This page was not yet optimized for use on mobile
devices.
WildFire 10.1 WF-500
Certificate #4807
Webpage information
Security policy
Symmetric Algorithms
AES, CAST, DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMACAsymmetric Algorithms
RSA 2048, RSA 3072, RSA 4096, ECDHE, ECDH, ECDSA, DHE, Diffie-Hellman, DHHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA2, MD5Schemes
Key Exchange, Key AgreementProtocols
SSH, SSHv2, TLS, TLS1.2, TLS v1.2, TLSv1.1, TLSv1.0, TLS v1.1, TLS 1.2, IKEv2, IKE, IPsec, VPNRandomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, GCM, CCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384Trusted Execution Environments
SSCSecurity level
level 2, Level 2, Level 1Certification process
out of scope, in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Zeroization To initiate the zeroization service, perform the following steps: ●Standards
FIPS 140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 186-2, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-90B, SP 800-52, SP 800-63B, SP 800-140F, SP 800-56A, SP 800-90A, SP 800-135, PKCS#1, RFC 3526, RFC 5288, RFC 5246, RFC 5282, ISO/IEC 24759File metadata
| Creation date | D:20250313201343Z00'00' |
|---|---|
| Modification date | D:20250313201343Z00'00' |
| Pages | 39 |
| Producer | macOS Version 14.7.4 (Build 23H420) Quartz PDFContext |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4807,
"dgst": "79fdc2a90e0af23c",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC-SHA2-384A2137",
"AES-CFB128A2137",
"RSA SigVer (FIPS186-4)A2137",
"SHA2-384A2137",
"RSA SigGen (FIPS186-4)A2137",
"SHA2-256A2137",
"HMAC-SHA2-224A2137",
"ECDSA SigVer (FIPS186-4)A2137",
"SHA2-512A2137",
"HMAC-SHA2-256A2137",
"ECDSA SigGen (FIPS186-4)A2137",
"AES-CBCA2137",
"RSA KeyGen (FIPS186-4)A2137",
"KDF SSHA2137",
"Safe Primes Key VerificationA2137",
"ECDSA KeyGen (FIPS186-4)A2137",
"KAS-FFC-SSC Sp800-56Ar3A2137",
"ECDSA KeyVer (FIPS186-4)A2137",
"KDF TLSA2137",
"Safe Primes Key GenerationA2137",
"Counter DRBGA2137",
"KDF IKEv2A2137",
"SHA2-224A2137",
"SHA-1A2137",
"HMAC-SHA2-512A2137",
"AES-CTRA2137",
"KAS-ECC-SSC Sp800-56Ar3A2137",
"AES-GCMA2137",
"KDF SNMPA2137",
"HMAC-SHA-1A2137"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"10.1.5",
"10.1"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 7,
"ECDHE": 4
},
"ECDSA": {
"ECDSA": 69
}
},
"FF": {
"DH": {
"DH": 3,
"DHE": 4,
"Diffie-Hellman": 9
}
},
"RSA": {
"RSA 2048": 12,
"RSA 3072": 2,
"RSA 4096": 3
}
},
"certification_process": {
"OutOfScope": {
"in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Zeroization To initiate the zeroization service, perform the following steps: \u25cf": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CCM": {
"CCM": 2
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 14
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 1,
"IKEv2": 13
},
"IPsec": {
"IPsec": 2
},
"SSH": {
"SSH": 72,
"SSHv2": 2
},
"TLS": {
"TLS": {
"TLS": 80,
"TLS 1.2": 1,
"TLS v1.1": 1,
"TLS v1.2": 1,
"TLS1.2": 1,
"TLSv1.0": 3,
"TLSv1.1": 1
}
},
"VPN": {
"VPN": 7
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"KEX": {
"Key Exchange": 6
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 34,
"P-384": 38,
"P-521": 26
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#10": 1,
"#11": 1,
"#12": 1,
"#5": 1,
"#9": 1
}
},
"fips_certlike": {
"Certlike": {
"AES (128": 1,
"AES 128/192/256": 1,
"AES 256": 3,
"HMAC- SHA-1": 1,
"HMAC-SHA- 1": 6,
"HMAC-SHA-1": 20,
"HMAC-SHA-256": 10,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2,
"PKCS#1": 4,
"RSA 2": 1,
"RSA 2048": 12,
"RSA 3072": 2,
"RSA 4096": 3,
"SHA- 384": 1,
"SHA-1": 7,
"SHA-1, 256": 1,
"SHA-256": 7,
"SHA-384": 1,
"SHA-512": 4,
"SHA2": 4,
"SHA2- 256": 1,
"SHA2- 512": 1,
"SHA2-224": 4,
"SHA2-256": 9,
"SHA2-384": 8,
"SHA2-512": 7
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 2,
"level 2": 1
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 3
}
},
"SHA": {
"SHA1": {
"SHA-1": 8
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 8,
"SHA-384": 2,
"SHA-512": 5,
"SHA2": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 54
},
"RNG": {
"RNG": 2
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 10,
"FIPS 180-4": 5,
"FIPS 186-2": 1,
"FIPS 186-4": 74,
"FIPS 198-1": 5
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-135": 4,
"SP 800-140F": 1,
"SP 800-38A": 4,
"SP 800-38D": 2,
"SP 800-38F": 3,
"SP 800-52": 1,
"SP 800-56A": 19,
"SP 800-63B": 1,
"SP 800-90A": 1,
"SP 800-90B": 2
},
"PKCS": {
"PKCS#1": 2
},
"RFC": {
"RFC 3526": 2,
"RFC 5246": 1,
"RFC 5282": 1,
"RFC 5288": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 18
},
"CAST": {
"CAST": 1
}
},
"DES": {
"DES": {
"DES": 1
}
},
"constructions": {
"MAC": {
"CMAC": 1,
"HMAC": 18,
"HMAC-SHA-256": 5,
"HMAC-SHA-384": 1,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {
"IBM": {
"SSC": 8
}
},
"tls_cipher_suite": {
"TLS": {
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/CreationDate": "D:20250313201343Z00\u002700\u0027",
"/ModDate": "D:20250313201343Z00\u002700\u0027",
"/Producer": "macOS Version 14.7.4 (Build 23H420) Quartz PDFContext",
"pdf_file_size_bytes": 4007154,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.paloaltonetworks.com/",
"about:blank"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 39
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "7fa56846c5e9d39ef9ebf9b0227b3eff4d9c0ecdadea206e84cb9eee862c04eb",
"policy_txt_hash": "38fe6bbfecfd37c88cb63d53df6ef59e5327d519309f2d76690e6d60bf115b39"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
"date_sunset": "2029-09-22",
"description": "The Wildfire 10.1 WF-500 from Palo Alto Networks Inc. cryptographic module designed to identify unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, services, and authentication: Level 3",
"Operational environment: N/A",
"Non-invasive security: N/A",
"Life-cycle assurance: Level 3",
"Mitigation of other attacks: N/A"
],
"fw_versions": "10.1.5",
"historical_reason": null,
"hw_versions": "910-000097 with Physical Kit 920-000145",
"level": 2,
"mentioned_certs": {},
"module_name": "WildFire 10.1 WF-500",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-09-23",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2025-03-19",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Update"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}