed entirely within the cryptographic boundary of the module being
validated. The counter portion of the IV is set by the module within its cryptographic
boundary. When the IV exhausts the maximum number of possible values for a given
session key, the first party, client or server, to encounter this condition will trigger a
handshake to establish a new encryption key. The keys for the client and server
negotiated in the TLSv1.2 handshake process (client_write_key and server_write_key)
are compared and the module aborts the session if the key values are identical. In case
the module’s power is lost and then restored, a new key for use with the AES GCM
encryption/decryption shall be established.
• The module uses RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED
from which the AES GCM encryption keys are derived. When the IV exhausts the
maximum number of possible values for a given session key, the first party, client or
server, to encounter this condition will trigger a handshake to establish a new encryption
key. Two keys established by IKEv2 for one security association (one key for encryption
in each direction between the parties) are not identical and abort the session if they are.
In case the module’s power is lost and then restored, a new key for use with the AES
GCM encryption/decryption shall be established.
• The module was algorithm tested based on the FIPS 186-4 standard for Digital
Signatures. According to IG C.K, this module is 186-5 compliant as all 186-4 CAVP tests
performed are mathematically identical to the 186-5 CAVP tests. The Module does not
support 186-4 DSA or RSA X9.31 for Signature Generation or Signature Verification.
2.8 RBG and Entropy
Cert
Number
Vendor Name
E3 Cisco Systems, Inc.
Table 7: Entropy Certificates
Name Type Operational Environment Sample
Size
Entropy
per
Sample
Conditioning
Component
Cisco Jitter
Entropy
Source
Non-
Physical
Intel Atom C3558
(Goldmont), Intel Atom
C3858 (Goldmont), Intel
Atom C3958 (Goldmont)
256 bits Full
Entropy
A2810 (SHA3-
256)
Table 8: Entropy Sources
The module implements an approved DRBG based on SP800-90Ar1, including CTR_DRBG
with Algo Cert. #A4446.
The DRBG is used internally by the module (e.g. to generate symmetric keys, seeds for
asymmetric key pairs, and random numbers for security functions).
The DRBG is seeded by the entropy source described in the table above. The CTR_DRBG
(AES-128/192/256) enables Derivation Function capability. Each DRBG is instantiated with a
Page 16 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
384-bits long entropy input (corresponding to 384 bits of entropy) and provides at least 256 bits
security strength for the cryptographic keys generation while in the approved mode.
The Cisco JENT entropy source implementation generates an output that is considered to have
full entropy. More information can be found in the public use document for ESV Cert. #E3.
2.9 Key Generation
The module generates RSA, ECDSA, ECDH, and DH asymmetric key pairs compliant with FIPS
186-4, using a NIST SP 800-90Arev1 DRBG for random number generation. In accordance with
FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section
5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an
approved DRBG. The random bit string supports the required security strength requested by the
calling application (without any V, as described in Additional Comments 2 of IG D.H.).
2.10 Key Establishment
The module provides the following key/SSP establishment services in the approved mode of
operation:
• KAS-FFC Shared Secret Computation:
- The module provides SP800-56Arev3 compliant key establishment according to
FIPS 140-3 IG D.F scenario 2 path (2) with KAS-FFC shared secret computation.
The shared secret computation provides between 112 and 152 bits of encryption
strength.
- The module supports the use of the safe primes defined in RFC 4419 (SSH), RFC
7919 (TLS) and RFC 3526 (IKE).
SSH (RFC 4419):
MODP-2048 (ID = 14)
MODP-3072 (ID = 15)
MODP-4096 (ID = 16)
TLS (RFC 7919):
ffdhe2048 (ID = 256)
ffdhe3072 (ID = 257)
ffdhe4096 (ID = 258)
IKE (RFC 3526):
MODP-2048 (ID = 14)
MODP-3072 (ID = 15)
MODP-4096 (ID = 16)
• KAS-ECC Shared Secret Computation:
- The module provides SP800-56Arev3 compliant key establishment according to
FIPS 140-3 IG D.F scenario 2 path (2) with KAS-ECC shared secret computation.
The shared secret computation provides between 128 and 256 bits of encryption
strength.
Page 17 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
2.11 Industry Protocols
The module supports SSHv2, TLS v1.2, SNMPv3 and IPsec/IKEv2 industrial protocols. Please
refer to the Security Function Implementations Table for more information. No parts of
IPSec/IKEv2, SNMPv3, SSH and TLS protocols, other than the KDFs, have been tested by the
CAVP and CMVP.
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces
Physical Port Logical
Interface(s)
Data That Passes
Ethernet Port, SFP
port, and Console
Port
Data Input Data input into the module for all the services defined
in Approved Services Table, including TLSv1.2,
SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP
port, and Console
Port
Data Output Data output from the module for all the services
defined in Approved Services Table, including
TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service
data.
Ethernet Port, SFP
port, Console Port
and RESET
Control
Input
Control Data input into the module for all the services
defined in Approved Services Table, including
TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service
data.
Ethernet Port, SFP
port, Console Port
and LEDs
Status
Output
Status Information output from the module.
N/A Control
Output
N/A
Power Power Provide the Power Supply to the module.
Table 9: Ports and Interfaces
The module’s physical perimeter encompasses the case of the tested platform mentioned in
Table 2. The module provides physical ports which are mapped to logical interfaces provided
by the module (data input, data output, control input, control output and status output) as above.
The module’s data output interface will be disabled when performing pre-operational self-tests,
loading new firmware, zeroizing keys, or when in an error state.
4 Roles, Services, and Authentication
4.1 Authentication Methods
Method
Name
Description Security
Mechanism
Strength
Each Attempt
Strength per Minute
Password The minimum length is
eight (8) characters (94
possible characters).
Password
Based
The probability
that a random
attempt will
The probability of
successfully
authenticating to the
Page 18 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Method
Name
Description Security
Mechanism
Strength
Each Attempt
Strength per Minute
The configuration
supports at most ten
failed attempts to
authenticate in a one-
minute period.
succeed or a
false
acceptance
will occur is
1/(94^8) which
is less than
1/1,000,000.
module within one
minute is 10/(94^8),
which is less than
1/100,000.
RSA-
Based
Certificate
The modules support
RSA public-key based
authentication
mechanism using a
minimum of RSA 2048
bits, which provides 112
bits of security strength.
The probability that a
random attempt will
succeed is 1/(2^112)
which is less than
1/1,000,000. For
multiple attacks during a
one-minute period, as
the module at its highest
can support at most
17,000 new sessions
per second to
authenticate in a one-
minute period, the
probability of
successfully
authenticating to the
module within a one
minute period is 17,000
* 60 =
1,020,000/(2^112),
which is less than
1/100,000.
RSA SigVer
(FIPS186-4)
(A4446)
The probability
that a random
attempt will
succeed is
1/(2^112).
Please refer to
Description
section in this
table for more
details
the probability of
successfully
authenticating to the
module within a one
minute period is
17,000 * 60 =
1,020,000/(2^112).
Please refer to
Description section in
this table for more
details
ECDSA-
Based
Certificate
The modules support
ECDSA public-key
based authentication
mechanism using a
minimum of curve P-
256, which provides 128
bits of security strength.
The probability that a
random attempt will
succeed is 1/(2^128)
which is less than
1/1,000,000. For
multiple attacks during a
ECDSA
SigVer
(FIPS186-4)
(A4446)
The probability
that a random
attempt will
succeed is
1/(2^128)
which is less
than
1/1,000,000.
Please refer to
Description
section in this
table for more
details
the probability of
successfully
authenticating to the
module within a one
minute period is
17,000 * 60 =
1,020,000/(2^128).
Please refer to
Description section in
this table for more
details
Page 19 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Method
Name
Description Security
Mechanism
Strength
Each Attempt
Strength per Minute
one-minute period, as
the module at its highest
can support at most
17,000 new sessions
per second to
authenticate in a one-
minute period, the
probability of
successfully
authenticating to the
module within a one
minute period is 17,000
* 60 =
1,020,000/(2^128),
which is less than
1/100,000.
Table 10: Authentication Methods
The module implements identity-based authentication. The module supports Crypto Officer role
and the User role. The module also allows the concurrent operators.
4.2 Roles
Name Type Operator Type Authentication Methods
Crypto Officer Identity CO Password
RSA-Based Certificate
ECDSA-Based Certificate
User Identity User Password
RSA-Based Certificate
ECDSA-Based Certificate
Table 11: Roles
4.3 Approved Services
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Show
Status
Provide
Module's
current
status
(return
codes
and/or
syslog
messages)
N/A Command
used to
show
Module's
Status
Module's
Operationa
l Status
None Crypto
Officer
User
Page 20 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Show
Version
Provide
Module's
name and
version
information
N/A Command
to show
version
Module's
ID and
versioning
information
None Crypto
Officer
User
Perform
Self-Tests
Perform
Self-Tests
(Pre-
operational
self-test
and
Conditional
Self-Tests)
Global
Indicator
or syslog
message
Command
to trigger
Self-Test
Status of
the self-
tests
results
None Crypto
Officer
User
Unauthentic
ated
Perform
Zeroization
Perform
Zeroization
Syslog
message
Command
to zeroize
the module
Status of
the SSPs
zeroization
None Crypto
Officer
- DRBG
Entropy
Input: Z
- DRBG
Seed: Z
- DRBG
Internal
State (V,
Key): Z
- User
Password: Z
- Crypto
Officer
Password: Z
- RADIUS
Secret: Z
- Firmware
Load Test
Key: Z
- SSH DH
Private Key:
Z
- SSH DH
Public Key:
Z
- SSH Peer
DH Public
Key: Z
- SSH DH
Shared
Secret: Z
- SSH ECDH
Private Key:
Z
Page 21 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
- SSH ECDH
Public Key:
Z
- SSH Peer
ECDH
Public Key:
Z
- SSH ECDH
Shared
Secret: Z
- SSH RSA
Private Key:
Z
- SSH RSA
Public Key:
Z
- SSH
ECDSA
Private Key:
Z
- SSH
ECDSA
Public Key:
Z
- SSH
Session
Encryption
Key: Z
- SSH
Session
Authenticatio
n Key: Z
- TLS DH
Private Key:
Z
- TLS DH
Public Key:
Z
- TLS Peer
DH Public
Key: Z
- TLS DH
Shared
Secret: Z
- TLS ECDH
Private Key:
Z
- TLS ECDH
Public Key:
Page 22 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Z
- TLS Peer
ECDH
Public Key:
Z
- TLS ECDH
Shared
Secret: Z
- TLS
ECDSA
Private Key:
Z
- TLS
ECDSA
Public Key:
Z
- TLS RSA
Private Key:
Z
- TLS RSA
Public Key:
Z
- TLS Master
Secret: Z
- TLS
Session
Encryption
Key: Z
- TLS
Session
Authenticatio
n Key: Z
- IPSec/IKE
DH Private
Key: Z
- IPSec/IKE
DH Public
Key: Z
- IPSec/IKE
Peer DH
Public Key:
Z
- IPSec/IKE
DH Shared
Secret: Z
- IPSec/IKE
ECDH
Private Key:
Z
Page 23 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
- IPSec/IKE
ECDH
Public Key:
Z
- IPSec/IKE
Peer ECDH
Public Key:
Z
- IPSec/IKE
ECDH
Shared
Secret: Z
- IPSec/IKE
ECDSA
Private Key:
Z
- IPSec/IKE
ECDSA
Public Key:
Z
- IPSec/IKE
RSA Private
Key: Z
- IPSec/IKE
RSA Public
Key: Z
- IPSec/IKE
Pre-shared
Secret: Z
-
SKEYSEED:
Z
- IPSec/IKE
Session
Encryption
Key: Z
- IPSec/IKE
Authenticatio
n Key: Z
- SNMPv3
Shared
Secret: Z
- SNMPv3
Encryption
Key: Z
- SNMPv3
Authenticatio
n Key: Z
Page 24 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Configure
Network
Configure
Module's
Network
None Command
s to
configure
the
network
Status of
the
completion
of network
configurati
on status
None Crypto
Officer
Account
Manageme
nt
Manage
User
Account
N/A Command
s to create
User
account
Account
status
None Crypto
Officer
- User
Password:
W,Z
- Crypto
Officer
Password:
W,Z
Crypto
Officer
Authenticat
ion
CO Role
Authenticat
ion
N/A CO
Authenticat
ion
Request
Status of
the CO
authenticat
ion
None Crypto
Officer
- Crypto
Officer
Password:
W,Z
User
Authenticat
ion
User Role
Authenticat
ion
N/A User role
authenticat
ion request
Status of
the User
role
authenticat
ion
None User
- User
Password:
W,Z
Configure
SSHv2
Function
Configure
SSHv2
Function
Global
Indicator
and
SSHv2
configurat
ion
success
status
message
Command
s to
configure
SSHv2
Status of
the
completion
of the
SSHv2
configurati
on
KAS-ECC-
KeyGen
(SSHv2)
KAS-FFC-
KeyGen
(SSHv2)
KAS-ECC
(SSHv2)
KAS-FFC
(SSHv2)
KTS
(SSHv2
with AES
and
HMAC)
KTS
(SSHv2
with AES-
GCM)
RSA
KeyGen
(SSHv2,
Crypto
Officer
- SSH DH
Private Key:
G,W,E
- SSH DH
Public Key:
G,R,W
- SSH Peer
DH Public
Key: W,E
- SSH DH
Shared
Secret:
G,W,E
- SSH ECDH
Private Key:
G,W,E
- SSH ECDH
Public Key:
G,R,W
- SSH Peer
Page 25 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
TLSv1.2,
IKEv2)
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
SigGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
ECDSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
Block
Cipher
(SSHv2)
MAC
(SSHv2)
ECDH
Public Key:
W,E
- SSH ECDH
Shared
Secret:
G,W,E
- SSH RSA
Private Key:
G,W,E
- SSH RSA
Public Key:
G,R,W
- SSH
ECDSA
Private Key:
G,W,E
- SSH
ECDSA
Public Key:
G,R,W
- SSH
Session
Encryption
Key: G,W,E
- SSH
Session
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
- DRBG
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
Configure
HTTPS
over
TLSv1.2
Function
Configure
HTTPS
over
TLSv1.2
Function
Global
Indicator
and
HTTPS
over
TLSv1.2
configurat
ion
success
Command
s to
configure
TLSv1.2
Status of
the
completion
of TLSv1.2
configurati
on
KAS-ECC-
KeyGen
(TLSv1.2)
KAS-FFC-
KeyGen
(TLSv1.2)
KAS-ECC
(TLSv1.2)
KAS-FFC
Crypto
Officer
- TLS DH
Private Key:
G,W,E
- TLS DH
Public Key:
G,R,W
- TLS Peer
Page 26 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
status
message
(TLSv1.2)
KTS
(TLSv1.2
with AES
and
HMAC)
KTS
(TLSv1.2
with AES-
GCM)
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
SigGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
ECDSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
Block
Cipher
(TLSv1.2)
MAC
(TLSv1.2)
DH Public
Key: W,E
- TLS DH
Shared
Secret:
G,W,E
- TLS ECDH
Private Key:
G,W,E
- TLS ECDH
Public Key:
G,R,W
- TLS Peer
ECDH
Public Key:
W,E
- TLS ECDH
Shared
Secret:
G,W,E
- TLS
ECDSA
Private Key:
G,W,E
- TLS
ECDSA
Public Key:
G,R,W
- TLS RSA
Private Key:
G,W,E
- TLS RSA
Public Key:
G,R,W
- TLS Master
Secret:
G,W,E
- TLS
Session
Encryption
Key: G,W,E
- TLS
Session
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
Page 27 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
- DRBG
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
Configure
IPsec/IKEv
2 Function
Configure
IPSec/IKEv
2 Function
Global
Indicator
with
IPsec/IKE
v2
configurat
ion
success
status
message
Command
s to
configure
IPsec/IKEv
2
Status of
the
completion
of
IPsec/IKEv
2
configurati
on
KAS-ECC-
KeyGen
(IKEv2)
KAS-FFC-
KeyGen
(IKEv2)
KAS-ECC
(IKEv2)
KAS-FFC
(IKEv2)
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
SigGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
ECDSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
Block
Cipher
Crypto
Officer
- IPSec/IKE
DH Private
Key: G,W,E
- IPSec/IKE
DH Public
Key: G,R,W
- IPSec/IKE
Peer DH
Public Key:
W,E
- IPSec/IKE
DH Shared
Secret:
G,W,E
- IPSec/IKE
ECDH
Private Key:
G,W,E
- IPSec/IKE
ECDH
Public Key:
G,R,W
- IPSec/IKE
Peer ECDH
Public Key:
W,E
- IPSec/IKE
ECDH
Shared
Secret:
G,W,E
- IPSec/IKE
ECDSA
Private Key:
G,W,E
- IPSec/IKE
ECDSA
Public Key:
G,R,W
- IPSec/IKE
Page 28 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
(IPSec/IKE
)
MAC
(IPSec/IKE
v2)
RSA Private
Key: G,W,E
- IPSec/IKE
RSA Public
Key: G,R,W
- IPSec/IKE
Pre-shared
Secret:
G,W,E
-
SKEYSEED:
G,W,E
- IPSec/IKE
Session
Encryption
Key: G,W,E
- IPSec/IKE
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
- DRBG
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
Configure
SNMPv3
Function
Configure
SNMPv3
Function
Global
Indicator
and
SNMPv3
configurat
ion
success
status
message
Command
s to
configure
SNMPv3
Status of
the
completion
of
SNMPv3
configurati
on
Block
Cipher
(SNMPv3)
MAC
(SNMPv3)
Crypto
Officer
- SNMPv3
Shared
Secret: W,E
- SNMPv3
Encryption
Key: G,W,E
- SNMPv3
Authenticatio
n Key:
G,W,E
Run
SSHv2
Function
Execute
SSHv2
Function
Global
Indicator
and
successfu
l SSHv2
log
message
Initiate
SSHv2
tunnel
establishm
ent
Status of
SSHv2
tunnel
establishm
ent
KAS-ECC-
KeyGen
(SSHv2)
KAS-FFC-
KeyGen
(SSHv2)
KAS-ECC
Crypto
Officer
- SSH DH
Private Key:
G,W,E
- SSH DH
Public Key:
Page 29 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
(SSHv2)
KAS-FFC
(SSHv2)
KTS
(SSHv2
with AES
and
HMAC)
KTS
(SSHv2
with AES-
GCM)
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
SigGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
ECDSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
Block
Cipher
(SSHv2)
MAC
(SSHv2)
G,R,W
- SSH Peer
DH Public
Key: W,E
- SSH DH
Shared
Secret:
G,W,E
- SSH ECDH
Private Key:
G,W,E
- SSH ECDH
Public Key:
G,R,W
- SSH Peer
ECDH
Public Key:
W,E
- SSH ECDH
Shared
Secret:
G,W,E
- SSH RSA
Private Key:
G,W,E
- SSH RSA
Public Key:
G,R,W
- SSH
ECDSA
Private Key:
G,W,E
- SSH
ECDSA
Public Key:
G,R,W
- SSH
Session
Encryption
Key: G,W,E
- SSH
Session
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
- DRBG
Page 30 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
User
- SSH DH
Private Key:
G,W,E
- SSH DH
Public Key:
G,R,W
- SSH Peer
DH Public
Key: W,E
- SSH DH
Shared
Secret:
G,W,E
- SSH ECDH
Private Key:
G,W,E
- SSH ECDH
Public Key:
G,R,W
- SSH Peer
ECDH
Public Key:
W,E
- SSH ECDH
Shared
Secret:
G,W,E
- SSH RSA
Private Key:
E
- SSH RSA
Public Key:
R
- SSH
ECDSA
Private Key:
E
- SSH
ECDSA
Public Key:
R
- SSH
Page 31 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Session
Encryption
Key: G,W,E
- SSH
Session
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
- DRBG
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
Run
HTTPS
over
TLSv1.2
Function
Execute
HTTPS
over
TLSv1.2
function
Global
Indicator
and
successfu
l HTTPS
over
TLSv1.2
log
message
Initiate
TLSv1.2
tunnel
establishm
ent request
Status of
TLSv1.2
tunnel
establishm
ent
KAS-ECC-
KeyGen
(TLSv1.2)
KAS-FFC-
KeyGen
(TLSv1.2)
KAS-ECC
(TLSv1.2)
KAS-FFC
(TLSv1.2)
KTS
(TLSv1.2
with AES
and
HMAC)
KTS
(TLSv1.2
with AES-
GCM)
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigGen
Crypto
Officer
- TLS DH
Private Key:
G,W,E
- TLS DH
Public Key:
G,R,W
- TLS Peer
DH Public
Key: W,E
- TLS DH
Shared
Secret:
G,W,E
- TLS ECDH
Private Key:
G,W,E
- TLS ECDH
Public Key:
G,R,W
- TLS Peer
ECDH
Public Key:
W,E
- TLS ECDH
Shared
Secret:
G,W,E
- TLS
ECDSA
Page 32 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
SigGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
ECDSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
Block
Cipher
(TLSv1.2)
MAC
(TLSv1.2)
Private Key:
G,W,E
- TLS
ECDSA
Public Key:
G,R,W
- TLS RSA
Private Key:
G,W,E
- TLS RSA
Public Key:
G,R,W
- TLS Master
Secret:
G,W,E
- TLS
Session
Encryption
Key: G,W,E
- TLS
Session
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
- DRBG
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
User
- TLS DH
Private Key:
G,W,E
- TLS DH
Public Key:
G,R,W
- TLS Peer
DH Public
Key: W,E
- TLS DH
Shared
Secret:
G,W,E
- TLS ECDH
Page 33 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Private Key:
G,W,E
- TLS ECDH
Public Key:
G,R,W
- TLS Peer
ECDH
Public Key:
W,E
- TLS ECDH
Shared
Secret:
G,W,E
- TLS
ECDSA
Private Key:
E
- TLS
ECDSA
Public Key:
R
- TLS RSA
Private Key:
E
- TLS RSA
Public Key:
R
- TLS Master
Secret:
G,W,E
- TLS
Session
Encryption
Key: G,W,E
- TLS
Session
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
- DRBG
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
Page 34 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Run
IPSec/IKEv
2 Function
Execute
IPsec/IKEv
2 Function
Global
Indicator
and
succesful
IPsec/IKE
v2 log
message
Initiate
IPsec/IKEv
2 tunnel
establishm
ent request
Status of
IPSec/IKE
v2 tunnel
establishm
ent
KAS-ECC-
KeyGen
(IKEv2)
KAS-FFC-
KeyGen
(IKEv2)
KAS-ECC
(IKEv2)
KAS-FFC
(IKEv2)
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigGen
(SSHv2,
TLSv1.2,
IKEv2)
ECDSA
SigGen
(SSHv2,
TLSv1.2
and IKEv2)
RSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
ECDSA
SigVer
(SSHv2,
TLSv1.2,
and IKEv2)
Block
Cipher
(IPSec/IKE
)
MAC
(IPSec/IKE
v2)
Crypto
Officer
- IPSec/IKE
DH Private
Key: G,W,E
- IPSec/IKE
DH Public
Key: G,R,W
- IPSec/IKE
Peer DH
Public Key:
W,E
- IPSec/IKE
DH Shared
Secret:
G,W,E
- IPSec/IKE
ECDH
Private Key:
G,W,E
- IPSec/IKE
ECDH
Public Key:
G,R,W
- IPSec/IKE
Peer ECDH
Public Key:
W,E
- IPSec/IKE
ECDH
Shared
Secret:
G,W,E
- IPSec/IKE
ECDSA
Private Key:
G,W,E
- IPSec/IKE
ECDSA
Public Key:
G,R,W
- IPSec/IKE
RSA Private
Key: G,W,E
- IPSec/IKE
RSA Public
Key: G,R,W
- IPSec/IKE
Pre-shared
Page 35 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
Secret:
G,W,E
-
SKEYSEED:
G,W,E
- IPSec/IKE
Session
Encryption
Key: G,W,E
- IPSec/IKE
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
- DRBG
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
User
- IPSec/IKE
DH Private
Key: G,W,E
- IPSec/IKE
DH Public
Key: G,R,W
- IPSec/IKE
Peer DH
Public Key:
W,E
- IPSec/IKE
DH Shared
Secret:
G,W,E
- IPSec/IKE
ECDH
Private Key:
G,W,E
- IPSec/IKE
ECDH
Public Key:
G,R,W
- IPSec/IKE
Peer ECDH
Public Key:
Page 36 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
W,E
- IPSec/IKE
ECDH
Shared
Secret:
G,W,E
- IPSec/IKE
ECDSA
Private Key:
E
- IPSec/IKE
ECDSA
Public Key:
R
- IPSec/IKE
RSA Private
Key: E
- IPSec/IKE
RSA Public
Key: R
- IPSec/IKE
Pre-shared
Secret:
G,W,E
-
SKEYSEED:
G,W,E
- IPSec/IKE
Session
Encryption
Key: G,W,E
- IPSec/IKE
Authenticatio
n Key:
G,W,E
- DRBG
Entropy
Input: G,W,E
- DRBG
Seed:
G,W,E
- DRBG
Internal
State (V,
Key): G,W,E
Run
SNMPv3
Function
Execute
SNMPv3
Function
Global
Indicator
and
successfu
Initiate
SNMPv3
tunnel
Status of
SNMPv3
tunnel
Block
Cipher
(SNMPv3)
Crypto
Officer
- SNMPv3
Shared
Page 37 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Descriptio
n
Indicator Inputs Outputs Security
Functions
SSP Access
l SNMPv3
log
message
establishm
ent request
establishm
ent
MAC
(SNMPv3)
Secret: W,E
- SNMPv3
Encryption
Key: G,W,E
- SNMPv3
Authenticatio
n Key:
G,W,E
User
- SNMPv3
Shared
Secret: W,E
- SNMPv3
Encryption
Key: G,W,E
- SNMPv3
Authenticatio
n Key:
G,W,E
Firmware
Update
Update the
existing
firmware
image
Global
indicator
and
successfu
l
Firmware
Loading
status
message
Command
s to load
new
firmware
image
Outcome
of the
Firmware
Load Test
Firmware
Load Test
Crypto
Officer
- Firmware
Load Test
Key: R
Table 12: Approved Services
4.4 Non-Approved Services
N/A for this module.
4.5 External Software/Firmware Loaded
The module supports the firmware load test by using HMAC-SHA2-512 (HMAC Cert. #A4446)
for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was
preloaded to the module’s binary at the factory and used for firmware load test. In order to
complete the firmware update service, the Crypto Officer must authenticate to the module
before loading the firmware. This ensures that unauthorized access and use of the module is
not performed. The module will load the new update upon reboot. The update attempt will be
rejected if the verification fails. Any firmware loaded into the module that is not shown on the
module certificate, is out of the scope of this validation and requires a separate FIPS 140-3
validation.
Page 38 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
4.6 Cryptographic Output Actions and Status
The module implements Self-initiated cryptographic output capability without external operator
request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to
executing the self-initiated cryptographic output capability, the module conducts two
independent internal actions to activate the capability to prevent the inadvertent output due to a
single error.
4.7 Additional Information
The module supports Unauthenticated service, where the unauthenticated users can run the
self-test service by power-cycling the module.
5 Software/Firmware Security
5.1 Integrity Techniques
The module is provided in the form of binary executable code. To ensure firmware security, the
module is protected by RSA 2048 bits with SHA2-512 (RSA Cert. #A4446) algorithm. A
Firmware Integrity Test Key (non-SSP) was preloaded to the module’s binary at the factory and
used for firmware integrity test only at the pre-operational self-test. The module uses the RSA
2048 bits modulus public key to verify the digital signature. If the firmware integrity test fails, the
module would enter to an Error state with all crypto functionality inhibited.
5.2 Initiate on Demand
Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed
at power-on. The operator can power-cycle or reboot the tested platform to initiate the firmware
integrity test on-demand.
6 Operational Environment
6.1 Operational Environment Type and Requirements
Type of Operational Environment: Limited
7 Physical Security
7.1 Mechanisms and Actions Required
Mechanism Inspection
Frequency
Inspection Guidance
Tamper labels (4 or 10) with Part
number: AIR-AP-FIPSKIT=
Recommend 30
Days
Visible inspection of platform for
residual evidence of tampering
Page 39 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Mechanism Inspection
Frequency
Inspection Guidance
Opacity shield (1) with Part number:
800-106088-01 or FPR1K-RM-FIPS-
KIT
Recommend 30
Days
Visible inspection of platform for
evidence of tampering, removal or
access
Production grade components N/A N/A
Table 13: Mechanisms and Actions Required
The module utilizes a production-grade enclosure and removable cover along with tamper
evidence labels as the physical security mechanisms.
Appling Tamper Evidence Labels
Step 1: Turn off and unplug the module.
Step 2: Clean the chassis of any grease, dirt, oil or any other material other than the surface
coating from manufacture before applying the tamper evident labels. Alcohol-based cleaning
pads are recommended for this purpose.
Step 3: Apply a label to cover the module as shown in the figures below.
The tamper evident labels are produced from a special thin gauge vinyl with self-adhesive
backing. Any attempt to open the module will damage the tamper evident labels or the material
of the security appliance cover. Because the tamper evident labels have non-repeated serial
numbers, they may be inspected for damage and compared against the applied serial numbers
to verify that the security appliance has not been tampered with. Tamper evident labels can
also be inspected for signs of tampering, which include the following: curled corners, rips, and
slices. The word “FIPS” may appear if the label was peeled back.
7.2 User Placed Tamper Seals
Number: FOUR (4) or Ten (10)
FPR-1010 Placement:
Figure 3: FPR-1010 Front view
Page 40 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Figure 4: FPR-1010 Back view
Figure 5: FPR-1010 Left view
Figure 6: FPR-1010 Right view
TEL 1
Page 41 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Figure 7: FPR-1010 Top View
Figure 8: FPR-1010 Bottom view
TEL 2
TEL 3
TEL 4
Page 42 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
FPR-1120/1140/1150 Placement:
Figure 9: FPR-1140 Front View
Figure 10: FPR-1140 Rear View
Figure 11: FPR-1140 Left View
Figure 12: FPR-1140 Right View
TEL 1 TEL 2 TEL 3
TEL 4
TEL 5
Page 43 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Figure 13: FPR-1140 Top View
TEL 5
TEL 6
TEL 1
TEL 4
TEL 7
TEL 3
TEL 2
Page 44 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Figure 14: FPR-1140 Bottom View
Surface Preparation: Clean the chassis of any grease, dirt, or oil before applying the tamper
evident labels. Alcohol-based cleaning pads are recommended for this purpose.
Operator Responsible for Securing Unused Seals: It is recommended seals be stored in a
secure location under controlled access
Part Numbers: AIR-AP-FIPSKIT=
7.3 Filler Panels
FPR1010 Opacity Shield
800-106088-01
Step 1: Slide the 1010 into the opacity case
Step 2: Add three screws to bottom of opacity into the 1010 or 1010E.
TEL 8
TEL 9
TEL 10
Page 45 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
FPR1120, 1140 and 1150 Opacity Shield
FPR1K-RM-FIPS-KIT
Step 1: Attach the Slide Rail Locking Bracket, #2 in diagram to the Side of the Chassis using the
countersink screws #3 in diagram.
Step 2: Attach the Cable Management Bracket (#1) to the Slide Rail Locking Bracket (#2) using the
countersink screws (#3)
Page 46 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Step 3: Route the Cables through the Cable Management Brackets
Step 4: Attach the FIPS Opacity Shield (#1) to the Cable Management Brackets (#3) using the
countersink screws (#2)
8 Non-Invasive Security
N/A for this module.
9 Sensitive Security Parameters Management
9.1 Storage Areas
Storage
Area
Name
Description Persistence
Type
DRAM Volatile Memory Dynamic
Flash Non-Volatile Memory Static
Table 14: Storage Areas
9.2 SSP Input-Output Methods
Name From To Format
Type
Distributio
n Type
Entry
Type
SFI or
Algorith
m
Peer Public Key
Input
External
(Outside
of the
Module Plaintext Automated Electroni
c
Page 47 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name From To Format
Type
Distributio
n Type
Entry
Type
SFI or
Algorith
m
Module's
Boundary
)
Module Public
Key Output
Module External
(Outside
of the
Module's
Boundary
)
Plaintext Automated Electroni
c
Password/Secre
t Input via
SSHv2
encrypted by
GCM
External
(Outside
of the
Module's
Boundary
)
Module Encrypte
d
Automated Electroni
c
KTS
(SSHv2
with AES-
GCM)
Password/Secre
t Input via
SSHv2
encrypted by
AES and HMAC
External
(Outside
of the
Module's
Boundary
)
Module Encrypte
d
Automated Electroni
c
KTS
(SSHv2
with AES
and
HMAC)
Password/Secre
t Input via TLS
encrypted by
GCM
External
(Outside
of the
Module's
Boundary
)
Module Encrypte
d
Automated Electroni
c
KTS
(TLSv1.2
with AES-
GCM)
Password/Secre
t Input via TLS
encrypted by
AES and HMAC
External
(Outside
of the
Module's
Boundary
)
Module Encrypte
d
Automated Electroni
c
KTS
(TLSv1.2
with AES
and
HMAC)
Table 15: SSP Input-Output Methods
9.3 SSP Zeroization Methods
Zeroization
Method
Description Rationale Operator
Initiation
Zeroization
Command
CO issues
zeroization service
the zeroization command will
erase all SSPs stored in the
DRAM or in the Flash of the
module.
CO issues
command
'configure factory-
default'
Page 48 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Zeroization
Method
Description Rationale Operator
Initiation
Session
termination
Zeroization upon
session
termination
Session termination will
automatically zeroize all session
based temporary SSPs
Terminate session
Reboot Zeroization upon
rebooting the
module
Reboot to zeroize all temporary
SSPs stored in Module's DRAM
Reboot
Table 16: SSP Zeroization Methods
Performing the zeroization command will explicitly zeroize the module returning the “Factory-
default configuration is completed" status message upon completion.
Please note that the Firmware Load Test Key is only used for Firmware Load Test
Authentication and not subject to the zeroization requirement.
9.4 SSPs
Name Description Size -
Strength
Type -
Category
Generat
ed By
Establish
ed By
Used By
DRBG
Entropy
Input
Used to
seed the
DRBG
384 bits -
at least
256 bits
Entropy
Input - CSP
Counter
DRBG
(A4446)
DRBG Seed Used in
DRBG
Generation
256 bits -
256 bits
DRBG Seed
- CSP
Counter
DRBG
(A4446)
DRBG
Internal
State (V,
Key)
Used in
DRBG
Generation
256 bits -
256 bits
DRBG
Internal
State - CSP
Counter
DRBG
(A4446)
User
Password
User
authenticati
on
8-30
Characte
rs - 8-30
Characte
rs
Authenticati
on Data -
CSP
Crypto
Officer
Password
Crypto
Officer
authenticati
on
8-30
Characte
rs - 8-30
Characte
rs
Authenticati
on Data -
CSP
RADIUS
Secret
RADIUS
Server
Authenticati
on
16
Characte
rs - 16
Characte
rs
Authenticati
on Data -
CSP
Firmware
Load Test
Key
Used for
Firmware
Load Test
112 bits -
112 bits
Public Key -
CSP
Firmware
Load Test
Page 49 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Description Size -
Strength
Type -
Category
Generat
ed By
Establish
ed By
Used By
SSH DH
Private Key
Used to
derive the
SSH DH
Shared
Secret
MODP-
2048,
MODP-
3072,
MODP-
4096 -
112-152
bits
Private Key
- CSP
KAS-
FFC-
KeyGen
(SSHv2)
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
SSH DH
Public Key
Used to
derive SSH
DH Shared
Secret
MODP-
2048,
MODP-
3072,
MODP-
4096 -
112-152
bits
Public Key -
PSP
KAS-FFC-
KeyGen
(SSHv2)
SSH Peer
DH Public
Key
Used to
derive SSH
DH Shared
Secret
MODP-
2048,
MODP-
3072,
MODP-
4096 -
112-152
bits
Public Key -
PSP
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
SSH DH
Shared
Secret
Used to
derive SSH
Session
Encryption
Keys, SSH
Session
Authenticati
on Keys
MODP-
2048,
MODP-
3072,
MODP-
4096 -
112-152
bits
Shared
Secret -
CSP
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
KDF SSH
(A4446)
SSH ECDH
Private Key
Used to
derive the
SSH ECDH
Shared
Secret
Curves:
256, 384,
521 bits -
128 to
256 bits
Private Key
- CSP
KAS-
ECC-
KeyGen
(SSHv2)
KAS-ECC-
SSC
Sp800-
56Ar3
(A4446)
SSH ECDH
Public Key
Used to
derive SSH
ECDHE
Shared
Secret
Curves:
256, 384,
521 bits -
128-256
bits
Public Key -
PSP
KAS-ECC-
KeyGen
(SSHv2)
SSH Peer
ECDH
Public Key
Used to
derive SSH
DH Shared
Secret
Curves:
256, 384,
521 bits -
128 to
256 bits
Public Key -
PSP
KAS-ECC-
SSC
Sp800-
56Ar3
(A4446)
Page 50 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Description Size -
Strength
Type -
Category
Generat
ed By
Establish
ed By
Used By
SSH ECDH
Shared
Secret
Used to
derive SSH
Session
Encryption
Keys, SSH
Session
Authenticati
on Keys
Curves:
256, 384,
521 bits -
128 to
256 bits
Shared
Secret -
CSP
KAS-ECC-
SSC
Sp800-
56Ar3
(A4446)
KDF SSH
(A4446)
SSH RSA
Private Key
Used for
SSH
session
authenticati
on
Modulus
2048 and
3072 bits
- 112-
128 bits
Private Key
- CSP
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
RSA
SigGen
(FIPS186-4)
(A4446)
SSH RSA
Public Key
Used for
SSH
sessions
aiuthenticati
on
Modulus
2048 and
3072 bits
- 112-
128 bits
Public Key -
PSP
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
SSH
ECDSA
Private Key
Used for
SSH
session
authenticati
on
Curves:
256, 384,
521 bits -
128 to
256 bits
Private Key
- CSP
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and
IKEv2)
ECDSA
SigGen
(FIPS186-4)
(A4446)
SSH
ECDSA
Public Key
Used for
SSH
sessions
aiuthenticati
on
Curves:
256, 384,
521 bits -
128 to
256 bits
Public Key -
PSP
ECDSA
KeyGen
(FIPS186-
4) (A4446)
SSH
Session
Encryption
Key
Used for
SSH
Session
confidentialit
y protection
128-256
bits -
128-256
bits
Session
Key - CSP
KAS-ECC
(SSHv2)
KAS-FFC
(SSHv2)
Block
Cipher
(SSHv2)
SSH
Session
Authenticati
on Key
Used for
SSH
Session
integrity
protection
160-256
bits -
160-256
bits
Session
Key - CSP
KAS-ECC
(IKEv2)
KAS-FFC
(IKEv2)
MAC
(SSHv2)
TLS DH
Private Key
Used to
Derive TLS
DH Shared
Secret
ffdhe204
8,
ffdhe307
2,
ffdhe409
6 - 112-
152 bits
Private Key
- CSP
KAS-
FFC-
KeyGen
(TLSv1.2
)
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
Page 51 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Description Size -
Strength
Type -
Category
Generat
ed By
Establish
ed By
Used By
TLS DH
Public Key
Used to
Derive TLS
DH Shared
Secret
ffdhe204
8,
ffdhe307
2,
ffdhe409
6 - 112-
152 bits
Public Key -
PSP
KAS-FFC-
KeyGen
(TLSv1.2)
TLS Peer
DH Public
Key
Used to
derive TLS
DH Shared
Secret
ffdhe204
8,
ffdhe307
2,
ffdhe409
6 - 112-
152 bits
Public Key -
PSP
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
TLS DH
Shared
Secret
Used to
Derive TLS
Session
Encryption
Key and
TLS
Session
Authenticati
on Key
ffdhe204
8,
ffdhe307
2,
ffdhe409
6 - 112-
152 bits
Shared
Secret -
CSP
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
TLS v1.2
KDF
RFC7627
(A4446)
TLS ECDH
Private Key
Used to
Derive TLS
ECDH
Shared
Secret
Curves
P-256, P-
384, and
P-521 -
128-256
bits
Private Key
- CSP
KAS-
ECC-
KeyGen
(TLSv1.2
)
KAS-ECC-
SSC
Sp800-
56Ar3
(A4446)
TLS ECDH
Public Key
Used to
Derive TS
ECDH
Shared
Secret
Curves
P-256, P-
384, and
P-521 -
128-256
bits
Public Key -
PSP
KAS-ECC-
KeyGen
(TLSv1.2)
TLS Peer
ECDH
Public Key
Used to
derive IKE
ECDH
Shared
Secret
Curves:
P-256, P-
384, P-
521 -
128-256
bits
Public Key -
PSP
KAS-ECC-
SSC
Sp800-
56Ar3
(A4446)
TLS ECDH
Shared
Secret
Used to
Derive TLS
Session
Encryption
Key and
TLS
Session
Curves
p-256, P-
384, P-
521 -
128-256
bits
Shared
Secret -
CSP
KAS-ECC-
SSC
Sp800-
56Ar3
(A4446)
TLS v1.2
KDF
RFC7627
(A4446)
Page 52 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Description Size -
Strength
Type -
Category
Generat
ed By
Establish
ed By
Used By
Authenticati
on Key
TLS
ECDSA
Private Key
Used to
support CO
and Admin
HTTPS
interfaces
Curves
P-256, P-
384, P-
521 -
128-256
bits
Private Key
- CSP
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and
IKEv2)
ECDSA
SigGen
(FIPS186-4)
(A4446)
TLS
ECDSA
Public Key
Used to
support CO
and User
HTTPS
Interfaces
Curves
P-256, P-
384, P-
521 -
128-256
bits
Public Key -
PSP
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and
IKEv2)
TLS RSA
Private Key
Used to
support CO
and Admin
HTTPS
Interfaces
Modulus
2048 and
3072 bits
- 112-
128 bits
Private Key
- CSP
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
RSA
SigGen
(FIPS186-4)
(A4446)
TLS RSA
Public Key
Used to
support CO
and User
HTTPS
interfaces
Modulus
2048 and
3072 bits
- 112-
128 bits
Public Key -
PSP
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
TLS Master
Secret
Used to
protect
HTTPS
Session.
Pre-master
secret
384 bits -
384 bits
Master
Secret -
CSP
TLS v1.2
KDF
RFC7627
(A4446)
TLS
Session
Encryption
Key
Used to
protect
HTTPS
Session.
TLS Master
secret
128-256
bits -
128-256
bits
Session
Key - CSP
KAS-ECC
(TLSv1.2)
KAS-FFC
(TLSv1.2)
Block
Cipher
(TLSv1.2)
TLS
Session
Authenticati
on Key
Used to
protect
HTTPS
Session.
TLS master
secret
160-384
bits -
160-384
bits
Session
Key - CSP
KAS-ECC
(TLSv1.2)
KAS-FFC
(TLSv1.2)
MAC
(TLSv1.2)
IPSec/IKE
DH Private
Key
Used to
derive
IPSec/IKE
DH Shared
Secret
MODP-
2048,
MODP-
3072,
MODP-
4096 -
Private Key
- CSP
KAS-
FFC-
KeyGen
(IKEv2)
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
Page 53 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Description Size -
Strength
Type -
Category
Generat
ed By
Establish
ed By
Used By
112-152
bits
IPSec/IKE
DH Public
Key
Used to
derive
IPSec/IKE
DH Shared
Secret
MODP-
2048,
MODP-
3072,
MODP-
4096 -
112-152
bits
Public Key -
PSP
KAS-FFC-
KeyGen
(IKEv2)
IPSec/IKE
Peer DH
Public Key
Used to
derive
IPSec/IKE
DH Shared
Secret
MODP-
2048,
MODP-
3072,
MODP-
4096 -
112-152
bits
Public Key -
PSP
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
IPSec/IKE
DH Shared
Secret
Used to
derive
IPSec/IKE
Session
Encryption
Keys,
IPSec/IKE
Authenticati
on Keys
MODP-
2048,
MODP-
3072,
MODP-
4096 -
112-152
bits
Shared
Secret -
CSP
KAS-FFC-
SSC
Sp800-
56Ar3
(A4446)
KDF IKEv2
(A4446)
IPSec/IKE
ECDH
Private Key
Used to
derive
IPSec/IKE
ECDH
Shared
Secrets
Curves
P-256, P-
384, P-
521 -
128-256
bits
Private Key
- CSP
KAS-
ECC-
KeyGen
(IKEv2)
KAS-ECC-
SSC
Sp800-
56Ar3
(A4446)
IPSec/IKE
ECDH
Public Key
Used to
derive
IPSec/IKE
ECDH
Shared
Secrets
Curves
P-256, P-
384, P-
521 -
128-256
bits
Public Key -
PSP
KAS-ECC-
KeyGen
(IKEv2)
IPSec/IKE
Peer ECDH
Public Key
Used to
derive
IPSec/IKE
ECDH
Shared
Secrets
Curves
P-256, P-
384, P-
521 -
128-256
bits
Public Key -
PSP
KAS-ECC-
SSC
Sp800-
56Ar3
(A4446)
IPSec/IKE
ECDH
Used to
derive
IPSec/IKE
Curves
P-256, P-
384, P-
Shared
Secret -
CSP
KAS-ECC-
SSC
Sp800-
KDF IKEv2
(A4446)
Page 54 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Description Size -
Strength
Type -
Category
Generat
ed By
Establish
ed By
Used By
Shared
Secret
ECDH
Shared
Secrets
521 -
128-256
bits
56Ar3
(A4446)
IPSec/IKE
ECDSA
Private Key
Used for
IPSec/IKE
peer
authenticati
on
Curves
P-256, P-
384, P-
521 -
128-256
bits
Private Key
- CSP
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and
IKEv2)
ECDSA
SigGen
(FIPS186-4)
(A4446)
IPSec/IKE
ECDSA
Public Key
Used for
IPSec/IKE
peer
authenticati
on
Curves
P-256, P-
384, P-
521 -
128-256
bits
Public Key -
PSP
ECDSA
KeyGen
(SSHv2,
TLSv1.2
and
IKEv2)
IPSec/IKE
RSA Private
Key
Used for
IPSec/IKE
peer
authenticati
on
Modulus
2048 or
3072 -
112 or
128 bits
Private Key
- CSP
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
RSA
SigGen
(FIPS186-4)
(A4446)
IPSec/IKE
RSA Public
Key
Used for
IPSec/IKE
peer
authenticati
on
Modulus
2048 or
3072 -
112 or
128 bits
Public Key -
PSP
RSA
KeyGen
(SSHv2,
TLSv1.2,
IKEv2)
IPSec/IKE
Pre-shared
Secret
Used for
IPSec/IKE
peer
authenticati
on
16-32
bytes
character
s - 16-32
bytes
character
s
shared
secret -
CSP
SKEYSEED Keying
material
used to
derive the
IPSec/IKE
Session
Encryption
Key and
IPSec/IKE
Authenticati
on Key
160 bits -
160 bits
Keying
Material -
CSP
KDF IKEv2
(A4446)
IPSec/IKE
Session
Encryption
Key
Used to
secure
IPSec/IKEv2
session
128-256
bits -
128-256
bits
Session
Key - CSP
KAS-ECC
(IKEv2)
KAS-FFC
(IKEv2)
Block
Cipher
(IPSec/IKE)
Page 55 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Description Size -
Strength
Type -
Category
Generat
ed By
Establish
ed By
Used By
confidentialit
y
IPSec/IKE
Authenticati
on Key
Used to
secure
IPSec/IKEv2
session
integrity
160-512
bits -
160-512
bits
Session
Key - CSP
KAS-ECC
(IKEv2)
KAS-FFC
(IKEv2)
MAC
(IPSec/IKEv
2)
SNMPv3
Shared
Secret
Used for
SNMPv3
user
authenticati
on
8-32
character
s - N/A
Authenticati
on Secret -
CSP
SNMPv3
Encryption
Key
Used to
protect
SNMPv3
traffic
confidentialit
y
128 bits -
128 bits
Encryption
Key - CSP
KDF
SNMP
(A4446)
Block
Cipher
(SNMPv3)
SNMPv3
Authenticati
on Key
Used to
secure
SNMPv3
traffic
integrity
160-384
bits -
160-384
bits
Authenticati
on Key -
CSP
KDF
SNMP
(A4446)
MAC
(SNMPv3)
Table 17: SSP Table 1
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
DRBG
Entropy
Input
DRAM:Plainte
xt
Until
Reboot
Zeroizatio
n
Command
Session
terminatio
n
Reboot
DRBG
Seed:Used With
DRBG Internal
State (V,
Key):Used With
DRBG Seed DRAM:Plainte
xt
Until
Reboot
Zeroizatio
n
Command
Session
terminatio
n
Reboot
DRBG Entropy
Input:Used With
DRBG Internal
State (V,
Key):Used With
DRBG
Internal
State (V,
Key)
DRAM:Plainte
xt
Until
Reboot
Zeroizatio
n
Command
Session
terminatio
n
Reboot
DRBG Entropy
Input:Used With
DRBG
Seed:Used With
Page 56 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
User
Password
Password/Sec
ret Input via
TLS encrypted
by GCM
Password/Sec
ret Input via
TLS encrypted
by AES and
HMAC
Password/Sec
ret Input via
SSHv2
encrypted by
GCM
Password/Sec
ret Input via
SSHv2
encrypted by
AES and
HMAC
Flash:Encrypt
ed
Zeroizatio
n
Command
Crypto
Officer
Password
Password/Sec
ret Input via
TLS encrypted
by GCM
Password/Sec
ret Input via
TLS encrypted
by AES and
HMAC
Password/Sec
ret Input via
SSHv2
encrypted by
GCM
Password/Sec
ret Input via
SSHv2
encrypted by
AES and
HMAC
Flash:Encrypt
ed
Zeroizatio
n
Command
RADIUS
Secret
Password/Sec
ret Input via
TLS encrypted
by GCM
Password/Sec
ret Input via
TLS encrypted
by AES and
HMAC
Flash:Encrypt
ed
Zeroizatio
n
Command
Page 57 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
Password/Sec
ret Input via
SSHv2
encrypted by
GCM
Password/Sec
ret Input via
SSHv2
encrypted by
AES and
HMAC
Firmware
Load Test
Key
Flash:Plaintex
t
N/A
SSH DH
Private Key
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SSH DH Public
Key:Paired With
SSH Peer DH
Public Key:Used
With
SSH DH
Public Key
Module Public
Key Output
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SSH DH Private
Key:Paired With
SSH Peer
DH Public
Key
Peer Public
Key Input
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SSH DH Private
Key:Used With
SSH DH
Shared
Secret
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SSH DH Private
Key:Derived From
SSH DH Public
Key:Derived From
SSH ECDH
Private Key
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
SSH ECDH
Public Key:Paired
With
SSH Peer ECDH
Public Key:Used
With
Page 58 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
n
Reboot
SSH ECDH
Public Key
Module Public
Key Output
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SSH ECDH
Private
Key:Paired With
SSH Peer
ECDH
Public Key
Peer Public
Key Input
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SSH ECDH
Private Key:Used
With
SSH ECDH
Shared
Secret
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SSH ECDH
Private
Key:Derived From
SSH ECDH
Public
Key:Derived From
SSH RSA
Private Key
Flash:Plaintex
t
Zeroizatio
n
Command
SSH RSA Public
Key:Paired With
SSH RSA
Public Key
Module Public
Key Output
Flash:Plaintex
t
Zeroizatio
n
Command
SSH RSA Private
Key:Paired With
SSH
ECDSA
Private Key
Flash:Plaintex
t
Zeroizatio
n
Command
SSH ECDSA
Public Key:Paired
With
SSH
ECDSA
Public Key
Module Public
Key Output
Flash:Plaintex
t
Zeroizatio
n
Command
SSH ECDSA
Private
Key:Paired With
SSH
Session
Encryption
Key
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SSH Session
Authentication
Key:Used With
SSH
Session
Authenticati
on Key
DRAM:Plainte
xt
While SSH
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
SSH Session
Encryption
Key:Used With
Page 59 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
n
Reboot
TLS DH
Private Key
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS DH Public
Key:Paired With
TLS Peer DH
Public Key:Used
With
TLS DH
Public Key
Module Public
Key Output
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS DH Private
Key:Paired With
TLS Peer
DH Public
Key
Peer Public
Key Input
DRAM:Plainte
xt
while TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS DH Private
Key:Used With
TLS DH
Shared
Secret
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS ECDH
Private
Key:Derived From
TLS Peer ECDH
Public
Key:Derived From
TLS ECDH
Private Key
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS ECDH Public
Key:Paired With
TLS Peer ECDH
Public Key:Used
With
TLS ECDH
Public Key
Module Public
Key Output
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS ECDH
Private
Key:Paired With
TLS Peer
ECDH
Public Key
Peer Public
Key Input
DRAM:Plainte
xt
while TLS
tunnel is
on
Zeroizatio
n
Command
Session
TLS ECDH
Private Key:Used
With
Page 60 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
terminatio
n
Reboot
TLS ECDH
Shared
Secret
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS ECDH
Private
Key:Derived From
TLS Peer ECDH
Public
Key:Derived From
TLS ECDSA
Private Key
Flash:Plaintex
t
Zeroizatio
n
Command
TLS ECDSA
Public Key:Paired
With
TLS ECDSA
Public Key
Module Public
Key Output
Flash:Plaintex
t
Zeroizatio
n
Command
TLS ECDSA
Private
Key:Paired With
TLS RSA
Private Key
Flash:Plaintex
t
Zeroizatio
n
Command
TLS RSA Public
Key:Paired With
TLS RSA
Public Key
Module Public
Key Output
Flash:Plaintex
t
Zeroizatio
n
Command
TLS RSA Private
Key:Paired With
TLS Master
Secret
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS ECDH
Shared
Secret:Derived
From
TLS
Session
Encryption
Key
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS Session
Authentication
Key:Used With
TLS
Session
Authenticati
on Key
DRAM:Plainte
xt
While TLS
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
TLS Session
Encryption
Key:Used With
IPSec/IKE
DH Private
Key
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
IPSec/IKE DH
Public Key:Paired
With
IPSec/IKE Peer
Page 61 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
n
Reboot
DH Public
Key:Used With
IPSec/IKE
DH Public
Key
Module Public
Key Output
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
IPSec/IKE DH
Private
Key:Paired With
IPSec/IKE
Peer DH
Public Key
Peer Public
Key Input
DRAM:Plainte
xt
while
IPSec/IKE
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
IPsec/IKE DH
Private Key:Used
With
IPSec/IKE
DH Shared
Secret
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SKEYSEED:Used
With
IPSec/IKE
ECDH
Private Key
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
IPSec/IKE ECDH
Public Key:Paired
With
IPSec/IKE Peer
ECDH Public
Key:Used With
IPSec/IKE
ECDH
Public Key
Module Public
Key Output
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
IPSec/IKE ECDH
Private
Key:Paired With
IPSec/IKE
Peer ECDH
Public Key
Peer Public
Key Input
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
IPSec/IKE ECDH
Private Key:Used
With
IPSec/IKE
ECDH
Shared
Secret
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
SKEYSEED:Used
With
Page 62 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
terminatio
n
Reboot
IPSec/IKE
ECDSA
Private Key
Flash:Plaintex
t
Zeroizatio
n
Command
IPSec/IKE
ECDSA Public
Key:Paired With
IPSec/IKE
ECDSA
Public Key
Module Public
Key Output
Flash:Plaintex
t
Zeroizatio
n
Command
IPSec/IKE
ECDSA Private
Key:Paired With
IPSec/IKE
RSA Private
Key
Flash:Plaintex
t
Zeroizatio
n
Command
IPSec/IKE RSA
Public Key:Paired
With
IPSec/IKE
RSA Public
Key
Module Public
Key Output
Flash:Plaintex
t
Zeroizatio
n
Command
IPSec/IKE RSA
Private
Key:Paired With
IPSec/IKE
Pre-shared
Secret
Password/Sec
ret Input via
SSHv2
encrypted by
GCM
Password/Sec
ret Input via
SSHv2
encrypted by
AES and
HMAC
Password/Sec
ret Input via
TLS encrypted
by GCM
Password/Sec
ret Input via
TLS encrypted
by AES and
HMAC
Flash:Encrypt
ed
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
SKEYSEED:Deriv
ed to
SKEYSEED DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
IPSec/IKE DH
Shared
Secret:Derived
From
IPSec/IKE ECDH
Shared
Secret:Derived
From
IPSec/IKE Pre-
shared
Secret:Derived
From
Page 63 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
IPSec/IKE
Session
Encryption
Key
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
IPSec/IKE DH
Shared
Secret:Derived
From
IPSec/IKE ECDH
Shared
Secret:Derived
From
IPSec/IKE
Authenticati
on Key
DRAM:Plainte
xt
While
IPSec/IKE
v2 tunnel
is on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
IPSec/IKE DH
Shared
Secret:Derived
From
IPSec/IKE ECDH
Shared
Secret:Derived
From
SNMPv3
Shared
Secret
Password/Sec
ret Input via
TLS encrypted
by GCM
Password/Sec
ret Input via
TLS encrypted
by AES and
HMAC
Password/Sec
ret Input via
SSHv2
encrypted by
GCM
Password/Sec
ret Input via
SSHv2
encrypted by
AES and
HMAC
Flash:Encrypt
ed
While
SNMPv3
tunnel is
on
Zeroizatio
n
Command
SNMPv3
Encryption
Key:Derive To
SNMPv3
Authentication
Key:Derive To
SNMPv3
Encryption
Key
DRAM:Plainte
xt
While
SNMPv3
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
n
Reboot
SNMPv3 Shared
Secret:Derived
From
SNMPv3
Authenticati
on Key
DRAM:Plainte
xt
While
SNMPv3
tunnel is
on
Zeroizatio
n
Command
Session
terminatio
SNMPv3 Shared
Secret:Derived
From
SNMPv3
Page 64 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Name Input - Output Storage Storage
Duration
Zeroizatio
n
Related SSPs
n
Reboot
Encryption
Key:Used With
Table 18: SSP Table 2
9.5 Transitions
• SHA-1: The module includes an implementation of SHA-1 for hashing and digital
signature verification. This implementation will be non-Approved for all uses starting
January 1, 2031. At this time, the user should move to SHA2, which is available in this
module.
• FIPS 186-4 to 186-5: As of February 5, 2024, the CMVP does not accept module
submissions that implement DSA or RSA X9.31 in the approved mode, other than for
signature verification which is approved for legacy use. This module does not implement
DSA or RSA X9.31 for signature generation and therefore is unaffected by the current
transition from 186-4 to 186-5. As detailed in section 2.7, the CAVP testing performed on
the 186-4 algorithms is mathematically similar to the testing performed on the 186-5
algorithms and therefore this module claims compliance with 186-5. This means that no
timeline exists in which any of the implemented algorithms will transition from approved
to non-approved.
10 Self-Tests
10.1 Pre-Operational Self-Tests
Algorithm or Test Test Properties Test
Method
Test Type Indicator Details
RSA SigVer
(FIPS186-4)
(A4446)
RSA SigVer 2048
bits with SHA2-512
KAT SW/FW
Integrity
Module is in
normal state
RSA
SigVer
Table 19: Pre-Operational Self-Tests
The module performs the following self-tests, including the pre-operational self-tests and
Conditional self-tests. Prior to the module providing any data output via the data output
interface, the module performs and passes the pre-operational self-tests. Following the
successful pre-operational self-tests, the module executes the Conditional Cryptographic
Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an
error state and outputs the error message via the module’s status output interface. While
the module is in the error state, all data through the data output interface and all
cryptographic operations are disabled. The error state can only be cleared by reloading the
module. All self-tests must be completed successfully before the module transitions to the
operational state.
Page 65 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
10.2 Conditional Self-Tests
Algorithm or
Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
AES-CBC
Encrypt KAT
(A4446)
256 bits KAT CAST Module is
in normal
state
Encrypt Power Up
AES-CBC
Decrypt KAT
(A4446)
256 bits KAT CAST Module is
in normal
state
Decrypt Power Up
AES-GCM
Authenticated
Encrypt KAT
(A4446)
256 bits KAT CAST Module is
in normal
state
Authenticated
Encrypt
Power Up
AES-GCM
Authenticated
Decrypt KAT
(A4446)
256 bits KAT CAST Module is
in normal
state
Authenticated
Decrypt
Power Up
Counter
DRBG
Instantiate
KAT (A4446)
AES-128 KAT CAST Module is
in normal
state
Instantiate KAT Power Up
Counter
DRBG
Generate
KAT (A4446)
AES-128 KAT CAST Module is
in normal
state
Generate KAT Power Up
Counter
DRBG
Reseed KAT
(A4446)
AES-128 KAT CAST Module is
in normal
state
Reseed KAT Power Up
ECDSA
SigGen
(FIPS186-4)
KAT (A4446)
P-256
curve with
SHA2-256
KAT CAST Module is
in normal
state
ECDSA
SigGen KAT
Power Up
ECDSA
SigVer
(FIPS186-4)
KAT (A4446)
P-256
curve with
SHA2-256
KAT CAST Module is
in normal
state
ECDSA SigVer
KAT
Power Up
HMAC-SHA-1
KAT (A4446)
SHA-1 KAT CAST Module is
in normal
state
HMAC-SHA-1 Power Up
HMAC-SHA2-
256 KAT
(A4446)
SHA2-256 KAT CAST Module is
in normal
state
HMAC-SHA2-
256
Power Up
HMAC-SHA2-
384 KAT
(A4446)
SHA2-384 KAT CAST Module is
in normal
state
HMAC-SHA2-
384
Power Up
HMAC-SHA2-
512 KAT
(A4446)
SHA2-512 KAT CAST Module is
in normal
state
HMAC-SHA2-
512
Power Up
Page 66 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Algorithm or
Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
KAS-ECC-
SSC Sp800-
56Ar3 KAT
(A4446)
P-256
Curve
KAT CAST Module is
in normal
state
Primitive Z KAT Power Up
KAS-FFC-
SSC Sp800-
56Ar3 KAT
(A4446)
MODP-
2048
KAT CAST Module is
in normal
state
Primitive Z KAT Power Up
RSA SigGen
(FIPS186-4)
KAT (A4446)
2048 bit
modulus
with SHA2-
256
KAT CAST Module is
in normal
state
RSA SigGen
KAT
Power Up
RSA SigVer
(FIPS186-4)
KAT (A4446)
2048 bit
modulus
with SHA2-
256
KAT CAST Module is
in normal
state
RSA SigVer
KAT
Power Up
KDF IKEv2
KAT (A4446)
N/A KAT CAST Module is
in normal
state
N/A Power Up
KDF SNMP
KAT (A4446)
N/A KAT CAST Module is
in normal
state
N/A Power Up
KDF SSH
KAT (A4446)
N/A KAT CAST Module is
in normal
state
N/A Power Up
TLS v1.2 KDF
RFC7627
KAT (A4446)
N/A KAT CAST Module is
in normal
state
N/A Power Up
SHA-1 KAT
(A4446)
N/A KAT CAST Module is
in normal
state
N/A Power Up
ECDSA
KeyGen
(FIPS186-4)
PCT (A4446)
Curve P-
256 with
SHA2-256
PCT PCT Module is
in normal
state
ECDSA Performs all
required
pair-wise
consistency
tests on the
newly
generated
key pairs
before the
first
operational
use.
RSA KeyGen
(FIPS186-4)
PCT (A4446)
2048 bit
Modulus
PCT PCT Module is
in normal
state
RSA Performs all
required
pair-wise
consistency
tests on the
Page 67 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Algorithm or
Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
newly
generated
key pairs
before the
first
operational
use.
KAS-ECC-
SSC Sp800-
56Ar3 PCT
(A4446)
Curve P-
256 with
SHA2-256
PCT PCT Module is
in normal
state
N/A Performs all
required
pair-wise
consistency
tests on the
newly
generated
key pairs
before the
first
operational
use.
KAS-FFC-
SSC Sp800-
56Ar3 PCT
(A4446)
MODP-
2048
PCT PCT Module is
in normal
state
N/A Performs all
required
pair-wise
consistency
tests on the
newly
generated
key pairs
before the
first
operational
use.
Firmware
Load Test
HMAC-
SHA2-512
KAT SW/FW
Load
Module is
in normal
state
N/A When
firmware has
been
uploaded to
the module
Entropy 90B
Start-up
Repetition
Count Test
(RCT)
Repetition
Count Test
RCT CAST Module is
in normal
state
Designed to
quickly detect
catastrophic
failures that
cause the noise
source to
become "stuck"
on a single
output value for
a long period of
time
Power Up
Page 68 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Algorithm or
Test
Test
Properties
Test
Method
Test
Type
Indicator Details Conditions
Entropy 90B
Start-up
Adaptive
Proportion
Test (APT)
Adaptive
Proportion
Test
APT CAST Module is
in normal
state
Designed to
detect a large
loss of entropy
that might
occur as a
result of some
physical failure
or
environmental
change
affecting the
noise source
Power Up
Entropy 90B
Continuous
Repetition
Count Test
(RCT)
Repetition
Count Test
RCT CAST Module is
in normal
state
Designed to
quickly detect
catastrophic
failures that
cause the noise
source to
become "stuck"
on a single
output value for
a long period of
time
Entropy data
is generated
from the
Entropy
Source -
Continuous
Entropy 90B
Continuous
Adaptive
Proportion
Test (APT)
Adaptive
Proportion
Test
APT CAST Module is
in normal
state
Designed to
detect a large
loss of entropy
that might
occur as a
result of some
physical failure
or
environmental
change
affecting the
noise source
Entropy data
is generated
from the
Entropy
Source -
Continuous
Table 20: Conditional Self-Tests
The module performs on-demand self-tests initiated by the operator, by powering off and
powering the module back on. The full suite of self-tests is then executed. The same
procedure may be employed by the operator to perform periodic self-tests.
10.3 Periodic Self-Test Information
Page 69 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Algorithm or
Test
Test Method Test Type Period Periodic
Method
RSA SigVer
(FIPS186-4)
(A4446)
KAT SW/FW Integrity Recommend 60
Days
Reboot
Table 21: Pre-Operational Periodic Information
Algorithm or
Test
Test Method Test Type Period Periodic
Method
AES-CBC
Encrypt KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
AES-CBC
Decrypt KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
AES-GCM
Authenticated
Encrypt KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
AES-GCM
Authenticated
Decrypt KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
Counter DRBG
Instantiate KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
Counter DRBG
Generate KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
Counter DRBG
Reseed KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
ECDSA SigGen
(FIPS186-4)
KAT (A4446)
KAT CAST Recommend 60
Days
Reboot
ECDSA SigVer
(FIPS186-4)
KAT (A4446)
KAT CAST Recommend 60
Days
Reboot
HMAC-SHA-1
KAT (A4446)
KAT CAST Recommend 60
Days
Reboot
HMAC-SHA2-
256 KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
HMAC-SHA2-
384 KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
HMAC-SHA2-
512 KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
Page 70 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Algorithm or
Test
Test Method Test Type Period Periodic
Method
KAS-ECC-SSC
Sp800-56Ar3
KAT (A4446)
KAT CAST Recommend 60
Days
Reboot
KAS-FFC-SSC
Sp800-56Ar3
KAT (A4446)
KAT CAST Recommend 60
Days
Reboot
RSA SigGen
(FIPS186-4)
KAT (A4446)
KAT CAST Recommend 60
Days
Reboot
RSA SigVer
(FIPS186-4)
KAT (A4446)
KAT CAST Recommend 60
Days
Reboot
KDF IKEv2 KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
KDF SNMP KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
KDF SSH KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
TLS v1.2 KDF
RFC7627 KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
SHA-1 KAT
(A4446)
KAT CAST Recommend 60
Days
Reboot
ECDSA KeyGen
(FIPS186-4)
PCT (A4446)
PCT PCT Recommend 60
Days
Reboot
RSA KeyGen
(FIPS186-4)
PCT (A4446)
PCT PCT Recommend 60
Days
Reboot
KAS-ECC-SSC
Sp800-56Ar3
PCT (A4446)
PCT PCT Recommend 60
Days
Reboot
KAS-FFC-SSC
Sp800-56Ar3
PCT (A4446)
PCT PCT Recommend 60
Days
Reboot
Firmware Load
Test
KAT SW/FW Load N/A N/A
Entropy 90B
Start-up
Repetition Count
Test (RCT)
RCT CAST N/A N/A
Entropy 90B
Start-up
Adaptive
Proportion Test
(APT)
APT CAST N/A N/A
Entropy 90B
Continuous
RCT CAST N/A N/A
Page 71 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Algorithm or
Test
Test Method Test Type Period Periodic
Method
Repetition Count
Test (RCT)
Entropy 90B
Continuous
Adaptive
Proportion Test
(APT)
APT CAST N/A N/A
Table 22: Conditional Periodic Information
10.4 Error States
Name Description Conditions Recovery
Method
Indicator
Error
State
If self-test tests fail, the module is
put into an error state
Self-test
failure
Reboot the
module
System
Halt
Table 23: Error States
If any of the above-mentioned self-tests fail, the module reports the error and enters the Error
state. In the Error State, no cryptographic services are provided, and data output is prohibited.
The only method to recover from the error state is to reboot the module and perform the self-
tests, including the pre-operational firmware integrity test and the conditional CASTs. The
module will only enter into the operational state after successfully passing the pre-operational
firmware integrity test and the conditional CASTs.
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures
The validated module firmware was installed onto the respective test platforms listed in Table 2
above. The Crypto Officer must configure and enforce the following initialization steps:
Step 1: The Crypto Officer must install opacity shields as described in section 7 above.
Step 2: The Crypto Officer must apply tamper evidence labels as described in section 7 above.
Step 3: The Crypto Officer must securely store any unused tamper evidence labels.
Note: Each module has a Type A USB 2.0 port, but it is considered to be disabled once the
Crypto Officer has applied the TEL #1 (FPR 1010) or TEL #8 (FPR 1120/1140/1150).
Step 4. Crypto officer shall perform zeroization operation if the module was previously used
before the approved mode configuration.
Step 5: The Crypto Officer shall configure the module to be managed by the Firepower
Management Center (FMC), and follow the procedure below from the FMC:
Page 72 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
a) Choose Devices > Platform Settings and create or edit a Firepower policy.
b) On the left click “UCAPL/CC Compliance”.
c) Choose “CC” from the dropdown under “Enable UCAPL/CC Compliance”.
d) Click “Save” to save the changes.
e) Click “Deploy” and select “Deploy All”.
Step 6: The module will automatically reboot, and will be placed in the approved mode once it is
done rebooting.
Step 7: Crypto Officer can verify the version installed and running
> show version
Step 8: Crypto Officer can verify the module is in approved mode:
> show fips
Step 9: Assign users a Privilege Level of basic.
Step 10: Configure IP address for unit and all distant endpoints from the FMC.
Step 11: Define RADIUS shared secret keys that are at least 8 characters long and secure
traffic between the security module and the RADIUS server via secure (IPSec, TLS) tunnel.
Note: Perform this step only if RADIUS is configured, otherwise proceed.
Step 12: Configure the security module so that any remote connections via Telnet are secured
through IPSec.
Step 13: Configure the security module so that only approved algorithms are used for all
security connections (SSHv2, TLSv1.2, SNMPv3 and IPSec/IKEv2).
Step 14: Configure the security module so that error messages can only be viewed by Crypto
Officer.
Step 15: Enable HTTPS with TLS. HTTPS with TLS should always be used for Web-based
management.
Step 16: Ensure that installed digital certificates are signed using approved algorithms.
Step 17: Save and reboot the module.
11.2 Administrator Guidance
Specific Admin guidance can be found in the Cisco Secure Firewall Threat Defense
compatibility guide: https://www.cisco.com/c/en/us/td/docs/security/secure-
firewall/compatibility/threat-defense-compatibility.html
11.3 Non-Administrator Guidance
Specific Non-Admin guidance can be found in the Firepower 1000 Series Datasheet and the
Firepower 1100 Series Hardware Installation Guide:
https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-
742469.html and https://www.cisco.com/c/en/us/td/docs/security/firepower/1100/hw/guide/hw-
install-1100/overview.html
Page 73 of 73
© 2021-2025 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
12 Mitigation of Other Attacks
N/A for this module.