Firepower Next-Generation IPS Virtual VMware Cryptographic Module

Certificate #4734

Webpage information ?

Status active
Validation dates 22.07.2024
Sunset date 21-07-2026
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The virtualized offering of the Cisco FirePOWER next-generation IPS (NGIPS) solution providing the Industry-leading threat protection. Real-time contextual awareness. Full-stack visibility. Intelligent security automation. This virtualized highly effective intrusion prevention system provides reliable performance and a low total cost of ownership. Threat protection can be expanded with optional subscription licenses to provide Advanced Malware Protection (AMP), application visibility and control, and URL filtering capabilities.
Tested configurations
  • Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA
  • Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA
  • Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA
  • Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, CAST, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DH
Hash functions
SHA-1, SHA-256
Schemes
MAC, Key Agreement
Protocols
SSH, TLSv1.2, TLS v1.2, TLS
Randomness
DRBG, RBG
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
CBC, GCM

Trusted Execution Environments
PSP, SSC
Vendor
Cisco Systems, Inc, Cisco

Security level
Level 1, level 1

Standards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS140-3, FIPS 180-4, SP 800-140, SP 800-38D, SP 800-52, NIST SP 800-140F, SP 800-90A, RFC7627, RFC 5288, ISO/IEC 19790, ISO/IEC 24759

File metadata

Title Security Policy
Subject FIPS 140 Security Policy
Author Steven Ratcliffe (steratcl)
Creation date D:20240610171655-04'00'
Modification date D:20240610171655-04'00'
Pages 18
Creator Microsoft® Word 2016
Producer Microsoft® Word 2016

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 12.08.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf.
  • 24.07.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4734,
  "dgst": "1e8be1a00f7702b3",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "RSA SigGen (FIPS186-4)A3376",
        "Safe Primes Key GenerationA3376",
        "HMAC-SHA2-384A3376",
        "ECDSA SigVer (FIPS186-4)A3376",
        "Counter DRBGA3376",
        "TLS v1.2 KDF RFC7627A3376",
        "ECDSA SigGen (FIPS186-4)A3376",
        "HMAC-SHA2-512A3376",
        "AES-GCMA3376",
        "RSA KeyGen (FIPS186-4)A3376",
        "RSA SigVer (FIPS186-4)A3376",
        "SHA-1A3376",
        "SHA2-384A3376",
        "KDF SSHA3376",
        "SHA2-256A3376",
        "HMAC-SHA-1A3376",
        "HMAC-SHA2-256A3376",
        "AES-CBCA3376",
        "ECDSA KeyVer (FIPS186-4)A3376",
        "ECDSA KeyGen (FIPS186-4)A3376",
        "SHA2-512A3376"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 6
          },
          "ECDH": {
            "ECDH": 1
          },
          "ECDSA": {
            "ECDSA": 38
          }
        },
        "FF": {
          "DH": {
            "DH": 1,
            "Diffie-Hellman": 16
          }
        },
        "RSA": {
          "RSA 2048": 2
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "GCM": {
          "GCM": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "SSH": {
          "SSH": 27
        },
        "TLS": {
          "TLS": {
            "TLS": 24,
            "TLS v1.2": 9,
            "TLSv1.2": 17
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2
        },
        "MAC": {
          "MAC": 2
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 28,
          "P-384": 12,
          "P-521": 12
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES-256": 1,
          "AES-CBC 256": 2,
          "AES-GCM 256": 2,
          "HMAC-SHA- 1": 2,
          "HMAC-SHA-1": 12,
          "HMAC-SHA-256": 2,
          "HMAC-SHA-384": 2,
          "HMAC-SHA-512": 2,
          "PAA 2": 1,
          "PAA 3": 1,
          "RSA 2048": 2,
          "SHA-1": 6,
          "SHA-256": 4,
          "SHA2-256": 6,
          "SHA2-384": 6,
          "SHA2-512": 5
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 6
          },
          "SHA2": {
            "SHA-256": 4
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 14
        },
        "RNG": {
          "RBG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 9,
          "FIPS 180-4": 4,
          "FIPS 186-4": 11,
          "FIPS 197": 2,
          "FIPS 198-1": 4,
          "FIPS140-3": 2
        },
        "ISO": {
          "ISO/IEC 19790": 4,
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "NIST SP 800-140F": 1,
          "SP 800-140": 1,
          "SP 800-38D": 1,
          "SP 800-52": 1,
          "SP 800-90A": 1
        },
        "RFC": {
          "RFC 5288": 1,
          "RFC7627": 13
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 5,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 2
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 7,
            "HMAC-SHA-256": 1,
            "HMAC-SHA-384": 1,
            "HMAC-SHA-512": 1
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 6
        },
        "IBM": {
          "SSC": 6
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 4,
          "Cisco Systems, Inc": 20
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Steven Ratcliffe (steratcl)",
      "/CreationDate": "D:20240610171655-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word 2016",
      "/ModDate": "D:20240610171655-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word 2016",
      "/Subject": "FIPS 140 Security Policy",
      "/Title": "Security Policy",
      "pdf_file_size_bytes": 572577,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-c-series-rack-servers/c220m5-sff-specsheet.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 18
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "9c5850c15106f6e575a18e879e957d485eb0d3ab71dc25c70ef9a20c44ecc7f9",
    "policy_txt_hash": "3c56e8c134e52fe48223b2e3c9abaa9f9140ed9064ad1b656bb03265401f18b9"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf",
    "date_sunset": "2026-07-21",
    "description": "The virtualized offering of the Cisco FirePOWER next-generation IPS (NGIPS) solution providing the Industry-leading threat protection. Real-time contextual awareness. Full-stack visibility. Intelligent security automation. This virtualized highly effective intrusion prevention system provides reliable performance and a low total cost of ownership. Threat protection can be expanded with optional subscription licenses to provide Advanced Malware Protection (AMP), application visibility and control, and URL filtering capabilities.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Firepower Next-Generation IPS Virtual VMware Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "7.0.5",
    "tested_conf": [
      "Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
      "Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA",
      "Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA",
      "Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-07-22",
        "lab": "GOSSAMER SECURITY SOLUTIONS INC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}