This page was not yet optimized for use on mobile devices.
Panorama Virtual Appliance 11.0
Certificate #4935
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, CAST, DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMACAsymmetric Algorithms
RSA 2048, RSA 3072, RSA 4096, ECDH, ECDSA, DH, Diffie-HellmanHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA2Schemes
Key ExchangeProtocols
SSH, TLS v1.2, TLS1.2, TLS, TLS 1.2, IKEv2Randomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, GCM, CCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384Vendor
MicrosoftSecurity level
level 1, Level 1Certification process
out of scope, the module. Any software loaded into this module that is not shown on the module certificate is out of scope of this validation, and requires a separate FIPS 140-3 validation. The pre-operational self-testsStandards
FIPS 140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 186-2, SP 800-90B, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-52, SP 800-63B, SP 800-140F, SP 800-56A, PKCS#1, RFC 3526, RFC7627, RFC 5288, RFC 5246, ISO/IEC 24759File metadata
| Title | Panorama VM 11.0 Security Policy-Interim_24.11.25.docx |
|---|---|
| Pages | 24 |
| Producer | Skia/PDF m133 Google Docs Renderer |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
06.01.2025 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name Panorama Virtual Appliance 11.0 was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4935,
"dgst": "9c95695b470eb722",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC-SHA2-256A3454",
"HMAC-SHA2-224A3454",
"KAS-FFC-SSC Sp800-56Ar3A3454",
"KAS-ECC-SSC Sp800-56Ar3A3454",
"SHA2-512A3454",
"SHA2-384A3454",
"AES-CBCA3454",
"SHA2-256A3454",
"HMAC-SHA-1A3454",
"ECDSA KeyVer (FIPS186-4)A3454",
"RSA SigVer (FIPS186-4)A3454",
"AES-CFB128A3454",
"ECDSA KeyGen (FIPS186-4)A3454",
"HMAC-SHA2-384A3454",
"ECDSA SigVer (FIPS186-4)A3454",
"KDF SNMPA3454",
"Safe Primes Key GenerationA3454",
"TLS v1.2 KDF RFC7627A3454",
"HMAC-SHA2-512A3454",
"RSA SigGen (FIPS186-4)A3454",
"ECDSA SigGen (FIPS186-4)A3454",
"Safe Primes Key VerificationA3454",
"AES-CTRA3454",
"Conditioning Component AES-CBC-MAC SP800-90BA1791",
"RSA KeyGen (FIPS186-4)A3454",
"SHA-1A3454",
"KDF SSHA3454",
"AES-GCMA3454",
"SHA2-224A3454",
"Counter DRBGA3454"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"11.0"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 1
},
"ECDSA": {
"ECDSA": 53
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 2
}
},
"RSA": {
"RSA 2048": 10,
"RSA 3072": 2,
"RSA 4096": 2
}
},
"certification_process": {
"OutOfScope": {
"out of scope": 1,
"the module. Any software loaded into this module that is not shown on the module certificate is out of scope of this validation, and requires a separate FIPS 140-3 validation. The pre-operational self-tests": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CCM": {
"CCM": 2
},
"CTR": {
"CTR": 4
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 11
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKEv2": 1
},
"SSH": {
"SSH": 56
},
"TLS": {
"TLS": {
"TLS": 60,
"TLS 1.2": 2,
"TLS v1.2": 12,
"TLS1.2": 1
}
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 6
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 40,
"P-384": 30,
"P-521": 30
}
},
"eval_facility": {},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES (128": 1,
"AES 256": 3,
"HMAC-SHA-1": 22,
"HMAC-SHA-256": 10,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2,
"PKCS#1": 4,
"RSA 2048": 10,
"RSA 3072": 2,
"RSA 4096": 2,
"SHA-1": 6,
"SHA-256": 9,
"SHA-384": 1,
"SHA-512": 3,
"SHA2": 4,
"SHA2-224": 3,
"SHA2-256": 7,
"SHA2-384": 4,
"SHA2-512": 4
}
},
"fips_security_level": {
"Level": {
"Level 1": 5,
"level 1": 1
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 6
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 10,
"SHA-384": 2,
"SHA-512": 4,
"SHA2": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 45
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 13,
"FIPS 180-4": 5,
"FIPS 186-2": 1,
"FIPS 186-4": 62,
"FIPS 198-1": 6
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-140F": 1,
"SP 800-38A": 4,
"SP 800-38D": 2,
"SP 800-38F": 4,
"SP 800-52": 1,
"SP 800-56A": 10,
"SP 800-63B": 2,
"SP 800-90B": 8
},
"PKCS": {
"PKCS#1": 2
},
"RFC": {
"RFC 3526": 2,
"RFC 5246": 1,
"RFC 5288": 2,
"RFC7627": 12
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 15
},
"CAST": {
"CAST": 1
}
},
"DES": {
"DES": {
"DES": 1
}
},
"constructions": {
"MAC": {
"CMAC": 1,
"HMAC": 18,
"HMAC-SHA-256": 5,
"HMAC-SHA-384": 1,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {
"TLS": {
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {
"Microsoft": {
"Microsoft": 2
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Producer": "Skia/PDF m133 Google Docs Renderer",
"/Title": "Panorama VM 11.0 Security Policy-Interim_24.11.25.docx",
"pdf_file_size_bytes": 391247,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin.html",
"http://www.paloaltonetworks.com",
"https://support.paloaltonetworks.com/Support/Index"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 24
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "0cf25a5c1dd6f1ce4b23fb87b13a162f581513e715d213fe4ab0da566dc73b5f",
"policy_txt_hash": "2e12fb0976ff9aa0e36c7ae864eddc2ca65f8d21a9611de60a8fe60ae3892c51"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy",
"certificate_pdf_url": null,
"date_sunset": "2027-01-01",
"description": "Panorama offers easy-to-implement, centralized management features that provide insight into network-wide traffic and simplify configurations.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, services, and authentication: Level 3",
"Physical security: N/A",
"Non-invasive security: N/A",
"Life-cycle assurance: Level 3",
"Mitigation of other attacks: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Panorama Virtual Appliance 11.0",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "11.0.4",
"tested_conf": [
"Hyper-V 2019 on Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Xeon Gold 6248",
"KVM 4 on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Xeon Gold 6248",
"VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Xeon Gold 6248"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2025-01-02",
"lab": "LEIDOS CSTL",
"validation_type": "Initial"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}