Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, ASA 5585-X SSP-20, ASA 5585-X SSP-40 and ASA 5585-X SSP-60 Adaptive Security Appliances

Certificate #3232

Webpage information

Status historical
Historical reason SP 800-56Arev3 transition
Validation dates 13.07.2018
Standard FIPS 140-2
Security level 2
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy
Exceptions
  • Roles, Services, and Authentication: Level 3
  • Mitigation of Other Attacks: N/A
Description The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes.
Version (Hardware) ASA 5506-X[1][2], ASA 5506H-X[1][2], ASA 5506W-X[1][2], ASA 5508-X[1][3], ASA 5516-X[1][4], ASA 5525-X[1], ASA 5545-X[1], ASA 5555-X[1] and [ASA 5585-X SSP-10, ASA 5585-X SSP-20, ASA 5585-X SSP-40 and ASA 5585-X SSP-60][1][5] with [AIR-AP-FIPSKIT=][1], [ASA5506-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4] and [ASA5585-X-FIPS-KIT][5]
Version (Firmware) 9.8
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES-256, AES, RC4, DES, Triple-DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
Asymmetric Algorithms
RSA 2048, RSA-2048, ECDSA, Diffie-Hellman, DH
Hash functions
SHA-1, SHA-512, SHA-256, SHA-384, MD5
Protocols
SSHv2, SSH, SSL, TLSv1.2, TLS, IKEv2, IKE, VPN
Randomness
DRBG
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
CBC, CTR, GCM

Vendor
Cisco, Cisco Systems, Inc, Cisco Systems

Security level
Level 2, Level 1, level 2
Side-channel analysis
SPA
Certification process
out of scope, of the TEL as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The Crypto Officer shall inspect the seals for evidence of tamper as

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, FIPS 186-4, SP 800-90A, SP 800-52, RFC 5288, RFC 7296

File metadata

Title CISCO 831 Security Policy
Subject FIPS 140-2 Security Policy
Author Scott Shorter
Creation date D:20180703184521-04'00'
Modification date D:20180703184521-04'00'
Pages 44
Creator Microsoft® Word 2013
Producer Microsoft® Word 2013

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 3232,
  "dgst": "b85bf0f7330be079",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "ECDSA#1254",
        "AES#3301",
        "SHS#2091",
        "Triple-DES#1321",
        "HMAC#1247",
        "AES#2050",
        "HMAC#3272",
        "HMAC#2095",
        "AES#2444",
        "DRBG#1735",
        "AES#2472",
        "DRBG#819",
        "HMAC#1514",
        "SHS#4012",
        "Triple-DES#2559",
        "DRBG#336",
        "SHS#2737",
        "SHS#1794",
        "Triple-DES#1513",
        "AES#4905",
        "DRBG#332",
        "CVL#1521",
        "RSA#2678",
        "Triple-DES#1881"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "9.8"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECDSA": {
            "ECDSA": 15
          }
        },
        "FF": {
          "DH": {
            "DH": 7,
            "Diffie-Hellman": 9
          }
        },
        "RSA": {
          "RSA 2048": 5,
          "RSA-2048": 1
        }
      },
      "certification_process": {
        "OutOfScope": {
          "of the TEL as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The Crypto Officer shall inspect the seals for evidence of tamper as": 1,
          "out of scope": 1
        }
      },
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CTR": {
          "CTR": 1
        },
        "GCM": {
          "GCM": 6
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 37,
          "IKEv2": 9
        },
        "SSH": {
          "SSH": 19,
          "SSHv2": 19
        },
        "TLS": {
          "SSL": {
            "SSL": 3
          },
          "TLS": {
            "TLS": 37,
            "TLSv1.2": 6
          }
        },
        "VPN": {
          "VPN": 11
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 6,
          "P-384": 2,
          "P-521": 2
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128/192/256": 2,
          "AES-256": 5,
          "AES-GCM 192": 1,
          "HMAC- SHA256/384": 1,
          "HMAC-SHA-1": 4,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-384": 4,
          "HMAC-SHA-512": 4,
          "HMAC-SHA1": 2,
          "RSA 2048": 5,
          "SHA-1": 2,
          "SHA-256": 2,
          "SHA-384": 1,
          "SHA-512": 8,
          "SHA\u2013384": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "Level 2": 3,
          "level 2": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 6
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 2
          },
          "SHA2": {
            "SHA-256": 2,
            "SHA-384": 1,
            "SHA-512": 8
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 53
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "SPA": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140": 2,
          "FIPS 140-2": 16,
          "FIPS 186-4": 3,
          "FIPS PUB 140-2": 1
        },
        "NIST": {
          "SP 800-52": 1,
          "SP 800-90A": 7
        },
        "RFC": {
          "RFC 5288": 1,
          "RFC 7296": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 12,
            "AES-256": 5
          },
          "RC": {
            "RC4": 3
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 9
          },
          "DES": {
            "DES": 5
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 4,
            "HMAC-SHA-256": 2,
            "HMAC-SHA-384": 2,
            "HMAC-SHA-512": 2
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 27,
          "Cisco Systems": 4,
          "Cisco Systems, Inc": 41
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Scott Shorter",
      "/CreationDate": "D:20180703184521-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word 2013",
      "/ModDate": "D:20180703184521-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word 2013",
      "/Subject": "FIPS 140-2 Security Policy",
      "/Title": "CISCO 831 Security Policy",
      "pdf_file_size_bytes": 3329617,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://www.cisco.com/c/en/us/products/index.html",
          "http://csrc.nist.gov/groups/STM/index.html",
          "http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eot_sobo.html",
          "http://www.cisco.com/c/en/us/products/security/asa-5585-x-adaptive-security-appliance/index.html",
          "http://www.cisco.com/c/en/us/products/security/asa-1000v-cloud-firewall/index.html",
          "http://csrc.nist.gov/groups/STM/cmvp/validation.html",
          "http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eot_edge.html",
          "http://www.cisco.com/",
          "http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_0100.html#concept_9EB479BF65B64360A7BF8DD21F3DD6C9",
          "http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-installation-and-configuration-guides-list.html",
          "http://www.cisco.com/en/US/products/ps6120/index.html",
          "http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_0100.html#concept_AB8781B76BBA4209955B8C7F2B71772A",
          "http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_0100.html#concept_EDFAF0FA292349DBA5895DCD27A6C050"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 44
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "c96e0a3bc10347691fabf979653aaa9d3ed30145aac0f803a8beb3d43acc6881",
    "policy_txt_hash": "6e85659690723aec52e744d3c2481b831bc25ad427952d5d2f37e15348329a89"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/JulyConsolidatedCert.pdf",
    "date_sunset": null,
    "description": "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "9.8",
    "historical_reason": "SP 800-56Arev3 transition",
    "hw_versions": "ASA 5506-X[1][2], ASA 5506H-X[1][2], ASA 5506W-X[1][2], ASA 5508-X[1][3], ASA 5516-X[1][4], ASA 5525-X[1], ASA 5545-X[1], ASA 5555-X[1] and [ASA 5585-X SSP-10, ASA 5585-X SSP-20, ASA 5585-X SSP-40 and ASA 5585-X SSP-60][1][5] with [AIR-AP-FIPSKIT=][1], [ASA5506-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4] and [ASA5585-X-FIPS-KIT][5]",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, ASA 5585-X SSP-20, ASA 5585-X SSP-40 and ASA 5585-X SSP-60 Adaptive Security Appliances",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2018-07-13",
        "lab": "Gossamer Security Solutions",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}