Home / FIPS 140 / de650d61f5bd166a

Firepower Threat Defense Virtual Cryptographic Module

Certificate #4711

Webpage information ?

Status active
Validation dates 17.06.2024
Sunset date 16-06-2026
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim Validation. When installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description Cisco Firepower Threat Defense (FTD) solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications. All running in a virtual environment.
Tested configurations
  • Linux 4 (FX-OS) on NFVIS 4.4 running on ENCS 5412 Server with Intel Xeon Processor D-1557 (Broadwell) With PAA
  • Linux 4 (FX-OS) on NFVIS 4.4 running on ENCS 5412 Server with Intel Xeon Processor D-1557 (Broadwell) without PAA
  • Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA
  • Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA
  • Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA
  • Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy ?

Security target PDF TXT

Symmetric Algorithms
AES, AES-256, HMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DH
Hash functions
SHA-1, SHA-256, SHA-512
Schemes
Key Agreement
Protocols
SSH, TLSv1.2, TLS v1.2, TLS, IKEv2, IKE
Randomness
DRBG, RBG
Libraries
Crypto Library 3
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
CBC, GCM

Trusted Execution Environments
PSP, SSC
Vendor
Cisco Systems, Inc, Cisco

Security level
Level 1, level 1

Standards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-140, SP 800-38D, SP 800-52, NIST SP 800-140F, RFC7627, RFC 7627, RFC 5288, RFC 7296, ISO/IEC 19790, ISO/IEC 24759:2017

File metadata

Title Security Policy
Subject FIPS 140 Security Policy
Author Steven Ratcliffe (steratcl)
Creation date D:20240613121830-04'00'
Modification date D:20240613121830-04'00'
Pages 20
Creator Microsoft® Word 2016
Producer Microsoft® Word 2016

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 08.07.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf.
  • 04.07.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4711,
  "dgst": "de650d61f5bd166a",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "ECDSA KeyVer (FIPS186-4)A3376",
        "ECDSA SigVer (FIPS186-4)A3376",
        "KDF SSHA3376",
        "KAS-FFC-SSC Sp800-56Ar3A3376",
        "SHA-1A3376",
        "ECDSA KeyGen (FIPS186-4)A3376",
        "TLS v1.2 KDF RFC7627A3376",
        "RSA SigGen (FIPS186-4)A3376",
        "HMAC-SHA2-384A3376",
        "HMAC-SHA2-512A3376",
        "HMAC-SHA2-256A3376",
        "RSA SigVer (FIPS186-4)A3376",
        "KDF IKEv2A3376",
        "RSA KeyGen (FIPS186-4)A3376",
        "AES-CBCA3376",
        "SHA2-256A3376",
        "HMAC-SHA-1A3376",
        "AES-GCMA3376",
        "Counter DRBGA3376",
        "SHA2-384A3376",
        "Safe Primes Key GenerationA3376",
        "KAS-ECC-SSC Sp800-56Ar3A3376",
        "SHA2-512A3376",
        "ECDSA SigGen (FIPS186-4)A3376"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 10
          },
          "ECDH": {
            "ECDH": 1
          },
          "ECDSA": {
            "ECDSA": 49
          }
        },
        "FF": {
          "DH": {
            "DH": 1,
            "Diffie-Hellman": 33
          }
        },
        "RSA": {
          "RSA 2048": 5
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "GCM": {
          "GCM": 5
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "Generic": {
          "Crypto Library 3": 1
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 2,
          "IKEv2": 15
        },
        "SSH": {
          "SSH": 29
        },
        "TLS": {
          "TLS": {
            "TLS": 25,
            "TLS v1.2": 10,
            "TLSv1.2": 18
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 28,
          "P-384": 12,
          "P-521": 24
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES-256": 1,
          "HMAC-SHA- 1": 2,
          "HMAC-SHA-1": 8,
          "PAA 2": 1,
          "PAA 3": 1,
          "PAA 4": 1,
          "PAA 6": 1,
          "RSA 2048": 5,
          "SHA-1": 5,
          "SHA-256": 2,
          "SHA-512": 2,
          "SHA2-256": 7,
          "SHA2-384": 7,
          "SHA2-512": 9,
          "SHA2-521": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 5
          },
          "SHA2": {
            "SHA-256": 2,
            "SHA-512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 23
        },
        "RNG": {
          "RBG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 11,
          "FIPS 180-4": 4,
          "FIPS 186-4": 11,
          "FIPS 197": 2,
          "FIPS 198-1": 4
        },
        "ISO": {
          "ISO/IEC 19790": 4,
          "ISO/IEC 24759:2017": 2
        },
        "NIST": {
          "NIST SP 800-140F": 1,
          "SP 800-140": 1,
          "SP 800-38D": 1,
          "SP 800-52": 1
        },
        "RFC": {
          "RFC 5288": 1,
          "RFC 7296": 1,
          "RFC 7627": 1,
          "RFC7627": 15
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 7,
            "AES-256": 1
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 4
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 6
        },
        "IBM": {
          "SSC": 8
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 5,
          "Cisco Systems, Inc": 23
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Steven Ratcliffe (steratcl)",
      "/CreationDate": "D:20240613121830-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word 2016",
      "/ModDate": "D:20240613121830-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word 2016",
      "/Subject": "FIPS 140 Security Policy",
      "/Title": "Security Policy",
      "pdf_file_size_bytes": 570905,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.cisco.com/c/dam/global/da_dk/assets/training/seminaria-materials/enterprise_network_compute_system_encs_.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 20
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "8b5caaaef6793d34d20e1ab6043b58d1a4d27849c23b49af6eb2d83e77913144",
    "policy_txt_hash": "59fce212e32f1c3276de936f99f9f6735174ba86d0f3b2def742ebbfd416433a"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf",
    "date_sunset": "2026-06-16",
    "description": "Cisco Firepower Threat Defense (FTD) solution offers the combination of the industry\u0027s most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications. All running in a virtual environment.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Firepower Threat Defense Virtual Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "7.0.5",
    "tested_conf": [
      "Linux 4 (FX-OS) on NFVIS 4.4 running on ENCS 5412 Server with Intel Xeon Processor D-1557 (Broadwell) With PAA",
      "Linux 4 (FX-OS) on NFVIS 4.4 running on ENCS 5412 Server with Intel Xeon Processor D-1557 (Broadwell) without PAA",
      "Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
      "Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA",
      "Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
      "Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-06-17",
        "lab": "GOSSAMER SECURITY SOLUTIONS INC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}