This page was not yet optimized for use on mobile devices.
Panorama Virtual Appliance 10.1
Certificate #4805
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, CAST, DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMACAsymmetric Algorithms
RSA 2048, RSA 3072, RSA 4096, ECDH, ECDSA, DH, Diffie-HellmanHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA2, MD5Schemes
Key ExchangeProtocols
SSH, SSHv2, TLS, TLS1.2, TLS v1.2, TLSv1.1, TLSv1.0, TLS v1.1, TLS 1.2, IKEv2Randomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, GCM, CCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384Vendor
MicrosoftSecurity level
level 1, Level 1Certification process
out of scope, in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Selecting Panorama, Management-Only, and Log Collector System Modes The, integrity test. Any software loaded into this module that is not shown on the module certificate is out of scope of this validation, and requires a separate FIPS 140-3 validation. 6. Operational Environment TheStandards
FIPS 140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 186-2, SP 800-90B, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-52, SP 800-63B, SP 800-140F, SP 800-56A, PKCS#1, RFC 3526, RFC 5288, RFC 5246, ISO/IEC 24759File metadata
| Modification date | D:20250224152746--05'00 |
|---|---|
| Pages | 25 |
| Producer | Skia/PDF m135 Google Docs Renderer |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
04.04.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The validation_history property was updated, with the
[[1, {'_type': 'sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry', 'date': '2025-03-13', 'validation_type': 'Update', 'lab': 'LEIDOS CSTL'}]]values inserted. - The caveat property was set to
When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy.
The PDF extraction data was updated.
- The keywords property was updated, with the
{'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 2}, '__update__': {'SSH': 66}}}}}data. - The policy_metadata property was updated, with the
{'pdf_file_size_bytes': 599915, '/ModDate': "D:20250224152746--05'00", '/Producer': 'Skia/PDF m135 Google Docs Renderer'}data.
The state was updated.
- The policy_pdf_hash property was set to
ee98238c6d645edbd3bab46b17bd859ba373e57eb98ca54312643731720dbf7d. - The policy_txt_hash property was set to
92d43f3bda02308daf783c4d4ef4a2e505208228764a77d7ade2a0fc1565ec67.
- The validation_history property was updated, with the
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
14.10.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf.
- The certificate_pdf_url property was set to
-
01.10.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name Panorama Virtual Appliance 10.1 was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4805,
"dgst": "b3e34e9fe5a79d4e",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"KAS-ECC-SSC Sp800-56Ar3A2244",
"RSA KeyGen (FIPS186-4)A2244",
"Safe Primes Key GenerationA2244",
"KDF TLSA2244",
"HMAC-SHA2-512A2244",
"Counter DRBGA2244",
"SHA2-512A2244",
"HMAC-SHA2-256A2244",
"AES-CBCA2244",
"HMAC-SHA2-384A2244",
"KAS-FFC-SSC Sp800-56Ar3A2244",
"SHA2-256A2244",
"AES-CFB128A2244",
"AES-CTRA2244",
"HMAC-SHA2-224A2244",
"KDF SNMPA2244",
"RSA SigGen (FIPS186-4)A2244",
"ECDSA KeyGen (FIPS186-4)A2244",
"SHA-1A2244",
"ECDSA KeyVer (FIPS186-4)A2244",
"AES-GCMA2244",
"SHA2-384A2244",
"ECDSA SigVer (FIPS186-4)A2244",
"RSA SigVer (FIPS186-4)A2244",
"SHA2-224A2244",
"HMAC-SHA-1A2244",
"Conditioning Component AES-CBC-MAC SP800-90BA1791",
"Safe Primes Key VerificationA2244",
"KDF SSHA2244",
"ECDSA SigGen (FIPS186-4)A2244"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"10.1"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 1
},
"ECDSA": {
"ECDSA": 52
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 2
}
},
"RSA": {
"RSA 2048": 10,
"RSA 3072": 2,
"RSA 4096": 2
}
},
"certification_process": {
"OutOfScope": {
"in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Selecting Panorama, Management-Only, and Log Collector System Modes The": 1,
"integrity test. Any software loaded into this module that is not shown on the module certificate is out of scope of this validation, and requires a separate FIPS 140-3 validation. 6. Operational Environment The": 1,
"out of scope": 2
}
},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CCM": {
"CCM": 2
},
"CTR": {
"CTR": 4
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 11
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKEv2": 1
},
"SSH": {
"SSH": 66,
"SSHv2": 2
},
"TLS": {
"TLS": {
"TLS": 80,
"TLS 1.2": 1,
"TLS v1.1": 1,
"TLS v1.2": 1,
"TLS1.2": 1,
"TLSv1.0": 3,
"TLSv1.1": 1
}
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 6
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 40,
"P-384": 30,
"P-521": 30
}
},
"eval_facility": {},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES (128": 1,
"AES 128/192/256": 1,
"AES 256": 3,
"HMAC-SHA-1": 32,
"HMAC-SHA-256": 10,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2,
"PKCS#1": 4,
"RSA 2048": 10,
"RSA 3072": 2,
"RSA 4096": 2,
"SHA-1": 6,
"SHA-1, 256": 1,
"SHA-256": 9,
"SHA-384": 1,
"SHA-512": 3,
"SHA2": 4,
"SHA2-224": 3,
"SHA2-256": 7,
"SHA2-384": 4,
"SHA2-512": 4
}
},
"fips_security_level": {
"Level": {
"Level 1": 5,
"level 1": 1
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 5
}
},
"SHA": {
"SHA1": {
"SHA-1": 7
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 10,
"SHA-384": 2,
"SHA-512": 4,
"SHA2": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 48
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 13,
"FIPS 180-4": 5,
"FIPS 186-2": 1,
"FIPS 186-4": 62,
"FIPS 198-1": 6
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-140F": 1,
"SP 800-38A": 4,
"SP 800-38D": 2,
"SP 800-38F": 4,
"SP 800-52": 1,
"SP 800-56A": 12,
"SP 800-63B": 1,
"SP 800-90B": 8
},
"PKCS": {
"PKCS#1": 2
},
"RFC": {
"RFC 3526": 2,
"RFC 5246": 1,
"RFC 5288": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 17
},
"CAST": {
"CAST": 1
}
},
"DES": {
"DES": {
"DES": 1
}
},
"constructions": {
"MAC": {
"CMAC": 1,
"HMAC": 19,
"HMAC-SHA-256": 5,
"HMAC-SHA-384": 1,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {
"TLS": {
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {
"Microsoft": {
"Microsoft": 2
}
},
"vulnerability": {}
},
"policy_metadata": {
"/ModDate": "D:20250224152746--05\u002700",
"/Producer": "Skia/PDF m135 Google Docs Renderer",
"/Title": "",
"pdf_file_size_bytes": 599915,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/panorama/10-1/panorama-admin/panorama-admin.pdf",
"https://support.paloaltonetworks.com/Support/Index",
"https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin.html",
"http://www.paloaltonetworks.com"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 25
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "ee98238c6d645edbd3bab46b17bd859ba373e57eb98ca54312643731720dbf7d",
"policy_txt_hash": "92d43f3bda02308daf783c4d4ef4a2e505208228764a77d7ade2a0fc1565ec67"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
"date_sunset": "2029-09-22",
"description": "Panorama offers easy-to-implement, centralized management features that provide insight into network-wide traffic and simplify configurations.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, services, and authentication: Level 3",
"Physical security: N/A",
"Non-invasive security: N/A",
"Life-cycle assurance: Level 3",
"Mitigation of other attacks: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Panorama Virtual Appliance 10.1",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "10.1.5",
"tested_conf": [
"Hyper-V 2019 on Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an with Intel Xeon Gold 6248",
"KVM 4 on Ubuntu 20.04 running on a Dell PowerEdge R740 with an with Intel Xeon Gold 6248",
"VMware ESXi 7 running on a Dell PowerEdge R740 with an with Intel Xeon Gold 6248"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-09-23",
"lab": "LEIDOS CSTL",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2025-03-13",
"lab": "LEIDOS CSTL",
"validation_type": "Update"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}