This page was not yet optimized for use on mobile devices.
Palo Alto Networks SD-WAN ION Core Crypto Module
Certificate #4715
Webpage information ?
Security policy ?
Symmetric Algorithms
AES-256, AES, CAST, HMACAsymmetric Algorithms
ECDHE, ECDSA, ECC, Diffie-HellmanHash functions
SHA-1Schemes
MAC, Key AgreementProtocols
SSH, TLS 1.2, TLS v1.2, TLS, TLSv1.2, IKEv2, IKERandomness
DRBGElliptic Curves
P-256, P-384, P-521, P-224Block cipher modes
ECB, CBC, CTR, GCMTrusted Execution Environments
PSPSecurity level
Level 1Standards
FIPS 140-3, FIPS 197, FIPS140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-38D, SP 800-38A, SP 800-140B, SP 800-90B, PKCS#1, RFC 5288, ISO/IEC 24759File metadata
| Author | Richard Wang |
|---|---|
| Creation date | D:20240613150721-04'00' |
| Modification date | D:20240613150721-04'00' |
| Pages | 19 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
12.08.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf.
- The certificate_pdf_url property was set to
-
15.07.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4715,
"dgst": "e2aab8e08a6b9259",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"KDF IKEv2A3563",
"HMAC-SHA2-384A3564",
"Counter DRBGA3563",
"SHA2-256A3564",
"HMAC-SHA2-512A3564",
"HMAC-SHA2-224A3563",
"SHA2-384A3564",
"KDF SNMPA3563",
"AES-GCMA3564",
"SHA2-512A3564",
"AES-CTRA3563",
"KAS-ECC-SSC Sp800-56Ar3A3564",
"RSA SigVer (FIPS186-4)A3572",
"RSA KeyGen (FIPS186-4)A3563",
"ECDSA SigVer (FIPS186-4)A3563",
"AES-CBCA3566",
"HMAC-SHA2-256A3566",
"SHA-1A3566",
"ECDSA SigGen (FIPS186-4)A3563",
"KDF TLSA3564",
"ECDSA KeyGen (FIPS186-4)A3564",
"KDF SSHA3563",
"HMAC-SHA-1A3563",
"RSA SigGen (FIPS186-4)A3563",
"AES-ECBA3563",
"HMAC DRBGA3564",
"SHA2-224A3563"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 25
},
"ECDH": {
"ECDHE": 41
},
"ECDSA": {
"ECDSA": 40
}
},
"FF": {
"DH": {
"Diffie-Hellman": 8
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 1
},
"GCM": {
"GCM": 4
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 2,
"IKEv2": 9
},
"SSH": {
"SSH": 43
},
"TLS": {
"TLS": {
"TLS": 58,
"TLS 1.2": 1,
"TLS v1.2": 1,
"TLSv1.2": 14
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"MAC": {
"MAC": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 16,
"P-256": 16,
"P-384": 40,
"P-521": 34
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1
}
},
"fips_certlike": {
"Certlike": {
"AES-256": 1,
"AES-CBC 256": 4,
"AES-GCM 256": 4,
"HMAC-SHA-1": 22,
"PAA 10": 1,
"PAA 11": 1,
"PAA 12": 1,
"PAA 13": 1,
"PAA 15": 1,
"PAA 16": 1,
"PAA 17": 1,
"PAA 18": 1,
"PAA 19": 1,
"PAA 2": 1,
"PAA 20": 1,
"PAA 21": 1,
"PAA 22": 1,
"PAA 3": 1,
"PAA 4": 1,
"PAA 5": 1,
"PAA 6": 1,
"PAA 7": 1,
"PAA 8": 1,
"PAA 9": 1,
"PKCS#1": 8,
"SHA-1": 3,
"SHA2-224": 1,
"SHA2-256": 13,
"SHA2-384": 3,
"SHA2-512": 5
}
},
"fips_security_level": {
"Level": {
"Level 1": 4
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 56
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 9,
"FIPS 180-4": 8,
"FIPS 186-4": 14,
"FIPS 197": 6,
"FIPS 198-1": 8,
"FIPS140-3": 2
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-140B": 1,
"SP 800-38A": 3,
"SP 800-38D": 3,
"SP 800-90B": 3
},
"PKCS": {
"PKCS#1": 4
},
"RFC": {
"RFC 5288": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 17,
"AES-256": 1
},
"CAST": {
"CAST": 1
}
},
"constructions": {
"MAC": {
"HMAC": 22
}
}
},
"tee_name": {
"AMD": {
"PSP": 24
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Richard Wang",
"/CreationDate": "D:20240613150721-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20240613150721-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"pdf_file_size_bytes": 1032087,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"about:blank",
"http://www.paloaltonetworks.com/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 19
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "78d3b4bb8389bb7318c6cc75f79bc717d006518c6309177a5c4d41f0760d2bcc",
"policy_txt_hash": "79e2115199f9af47260cc8b5bfc255b893db415e27d0ed50b0bf13cd46e025cc"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf",
"date_sunset": "2026-07-07",
"description": "The Palo Alto Networks SD-WAN ION Core Crypto Module is utilized in hardware and software ION form factors. These enable the integration of a diverse set of wide area network (WAN) connection types, improve application performance and visibility, enhance security and compliance, and reduce the overall cost and complexity of your WAN.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Palo Alto Networks SD-WAN ION Core Crypto Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "1.0",
"tested_conf": [
"ION 6.1 running on ION 1200 with Intel Atom C3436L with PAA",
"ION 6.1 running on ION 1200 with Intel Atom C3436L without PAA",
"ION 6.1 running on ION 1200-C-5G-WW with Intel Atom C3436L with PAA",
"ION 6.1 running on ION 1200-C-5G-WW with Intel Atom C3436L without PAA",
"ION 6.1 running on ION 1200-C-NA with Intel Atom C3436L with PAA",
"ION 6.1 running on ION 1200-C-NA with Intel Atom C3436L without PAA",
"ION 6.1 running on ION 1200-C-ROW with Intel Atom C3436L with PAA",
"ION 6.1 running on ION 1200-C-ROW with Intel Atom C3436L without PAA",
"ION 6.1 running on ION 1200-S with Intel Atom C3436L with PAA",
"ION 6.1 running on ION 1200-S with Intel Atom C3436L without PAA",
"ION 6.1 running on ION 1200-S-C-5G-WW with Intel Atom C3436L with PAA",
"ION 6.1 running on ION 1200-S-C-5G-WW with Intel Atom C3436L without PAA",
"ION 6.1 running on ION 1200-S-C-NA with Intel Atom C3436L with PAA",
"ION 6.1 running on ION 1200-S-C-NA with Intel Atom C3436L without PAA",
"ION 6.1 running on ION 1200-S-C-ROW with Intel Atom C3436L with PAA",
"ION 6.1 running on ION 1200-S-C-ROW with Intel Atom C3436L without PAA",
"ION 6.1 running on ION 3200 with Intel Atom C3558R with PAA",
"ION 6.1 running on ION 3200 with Intel Atom C3558R without PAA",
"ION 6.1 running on ION 5200 with Intel Atom C5325 with PAA",
"ION 6.1 running on ION 5200 with Intel Atom C5325 without PAA",
"ION 6.1 running on ION 9200 with Intel Atom P5362 with PAA",
"ION 6.1 running on ION 9200 with Intel Atom P5362 without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-07-08",
"lab": "GOSSAMER SECURITY SOLUTIONS INC",
"validation_type": "Initial"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}