This page was not yet optimized for use on mobile devices.

Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.

	GlobalProtect App	GlobalProtect App
cert_id	4012	4828
dgst	46529058fd79c8ef	f658e746131f2576
heuristics/algorithms	SHS#C1544, KTS#C1544, KAS#C1544, RSA#C1544, DRBG#C1544, AES#C1544, HMAC#C1544, CVL#C1544, ECDSA#C1544	AES-GCMA2999, ECDSA SigGen (FIPS186-4)A2999, Conditioning Component AES-CBC-MAC SP800-90BA2873, ECDSA SigVer (FIPS186-4)A2999, RSA SigGen (FIPS186-4)A2999, HMAC-SHA2-384A2999, RSA SigVer (FIPS186-4)A2999, ECDSA KeyGen (FIPS186-4)A2999, SHA2-512A2999, SHA2-256A3429, KDF TLSA2999, Counter DRBGA2999, ECDSA KeyVer (FIPS186-4)A2999, KAS-ECC-SSC Sp800-56Ar3A2999, SHA-1A2999, HMAC-SHA-1A2999, AES-ECBA2999, AES-CBCA2999, HMAC-SHA2-512A2999, HMAC-SHA2-256A2999, AES-CTRA2999, SHA2-384A2999
heuristics/cpe_matches	{}	{}
heuristics/direct_transitive_cves	{}	{}
heuristics/extracted_versions	-	888
heuristics/indirect_transitive_cves	{}	{}
heuristics/module_processed_references/directly_referenced_by	{}	{}
heuristics/module_processed_references/directly_referencing	{}	{}
heuristics/module_processed_references/indirectly_referenced_by	{}	{}
heuristics/module_processed_references/indirectly_referencing	{}	{}
heuristics/module_prunned_references	{}	{}
heuristics/policy_processed_references/directly_referenced_by	{}	{}
heuristics/policy_processed_references/directly_referencing	{}	{}
heuristics/policy_processed_references/indirectly_referenced_by	{}	{}
heuristics/policy_processed_references/indirectly_referencing	{}	{}
heuristics/policy_prunned_references	{}	{}
heuristics/related_cves	{}	{}
heuristics/verified_cpe_matches	{}	{}
pdf_data/keywords/fips_cert_id		Cert: #1: 7 #2: 1
pdf_data/keywords/fips_security_level	Level: Level 1: 2	Level: Level 1: 3
pdf_data/keywords/fips_certlike	Certlike: AES 128/256: 1 AES CBC (128: 1 AES GCM (128: 1 AES-128: 1 AES-256: 1 AES-CBC (128: 1 AES-GCM (128: 1 Cert. # AES: 1 HMAC-SHA-1: 6 PKCS#1: 2 RSA 2048: 2 SHA- 384: 1 SHA- 512: 1 SHA-1: 6 SHA-224: 4 SHA-256: 13 SHA-384: 10 SHA-512: 9	Certlike: AES 128/256: 1 AES 256: 2 AES CBC (128: 1 AES GCM (128: 1 AES GCM 256: 2 AES-256: 1 AES-GCM 128: 1 HMAC-SHA-1: 14 PKCS #1: 10 RSA 2048: 6 RSA 3072: 3 SHA-1: 4 SHA2: 4 SHA2-256: 16 SHA2-384: 10 SHA2-512: 5
pdf_data/keywords/vendor	Microsoft: Microsoft: 2	Qualcomm: Qualcomm: 2 Samsung: Samsung: 1
pdf_data/keywords/eval_facility
pdf_data/keywords/symmetric_crypto	AES_competition: AES: AES: 7 AES-128: 1 AES-256: 1 RC: RC4: 1 DES: 3DES: TDES: 1 Triple-DES: 1 constructions: MAC: HMAC: 6 miscellaneous: Camellia: Camellia: 1 IDEA: IDEA: 1 SEED: SEED: 1	AES_competition: AES: AES: 16 AES-256: 1 constructions: MAC: HMAC: 13
pdf_data/keywords/asymmetric_crypto	ECC: ECDH: ECDH: 1 ECDHE: 3 ECDSA: ECDSA: 9 FF: DH: DH: 1 Diffie-Hellman: 3 RSA: RSA 2048: 2	ECC: ECC: ECC: 1 ECDH: ECDHE: 6 ECDSA: ECDSA: 27 RSA: RSA 2048: 6 RSA 3072: 3
pdf_data/keywords/pq_crypto
pdf_data/keywords/hash_function	MD: MD5: MD5: 1 SHA: SHA1: SHA-1: 6 SHA2: SHA-224: 4 SHA-256: 13 SHA-384: 10 SHA-512: 9	SHA: SHA1: SHA-1: 4 SHA2: SHA2: 4
pdf_data/keywords/crypto_scheme		KEX: Key Exchange: 2
pdf_data/keywords/crypto_protocol	IKE: IKE: 2 IPsec: IPsec: 3 TLS: TLS: TLS: 16 VPN: VPN: 4	IPsec: IPsec: 2 TLS: TLS: TLS: 35 TLS 1.2: 1 TLS v1.2: 1 TLSv1.2: 2 VPN: VPN: 7
pdf_data/keywords/randomness	PRNG: DRBG: 11 RNG: RNG: 1	PRNG: DRBG: 29
pdf_data/keywords/cipher_mode	CBC: CBC: 3 CTR: CTR: 2 ECB: ECB: 2 GCM: GCM: 8	CBC: CBC: 3 CTR: CTR: 3 ECB: ECB: 5 GCM: GCM: 9
pdf_data/keywords/ecc_curve	NIST: P-224: 20 P-256: 12 P-384: 12 P-521: 12	NIST: P-256: 20 P-384: 14 P-521: 14
pdf_data/keywords/crypto_engine
pdf_data/keywords/tls_cipher_suite	TLS: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 1 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 1 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 1 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 1
pdf_data/keywords/crypto_library
pdf_data/keywords/vulnerability
pdf_data/keywords/side_channel_analysis
pdf_data/keywords/device_model
pdf_data/keywords/tee_name
pdf_data/keywords/os_name
pdf_data/keywords/cplc_data
pdf_data/keywords/ic_data_group
pdf_data/keywords/standard_id	FIPS: FIPS 140-2: 20 FIPS 180-4: 1 FIPS 186-4: 3 FIPS 197: 1 FIPS 198: 1 NIST: SP 800-135: 1 SP 800-38A: 1 SP 800-38D: 1 SP 800-38F: 1 SP 800-56A: 4 SP 800-90A: 2 PKCS: PKCS#1: 1 RFC: RFC 5289: 1	FIPS: FIPS 140-3: 9 FIPS 180-4: 5 FIPS 186-4: 26 FIPS 198-1: 5 ISO: ISO/IEC 24759: 2 NIST: SP 800-135: 3 SP 800-38A: 4 SP 800-38D: 2 SP 800-38F: 4 SP 800-52: 1 SP 800-90B: 8 PKCS: PKCS #1: 5 RFC: RFC 5288: 1
pdf_data/keywords/javacard_version
pdf_data/keywords/javacard_api_const
pdf_data/keywords/javacard_packages		com: com.paloaltonetworks.gp.pangps.plist: 1
pdf_data/keywords/certification_process		OutOfScope: directions below will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Linux - Ubuntu To prep this environment for GlobalProtect initialization: 1 out of scope: 1
pdf_data/policy_metadata	/Author: Palo Alto Networks Technical Documentation Department /Company: /CreationDate: D:20210426130346-07'00' /Creator: Acrobat PDFMaker 17 for Word /ModDate: D:20210426130352-07'00' /Producer: Adobe PDF Library 17.11.238 /SourceModified: D:20210426200247 pdf_file_size_bytes: 344300 pdf_hyperlinks: http://www.paloaltonetworks.com/, about:blank, https://support.paloaltonetworks.com/ pdf_is_encrypted: False pdf_number_of_pages: 15	/Producer: Skia/PDF m131 Google Docs Renderer /Title: Palo Alto Networks FIPS 140-3 Security Policy GP App Draft_All_24.10.03.docx pdf_file_size_bytes: 593354 pdf_hyperlinks: https://support.paloaltonetworks.com/, http://www.paloaltonetworks.com, https://ubuntu.com/advantage, https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/globalprotect/6-0/globalprotect-app-user-guide/globalprotect-app-user-guide.pdf pdf_is_encrypted: False pdf_number_of_pages: 19
state/module_download_ok	True	True
state/module_extract_ok	True	True
state/policy_convert_garbage	False	False
state/policy_convert_ok	True	True
state/policy_download_ok	True	True
state/policy_extract_ok	True	True
state/policy_pdf_hash	Different	Different
state/policy_txt_hash	Different	Different
web_data/caveat	When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode	Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)
web_data/certificate_pdf_url	https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2021_010921_0733.pdf
web_data/date_sunset		10.10.2026
web_data/description	The GlobalProtect App is a software cryptographic module that runs on commerically available operating systems and provides security for mobile users. The GlobalProtect App secures traffic using TLS or IPsec, and allows users to connect to corporate networks to access a company's resources from anywhere in the world (e.g., when users are remote).	The GlobalProtect App is a software cryptographic module that runs on commercially available operating systems and mobile devices to provide security for users. The GlobalProtect App secures traffic using TLS or IPsec, and allows users to connect to corporate networks to access their company's resources from anywhere in the world.
web_data/embodiment	Multi-Chip Stand Alone	Multi-Chip Stand Alone
web_data/exceptions	Physical Security: N/A, Design Assurance: Level 3, Mitigation of Other Attacks: N/A, ,	Non-invasive security: N/A, Life-cycle assurance: Level 3, Mitigation of other attacks: N/A, Documentation requirements: N/A, Cryptographic module security policy: N/A
web_data/fw_versions	[]	[]
web_data/historical_reason	SP 800-56Arev3 transition
web_data/hw_versions	[]	I, n, t, e, l, , C, o, r, e, , i, 3, -, 1, 2, 1, 5, U, ,, , I, n, t, e, l, , C, o, r, e, , i, 7, -, 1, 2, 5, 0, U, ,, , A, p, p, l, e, , M, , S, e, r, i, e, s, , M, 1, ,, , A, p, p, l, e, , A, , S, e, r, i, e, s, , A, 1, 4, ,, , Q, u, a, l, c, o, m, m, , S, n, a, p, d, r, a, g, o, n, , 8, 8, 8
web_data/level	1	1
web_data/mentioned_certs
web_data/module_name	GlobalProtect App	GlobalProtect App
web_data/module_type	Software	Software-Hybrid
web_data/revoked_link	None	None
web_data/revoked_reason	None	None
web_data/standard	FIPS 140-2	FIPS 140-3
web_data/status	historical	active
web_data/sw_versions	5.1.4	6.0.10
web_data/tested_conf	macOS Mojave 10.14 running on an Apple Macbook Pro with Intel Core i5 with PAA, macOS Mojave 10.14 running on an Apple Macbook Pro with Intel Core i5 without PAA (single-user mode), Microsoft Windows 10 Enterprise running on a Dell Precision 5520 with Intel Core i7 with PAA, Microsoft Windows 10 Enterprise running on a Dell Precision 5520 with Intel Core i7 without PAA,	Android 12 running on a Samsung Galaxy S21 Ultra with an Qualcomm Snapdragon 888 with PAA, iOS 16 running on a iPhone 12 Mini with an Apple A Series A14 with PAA, Linux Ubuntu 20.04 running on a HP Pavilion with an Intel Core i3-1215U with PAA, macOS Big Sur 11 running on a MacBook Air with an Apple M Series M1 with PAA, Windows 11 running on a HP Envy with an Intel Core i7-1250U with PAA
web_data/validation_history	date: 19.08.2021 lab: UL VERIFICATION SERVICES INC validation_type: Initial	date: 11.10.2024 lab: LEIDOS CSTL validation_type: Initial
web_data/vendor	Palo Alto Networks, Inc.	Palo Alto Networks, Inc.
web_data/vendor_url	http://www.paloaltonetworks.com	http://www.paloaltonetworks.com