This page was not yet optimized for use on mobile devices.
GlobalProtect App
Certificate #4828
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-256, HMACAsymmetric Algorithms
RSA 2048, RSA 3072, ECDHE, ECDSA, ECCHash functions
SHA-1, SHA2Schemes
Key ExchangeProtocols
TLS, TLS 1.2, TLS v1.2, TLSv1.2, IPsec, VPNRandomness
DRBGElliptic Curves
P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, GCMVendor
Samsung, QualcommSecurity level
Level 1Certification process
out of scope, directions below will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Linux - Ubuntu To prep this environment for GlobalProtect initializationStandards
FIPS 140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-90B, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-52, SP 800-135, PKCS #1, RFC 5288, ISO/IEC 24759File metadata
| Title | Palo Alto Networks FIPS 140-3 Security Policy GP App Draft_All_24.10.03.docx |
|---|---|
| Pages | 19 |
| Producer | Skia/PDF m131 Google Docs Renderer |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
14.10.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4828,
"dgst": "f658e746131f2576",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES-CTRA2999",
"KDF TLSA2999",
"SHA2-384A2999",
"ECDSA KeyVer (FIPS186-4)A2999",
"Conditioning Component AES-CBC-MAC SP800-90BA2873",
"AES-CBCA2999",
"SHA2-512A2999",
"Counter DRBGA2999",
"RSA SigGen (FIPS186-4)A2999",
"HMAC-SHA2-384A2999",
"AES-GCMA2999",
"ECDSA KeyGen (FIPS186-4)A2999",
"SHA2-256A3429",
"HMAC-SHA2-256A2999",
"ECDSA SigGen (FIPS186-4)A2999",
"HMAC-SHA2-512A2999",
"KAS-ECC-SSC Sp800-56Ar3A2999",
"HMAC-SHA-1A2999",
"RSA SigVer (FIPS186-4)A2999",
"SHA-1A2999",
"AES-ECBA2999",
"ECDSA SigVer (FIPS186-4)A2999"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"888"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 1
},
"ECDH": {
"ECDHE": 6
},
"ECDSA": {
"ECDSA": 27
}
},
"RSA": {
"RSA 2048": 6,
"RSA 3072": 3
}
},
"certification_process": {
"OutOfScope": {
"directions below will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Linux - Ubuntu To prep this environment for GlobalProtect initialization": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CTR": {
"CTR": 3
},
"ECB": {
"ECB": 5
},
"GCM": {
"GCM": 9
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IPsec": {
"IPsec": 2
},
"TLS": {
"TLS": {
"TLS": 35,
"TLS 1.2": 1,
"TLS v1.2": 1,
"TLSv1.2": 2
}
},
"VPN": {
"VPN": 7
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 20,
"P-384": 14,
"P-521": 14
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 7,
"#2": 1
}
},
"fips_certlike": {
"Certlike": {
"AES 128/256": 1,
"AES 256": 2,
"AES CBC (128": 1,
"AES GCM (128": 1,
"AES GCM 256": 2,
"AES-256": 1,
"AES-GCM 128": 1,
"HMAC-SHA-1": 14,
"PKCS #1": 10,
"RSA 2048": 6,
"RSA 3072": 3,
"SHA-1": 4,
"SHA2": 4,
"SHA2-256": 16,
"SHA2-384": 10,
"SHA2-512": 5
}
},
"fips_security_level": {
"Level": {
"Level 1": 3
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 4
},
"SHA2": {
"SHA2": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {
"com": {
"com.paloaltonetworks.gp.pangps.plist": 1
}
},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 29
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 9,
"FIPS 180-4": 5,
"FIPS 186-4": 26,
"FIPS 198-1": 5
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-135": 3,
"SP 800-38A": 4,
"SP 800-38D": 2,
"SP 800-38F": 4,
"SP 800-52": 1,
"SP 800-90B": 8
},
"PKCS": {
"PKCS #1": 5
},
"RFC": {
"RFC 5288": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 16,
"AES-256": 1
}
},
"constructions": {
"MAC": {
"HMAC": 13
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Qualcomm": {
"Qualcomm": 2
},
"Samsung": {
"Samsung": 1
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Producer": "Skia/PDF m131 Google Docs Renderer",
"/Title": "Palo Alto Networks FIPS 140-3 Security Policy GP App Draft_All_24.10.03.docx",
"pdf_file_size_bytes": 593354,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/globalprotect/6-0/globalprotect-app-user-guide/globalprotect-app-user-guide.pdf",
"http://www.paloaltonetworks.com",
"https://support.paloaltonetworks.com/",
"https://ubuntu.com/advantage"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 19
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "45bb18b688d93d1609396ac4613a40f630b206615bb0e5e112ca063cabafa332",
"policy_txt_hash": "34801a1dd107cc16dd8d301919e3b1217961b242b85d83b5956b46ebd56a94fb"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)",
"certificate_pdf_url": null,
"date_sunset": "2026-10-10",
"description": "The GlobalProtect App is a software cryptographic module that runs on commercially available operating systems and mobile devices to provide security for users. The GlobalProtect App secures traffic using TLS or IPsec, and allows users to connect to corporate networks to access their company\u0027s resources from anywhere in the world.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Non-invasive security: N/A",
"Life-cycle assurance: Level 3",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": "Intel Core i3-1215U, Intel Core i7-1250U, Apple M Series M1, Apple A Series A14, Qualcomm Snapdragon 888",
"level": 1,
"mentioned_certs": {},
"module_name": "GlobalProtect App",
"module_type": "Software-Hybrid",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "6.0.10",
"tested_conf": [
"Android 12 running on a Samsung Galaxy S21 Ultra with an Qualcomm Snapdragon 888 with PAA",
"iOS 16 running on a iPhone 12 Mini with an Apple A Series A14 with PAA",
"Linux Ubuntu 20.04 running on a HP Pavilion with an Intel Core i3-1215U with PAA",
"macOS Big Sur 11 running on a MacBook Air with an Apple M Series M1 with PAA",
"Windows 11 running on a HP Envy with an Intel Core i7-1250U with PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-10-11",
"lab": "LEIDOS CSTL",
"validation_type": "Initial"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}