This page was not yet optimized for use on mobile devices.
Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200 and ION 9000
Certificate #4704
Webpage information ?
Security policy ?
Symmetric Algorithms
AES-, AES, CAST, HMACAsymmetric Algorithms
RSA 2048, ECDHE, ECDSA, ECC, Diffie-HellmanHash functions
SHA-1Schemes
MAC, Key AgreementProtocols
SSH, TLS 1.2, TLSv1.2, TLS, IKEv2, IKERandomness
DRBG, RBGElliptic Curves
P-256, P-384, P-521, P-224, curve P-256Block cipher modes
ECB, CBC, CTR, GCMTrusted Execution Environments
PSPSecurity level
Level 1, level 2, Level 2Certification process
out of scope, of the TELs as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The ION 1200 requires 3 tamper evident labels while the ION 1200-C-NA/IONStandards
FIPS 140-3, FIPS 197, FIPS140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-38D, SP 800-38A, SP 800-52, SP 800-90B, PKCS#1, RFC 5288, ISO/IEC 24759File metadata
| Author | Richard Wang |
|---|---|
| Creation date | D:20240531170038-04'00' |
| Modification date | D:20240531170038-04'00' |
| Pages | 29 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
08.07.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf.
- The certificate_pdf_url property was set to
-
04.07.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4704,
"dgst": "68f2e33049d2b239",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA KeyGen (FIPS186-4)A2386",
"Counter DRBGA2385",
"HMAC-SHA2-384A2388",
"AES-ECBA2385",
"HMAC-SHA-1A2385",
"HMAC-SHA2-224A2385",
"KDF TLSA2386",
"SHA2-512A2388",
"RSA SigVer (FIPS186-4)RSA 1820",
"ECDSA SigVer (FIPS186-4)A2385",
"AES-GCMA2386",
"HMAC-SHA2-512A2388",
"HMAC DRBGA2386",
"ECDSA KeyVer (FIPS186-4)A2386",
"SHA2-384A2388",
"SHA-1SHS 2920",
"ECDSA SigGen (FIPS186-4)A2385",
"RSA KeyGen (FIPS186-4)A2385",
"KAS-ECC-SSC Sp800-56Ar3A2386",
"HMAC-SHA2-256A2388",
"SHA2-224A2386",
"AES-CTRA2385",
"SHA2-256SHS 2920",
"RSA SigGen (FIPS186-4)A2385",
"AES-CBCA2388"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"5.6.3"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 19
},
"ECDH": {
"ECDHE": 33
},
"ECDSA": {
"ECDSA": 44
}
},
"FF": {
"DH": {
"Diffie-Hellman": 9
}
},
"RSA": {
"RSA 2048": 3
}
},
"certification_process": {
"OutOfScope": {
"of the TELs as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The ION 1200 requires 3 tamper evident labels while the ION 1200-C-NA/ION": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 1
},
"GCM": {
"GCM": 4
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 3,
"IKEv2": 7
},
"SSH": {
"SSH": 38
},
"TLS": {
"TLS": {
"TLS": 50,
"TLS 1.2": 2,
"TLSv1.2": 24
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"MAC": {
"MAC": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 20,
"P-256": 41,
"P-384": 24,
"P-521": 26,
"curve P-256": 1
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1,
"#1819": 2,
"#1820": 2,
"#2919": 3,
"#2920": 3
}
},
"fips_certlike": {
"Certlike": {
"AES- 256": 1,
"AES-CBC 128": 2,
"AES-CBC 256": 4,
"AES-GCM 256": 4,
"Cert. #1819 RSA": 1,
"Cert. #1820 RSA": 1,
"Cert. #2919 SHS": 2,
"Cert. #2920 SHS": 2,
"HMAC-SHA-1": 22,
"HMAC-SHA-1 160": 2,
"PKCS#1": 14,
"RSA 2048": 3,
"SHA-1": 16,
"SHA2-224": 4,
"SHA2-256": 26,
"SHA2-384": 7,
"SHA2-512": 10,
"SHS Cert. #2919": 3,
"SHS Cert. #2920": 2
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 3,
"level 2": 1
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 16
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 49
},
"RNG": {
"RBG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 12,
"FIPS 180-4": 23,
"FIPS 186-4": 19,
"FIPS 197": 8,
"FIPS 198-1": 14,
"FIPS140-3": 2
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-38A": 3,
"SP 800-38D": 5,
"SP 800-52": 1,
"SP 800-90B": 3
},
"PKCS": {
"PKCS#1": 7
},
"RFC": {
"RFC 5288": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 15,
"AES-": 1
},
"CAST": {
"CAST": 1
}
},
"constructions": {
"MAC": {
"HMAC": 31
}
}
},
"tee_name": {
"AMD": {
"PSP": 7
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Richard Wang",
"/CreationDate": "D:20240531170038-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20240531170038-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"pdf_file_size_bytes": 1590418,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-sd-wan/prisma-sd-wan-admin/prisma-sd-wan-admin.pdf",
"http://www.paloaltonetworks.com/",
"about:blank"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 29
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "80524b113f3f3e5711f8cee6b1daeb7bbdf8ab08cfa92755812bead597731058",
"policy_txt_hash": "a642e713f58188efe72f72b4b2b700ce925c5efa163929ab1a464af78b7ecd9e"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "The tamper evident seals installed as indicated in the Security Policy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf",
"date_sunset": "2029-06-06",
"description": "The Palo Alto Networks Prisma SD-WAN ION 1200, ION 1200-C-NA, ION 1200-C-ROW, ION 1200-C-5G-WW devices are multi-chip standalone modules that enable integration of heterogeneous WAN links, provide confident integration of the cloud, improve application performance/visibility, and reduce overall cost and complexity of customers WAN. Prisma SD-WAN ION 9000 is a multi-chip standalone module designed for the data center to create a secure SD-WAN fabric across branches and data centers. It is designed to install seamlessly in the data center by peering with adjacent data center devices using traditional, standards-based routing protocols.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Operational environment: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": "5.6.3",
"historical_reason": null,
"hw_versions": "[ION 1200, ION 1200-C-NA, ION 1200-C-ROW, and ION 1200-C-5G-WW] with FIPS Kit (P/N 920-000363), and ION 9000 with FIPS Kit (P/N 920-000311)",
"level": 2,
"mentioned_certs": {},
"module_name": "Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200 and ION 9000",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-06-07",
"lab": "GOSSAMER SECURITY SOLUTIONS INC",
"validation_type": "Initial"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}