This page was not yet optimized for use on mobile
devices.
Cisco Adaptive Security Appliances Cryptographic Module
Certificate #2979
Webpage information
Security policy
Symmetric Algorithms
AES, AES256, RC4, DES, Triple-DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512Asymmetric Algorithms
RSA 2048, RSA-2048, ECDSA, Diffie-Hellman, DHHash functions
SHA-1, SHA-512, SHA-256, SHA-384, MD5Protocols
SSHv2, SSH, SSL, TLS, TLSv1.0, IKEv2, IKE, IPsec, VPNRandomness
DRBGElliptic Curves
P-256, P-521, P-384Block cipher modes
CBC, CTR, GCMVendor
Cisco, Cisco Systems, Inc, Cisco SystemsSecurity level
Level 2, Level 1, level 2Side-channel analysis
SPACertification process
out of scope, of the TEL as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. To seal the system, apply tamper-evidence labels as depicted in theStandards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, SP 800-90A, RFC 6071, RFC 5288File metadata
| Title | CISCO 831 Security Policy |
|---|---|
| Subject | FIPS 140-2 Security Policy |
| Author | Scott Shorter |
| Creation date | D:20170728123119-04'00' |
| Modification date | D:20170728123119-04'00' |
| Pages | 47 |
| Creator | Microsoft® Word 2013 |
| Producer | Microsoft® Word 2013 |
References
Outgoing- 2960 - historical - Cisco Firepower Cryptographic Module
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 2979,
"dgst": "eedaf2856c6f433b",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES#4249",
"AES#3301",
"HMAC#2811",
"SHS#2091",
"Triple-DES#1321",
"HMAC#1247",
"CVL#1002",
"AES#2050",
"ECDSA#995",
"RSA#2297",
"RSA#2298",
"Triple-DES#2307",
"HMAC#2095",
"DRBG#1337",
"AES#2444",
"Triple-DES#2304",
"HMAC#2787",
"SHS#3486",
"AES#2472",
"SHS#3512",
"DRBG#819",
"HMAC#1514",
"AES#4266",
"CVL#1008",
"DRBG#336",
"SHS#2737",
"SHS#1794",
"ECDSA#989",
"Triple-DES#1513",
"DRBG#332",
"DRBG#1328",
"Triple-DES#1881"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"9.6"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"2960"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2960"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"2960"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"2960"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2960"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"2960"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDSA": {
"ECDSA": 16
}
},
"FF": {
"DH": {
"DH": 7,
"Diffie-Hellman": 11
}
},
"RSA": {
"RSA 2048": 5,
"RSA-2048": 1
}
},
"certification_process": {
"OutOfScope": {
"of the TEL as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. To seal the system, apply tamper-evidence labels as depicted in the": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CTR": {
"CTR": 1
},
"GCM": {
"GCM": 2
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 37,
"IKEv2": 8
},
"IPsec": {
"IPsec": 21
},
"SSH": {
"SSH": 17,
"SSHv2": 19
},
"TLS": {
"SSL": {
"SSL": 3
},
"TLS": {
"TLS": 39,
"TLSv1.0": 1
}
},
"VPN": {
"VPN": 11
}
},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 4,
"P-384": 2,
"P-521": 4
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 2,
"#2960": 2
}
},
"fips_certlike": {
"Certlike": {
"AES-GCM 192": 1,
"AES256": 1,
"HMAC SHA-1 160": 2,
"HMAC-SHA-1": 4,
"HMAC-SHA-256": 4,
"HMAC-SHA-384": 4,
"HMAC-SHA-512": 4,
"HMAC-SHA1": 4,
"RSA 2048": 5,
"SHA-1": 2,
"SHA-1 160": 2,
"SHA-256": 2,
"SHA-384": 1,
"SHA-512": 8,
"SHA\u2013384": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"Level 2": 3,
"level 2": 2
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 16
}
},
"SHA": {
"SHA1": {
"SHA-1": 4
},
"SHA2": {
"SHA-256": 2,
"SHA-384": 1,
"SHA-512": 8
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 55
}
},
"side_channel_analysis": {
"SCA": {
"SPA": 2
}
},
"standard_id": {
"FIPS": {
"FIPS 140": 2,
"FIPS 140-2": 17,
"FIPS PUB 140-2": 1
},
"NIST": {
"SP 800-90A": 3
},
"RFC": {
"RFC 5288": 2,
"RFC 6071": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 10,
"AES256": 1
},
"RC": {
"RC4": 4
}
},
"DES": {
"3DES": {
"Triple-DES": 7
},
"DES": {
"DES": 10
}
},
"constructions": {
"MAC": {
"HMAC": 12,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Cisco": {
"Cisco": 23,
"Cisco Systems": 4,
"Cisco Systems, Inc": 47
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Scott Shorter",
"/CreationDate": "D:20170728123119-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2013",
"/ModDate": "D:20170728123119-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2013",
"/Subject": "FIPS 140-2 Security Policy",
"/Title": "CISCO 831 Security Policy",
"pdf_file_size_bytes": 3139398,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_0100.html#concept_D1D7527047C54DC6A69D09F0901AC61E",
"http://www.cisco.com/c/en/us/products/index.html",
"http://csrc.nist.gov/groups/STM/index.html",
"http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_0100.html#concept_C4B6427E77D54C7B9DE2961C6D4109B9",
"http://www.cisco.com/c/en/us/products/security/asa-1000v-cloud-firewall/index.html",
"http://csrc.nist.gov/groups/STM/cmvp/validation.html",
"http://www.cisco.com/",
"http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_0100.html#concept_9EB479BF65B64360A7BF8DD21F3DD6C9",
"http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-installation-and-configuration-guides-list.html",
"http://www.cisco.com/en/US/products/ps6120/index.html",
"http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_0100.html#concept_AB8781B76BBA4209955B8C7F2B71772A",
"http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_0100.html#concept_EDFAF0FA292349DBA5895DCD27A6C050"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 47
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "605598c2abbf94fa33271a0c1b052461cef6277c9a972f55ba1866e3ff267783",
"policy_txt_hash": "587a6894fe9f2216822728ad3a0b1ba4168dbfa1d63fa74026bb0a6bb6e3ac84"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy. This module contains the embedded module Cisco Firepower Cryptographic Module validated to FIPS 140-2 under Cert. #2960 operating in FIPS mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/AugConsolidatedCert.pdf",
"date_sunset": null,
"description": "Enterprise-class firewall capabilities for the ASA devices in an array of form factors - standalone appliances tailor-made for small and midsize businesses, midsize appliances for businesses improving security . This solution offers the combination of the industry\u0027s most deployed stateful firewall with a comprehensive range of next-generation network security services.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, Services, and Authentication: Level 3",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "9.6",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4] or [CISCO-FIPS-KIT=][5]",
"level": 2,
"mentioned_certs": {
"2960": 1
},
"module_name": "Cisco Adaptive Security Appliances Cryptographic Module",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2017-08-01",
"lab": "Gossamer Security Solutions",
"validation_type": "Initial"
}
],
"vendor": "Cisco Systems, Inc.",
"vendor_url": "http://www.cisco.com"
}
}