This page was not yet optimized for use on mobile
devices.
Cisco Firepower 4100 and Cisco Firepower 9300 Series
Certificate #3795
Webpage information
Security policy
Symmetric Algorithms
AES-256, AES, RC4, DES, Triple-DES, HMACAsymmetric Algorithms
RSA 2048, RSA-2048, ECDH, ECDSA, Diffie-Hellman, DHHash functions
SHA-1, SHA-512, MD5Protocols
SSHv2, SSH, TLSv1.2, TLS, IKE, IKEv2, IPsec, VPNRandomness
DRBGElliptic Curves
P-256, P-384, P-521Block cipher modes
CBC, GCMVendor
Cisco, Cisco Systems, Inc, Cisco SystemsSecurity level
Level 2, Level 1, level 2, level 1Certification process
out of scope, of the TEL as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. © Copyright 2021 Cisco Systems, Inc. 27 This document may be freelyStandards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, FIPS 186-4, SP 800-90A, SP 800-52, RFC 5288, RFC 7296, RFC 5246, RFC 4253, RFC 6071File metadata
| Title | CISCO 831 Security Policy |
|---|---|
| Subject | FIPS 140-2 Security Policy |
| Author | Scott Shorter |
| Creation date | D:20210107174557-05'00' |
| Modification date | D:20210107174557-05'00' |
| Pages | 34 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
References
Outgoing- 3789 - historical - Cisco ASA Cryptographic Module
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3795,
"dgst": "91969e505d012cfe",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA#1254",
"DRBG#197",
"HMAC#C1026",
"HMAC#C784",
"HMAC#3272",
"HMAC#1233",
"SHS#1780",
"SHS#C1026",
"AES#2035",
"Triple-DES#1311",
"DRBG#1735",
"DRBG#C784",
"RSA#C784",
"Triple-DES#C784",
"SHS#4012",
"AES#C1026",
"Triple-DES#2559",
"SHS#C784",
"CVL#C784",
"ECDSA#C784",
"DRBG#C1026",
"AES#4905",
"RSA#2678",
"CVL#1521",
"AES#C784",
"AES#2034",
"Triple-DES#C1026"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"2.6"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3789"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3789"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"3789"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3789"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3789"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"3789"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 7
},
"ECDSA": {
"ECDSA": 1
}
},
"FF": {
"DH": {
"DH": 7,
"Diffie-Hellman": 41
}
},
"RSA": {
"RSA 2048": 5,
"RSA-2048": 1
}
},
"certification_process": {
"OutOfScope": {
"of the TEL as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. \u00a9 Copyright 2021 Cisco Systems, Inc. 27 This document may be freely": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"GCM": {
"GCM": 11
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 35,
"IKEv2": 10
},
"IPsec": {
"IPsec": 8
},
"SSH": {
"SSH": 16,
"SSHv2": 26
},
"TLS": {
"TLS": {
"TLS": 38,
"TLSv1.2": 6
}
},
"VPN": {
"VPN": 4
}
},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 8,
"P-384": 8,
"P-521": 8
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"# 13": 1,
"# 14": 1,
"#1": 8,
"#10": 2,
"#11": 4,
"#12": 3,
"#13": 1,
"#1521": 1,
"#2": 3,
"#3": 6,
"#3789": 8,
"#4": 3,
"#5": 5,
"#6": 4,
"#7": 6,
"#8": 3,
"#9": 4
}
},
"fips_certlike": {
"Certlike": {
"AES 128": 1,
"AES-256": 5,
"AES-GCM 192": 1,
"HMAC-SHA-1": 2,
"HMAC-SHA-1 160": 8,
"HMAC-SHA1": 2,
"RSA 2048": 5,
"SHA-1": 1,
"SHA-512": 2
}
},
"fips_security_level": {
"Level": {
"Level 1": 2,
"Level 2": 3,
"level 1": 1,
"level 2": 4
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 6
}
},
"SHA": {
"SHA1": {
"SHA-1": 1
},
"SHA2": {
"SHA-512": 2
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 45
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140": 2,
"FIPS 140-2": 30,
"FIPS 186-4": 4,
"FIPS PUB 140-2": 1
},
"NIST": {
"SP 800-52": 2,
"SP 800-90A": 2
},
"RFC": {
"RFC 4253": 2,
"RFC 5246": 2,
"RFC 5288": 2,
"RFC 6071": 2,
"RFC 7296": 4
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 15,
"AES-256": 5
},
"RC": {
"RC4": 4
}
},
"DES": {
"3DES": {
"Triple-DES": 7
},
"DES": {
"DES": 10
}
},
"constructions": {
"MAC": {
"HMAC": 4
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 29,
"Cisco Systems": 4,
"Cisco Systems, Inc": 33
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Scott Shorter",
"/CreationDate": "D:20210107174557-05\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20210107174557-05\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"/Subject": "FIPS 140-2 Security Policy",
"/Title": "CISCO 831 Security Policy",
"pdf_file_size_bytes": 854910,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/roadmap/fxos-roadmap.html",
"http://www.cisco.com/c/en/us/products/index.html",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program",
"http://www.cisco.com/",
"https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos261/cli-guide/b_CLI_ConfigGuide_FXOS_261.html",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 34
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "8593daceb8d2140076f7d920e5c71bee29d1f84f429b5cb7d827e7f781435f1a",
"policy_txt_hash": "62916242fc6606cd0a3fb45ba3d54f4bf13d18ecb192923afa5c174dfee71326"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode. When installed with the tamper evident seals and opacity shields, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module Cisco ASA Cryptographic Module validated to FIPS 140-2 under Cert. #3789 operating in FIPS mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/January 2021_080221_0323_signed.pdf",
"date_sunset": null,
"description": "This Cisco Firepower eXtensible Operating System (FX-OS) is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, built for scalability, consistent control, and simplified management. The FX-OS provides provides high performance, flexible input/output configurations, and scalability. A graphical user interface provides streamlined, visual representation of current chassis status and simplified configuration of chassis features. A command-based interface for configuring features, monitoring chassis status, and accessing advanced troublesho",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, Services, and Authentication: Level 3",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "2.6",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "FPR4110-NGFW-K9[1], FPR4115-NGFW-K9[1], FPR4120-NGFW-K9[1], FPR4125-NGFW-K9[1], FPR4140-NGFW-K9[1], FPR4145-NGFW-K9[1], FPR4150-NGFW-K9[1], FPR9K-Sup (SM-24)[2], FPR9K-Sup (SM-36)[2], FPR9K-Sup (SM-40)[2], FPR9K-Sup (SM-44)[2], FPR9K-Sup (SM-48)[2] and FPR9K-Sup (SM-56)[2] with FIPS Kit (Cisco_TEL.FIPS_Kit), and opacity shield 69-100250-01[1] or 800-102843-01[2]",
"level": 2,
"mentioned_certs": {
"3789": 1
},
"module_name": "Cisco Firepower 4100 and Cisco Firepower 9300 Series",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2021-01-21",
"lab": "Gossamer Security Solutions",
"validation_type": "Initial"
}
],
"vendor": "Cisco Systems, Inc.",
"vendor_url": "http://www.cisco.com"
}
}