This page was not yet optimized for use on mobile devices.
Prisma SD-WAN Controller's Cryptographic Module
Certificate #4668
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-, TDEA, HMAC, HMAC-SHA-256, HMAC-SHA-512, HMAC-SHA-224, HMAC-SHA-384, CMACAsymmetric Algorithms
ECDSA, ECC, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512Schemes
Key ExchangeProtocols
TLS, TLS 1.2, VPNRandomness
DRBGElliptic Curves
P-256, P-384, P-521, P-224, K-233, sect163k1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp256k1Block cipher modes
ECB, CBC, CTR, GCM, CCMTrusted Execution Environments
SSCSecurity level
Level 1Standards
FIPS 140-2, FIPS 186-4, FIPS 197, FIPS 198-1, FIPS 180-4, FIPS 202, SP 800-38D, SP 800-52, SP 800-38B, SP 800-38C, SP 800-56A, SP 800-90A, PKCS1, PKCS#1, PKCS#5, PKCS#12, RFC 5288File metadata
| Title | Microsoft Word - FIPS_Security_Policy_PAN_Prisma_11_20_2023.docx |
|---|---|
| Author | Admin |
| Creation date | D:20231120213053-08'00' |
| Modification date | D:20231120213053-08'00' |
| Pages | 13 |
| Creator | PScript5.dll Version 5.2.2 |
| Producer | GPL Ghostscript 8.64 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
08.01.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/December 2023_020124_0656.pdf.
- The certificate_pdf_url property was set to
-
02.01.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4668,
"dgst": "28aba8137d93763f",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"KAS#A2476",
"RSA#A2476",
"HMAC#A2476",
"KTS#A2496",
"KBKDF#A2496",
"KAS-SSC#A2496",
"DRBG#A2496",
"CVL#A2476",
"KTS#A2476",
"KAS#A2496",
"ECDSA#A2476",
"CVL#A2496",
"DRBG#A2476",
"RSA#A2496",
"AES#A2476",
"AES#A2496",
"ECDSA#A2496",
"HMAC#A2496",
"KAS-SSC#A2476",
"SHS#A2496",
"SHS#A2476"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 6
},
"ECDSA": {
"ECDSA": 13
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 2
},
"DSA": {
"DSA": 1
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CCM": {
"CCM": 1
},
"CTR": {
"CTR": 2
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 4
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"TLS": {
"TLS": {
"TLS": 39,
"TLS 1.2": 1
}
},
"VPN": {
"VPN": 4
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"K-233": 1,
"P-224": 10,
"P-256": 6,
"P-384": 14,
"P-521": 6,
"secp160k1": 1,
"secp160r1": 1,
"secp160r2": 1,
"secp192k1": 1,
"secp192r1": 1,
"secp224k1": 1,
"secp256k1": 1,
"sect163k1": 1,
"sect163r2": 1,
"sect193r1": 1,
"sect193r2": 1,
"sect233k1": 1,
"sect233r1": 1,
"sect239k1": 1,
"sect283k1": 1,
"sect283r1": 1,
"sect409k1": 1,
"sect409r1": 1,
"sect571k1": 1,
"sect571r1": 1
}
},
"eval_facility": {},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"HMAC-SHA-1": 6,
"HMAC-SHA-224": 2,
"HMAC-SHA-256": 4,
"HMAC-SHA-384": 4,
"HMAC-SHA-512": 2,
"PKCS#1": 2,
"PKCS#12": 2,
"PKCS#5": 2,
"PKCS1": 8,
"SHA- 224": 1,
"SHA- 384": 2,
"SHA- 512": 1,
"SHA-1": 4,
"SHA-224": 5,
"SHA-256": 11,
"SHA-384": 7,
"SHA-512": 7
}
},
"fips_security_level": {
"Level": {
"Level 1": 1
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 4
},
"SHA2": {
"SHA-224": 5,
"SHA-256": 11,
"SHA-384": 7,
"SHA-512": 7
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 17
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 3,
"FIPS 180-4": 3,
"FIPS 186-4": 4,
"FIPS 197": 3,
"FIPS 198-1": 3,
"FIPS 202": 1
},
"NIST": {
"SP 800-38B": 1,
"SP 800-38C": 1,
"SP 800-38D": 3,
"SP 800-52": 2,
"SP 800-56A": 1,
"SP 800-90A": 1
},
"PKCS": {
"PKCS#1": 1,
"PKCS#12": 1,
"PKCS#5": 1,
"PKCS1": 4
},
"RFC": {
"RFC 5288": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 5,
"AES-": 1
}
},
"DES": {
"3DES": {
"TDEA": 1
}
},
"constructions": {
"MAC": {
"CMAC": 1,
"HMAC": 7,
"HMAC-SHA-224": 2,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2
}
}
},
"tee_name": {
"IBM": {
"SSC": 2
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Admin",
"/CreationDate": "D:20231120213053-08\u002700\u0027",
"/Creator": "PScript5.dll Version 5.2.2",
"/ModDate": "D:20231120213053-08\u002700\u0027",
"/Producer": "GPL Ghostscript 8.64",
"/Title": "Microsoft Word - FIPS_Security_Policy_PAN_Prisma_11_20_2023.docx",
"pdf_file_size_bytes": 160961,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 13
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "8c2912cbd37525909e42bc8988da611c34cf7701c1c7885dbfb81725ec3943c2",
"policy_txt_hash": "ae9c3c866c9e751348b48235bce027d623ed3359644367c3fc563b7291f7596f"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode. When operated per the Security Policy. No assurance of minimum security of keys and bit strings that are externally loaded, or of keys and CSPs established with externally loaded bit strings",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/December 2023_020124_0656.pdf",
"date_sunset": "2026-09-21",
"description": "The Palo Alto Networks Controller allows operators the ability to manage ION devices to administer security policy rules and provides various application and network analytics.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical Security: N/A",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Prisma SD-WAN Controller\u0027s Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "active",
"sw_versions": "1.0",
"tested_conf": [
"JDK 11.0.10 on Ubuntu 14.04 running on Dell Power Edge R740 with Intel(R) Xeon(R) Platinum 8260 CPU @ 2.40GHz with PAA",
"JDK 11.0.10 on Ubuntu 14.04 running on Dell Power Edge R740 with Intel(R) Xeon(R) Platinum 8260 CPU @ 2.40GHz without PAA (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2023-12-05",
"lab": "ADVANCED DATA SECURITY LLC",
"validation_type": "Initial"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}