This page was not yet optimized for use on mobile devices.
Panorama 11.0 M-200, M-300, M-600 and M-700
Certificate #4927
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, CAST, DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMACAsymmetric Algorithms
RSA 2048, RSA 3072, RSA 4096, ECDH, ECDSA, DH, Diffie-HellmanHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA2Schemes
Key ExchangeProtocols
SSH, TLS v1.2, TLS1.2, TLS, TLSv1.2, TLS 1.2, IKEv2Randomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, GCM, CCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384Security level
level 2, Level 2, Level 1Certification process
out of scope, in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Zeroization The following procedure will zeroize the module and must beStandards
FIPS 140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 186-2, SP 800-90B, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-52, SP 800-63B, SP 800-140F, SP 800-56A, PKCS#1, RFC 3526, RFC7627, RFC 5288, RFC 5246, ISO/IEC 24759File metadata
| Title | Panorama HW 11.0 Security Policy-Interim-24.11.25.docx |
|---|---|
| Pages | 46 |
| Producer | Skia/PDF m133 Google Docs Renderer |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
23.12.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name Panorama 11.0 M-200, M-300, M-600 and M-700 was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4927,
"dgst": "89a2b0dbfdbdf114",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"TLS v1.2 KDF RFC7627A3453",
"AES-CFB128A3453",
"HMAC-SHA2-384A3453",
"RSA KeyGen (FIPS186-4)A3453",
"KAS-FFC-SSC Sp800-56Ar3A3453",
"AES-CBCA3453",
"KDF SSHA3453",
"SHA2-224A3453",
"SHA2-384A3453",
"ECDSA KeyVer (FIPS186-4)A3453",
"RSA SigGen (FIPS186-4)A3453",
"SHA2-256A3453",
"ECDSA SigGen (FIPS186-4)A3453",
"HMAC-SHA-1A3453",
"SHA2-512A3453",
"RSA SigVer (FIPS186-4)A3453",
"AES-GCMA3453",
"Counter DRBGA3453",
"Safe Primes Key GenerationA3453",
"KDF SNMPA3453",
"AES-CTRA3453",
"HMAC-SHA2-224A3453",
"ECDSA KeyGen (FIPS186-4)A3453",
"ECDSA SigVer (FIPS186-4)A3453",
"HMAC-SHA2-512A3453",
"HMAC-SHA2-256A3453",
"SHA-1A3453",
"Safe Primes Key VerificationA3453",
"KAS-ECC-SSC Sp800-56Ar3A3453",
"Conditioning Component AES-CBC-MAC SP800-90BA2518"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"11.0",
"11.0.4"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 1
},
"ECDSA": {
"ECDSA": 57
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 2
}
},
"RSA": {
"RSA 2048": 10,
"RSA 3072": 2,
"RSA 4096": 2
}
},
"certification_process": {
"OutOfScope": {
"in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Zeroization The following procedure will zeroize the module and must be": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CCM": {
"CCM": 2
},
"CTR": {
"CTR": 4
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 11
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKEv2": 1
},
"SSH": {
"SSH": 64
},
"TLS": {
"TLS": {
"TLS": 68,
"TLS 1.2": 1,
"TLS v1.2": 17,
"TLS1.2": 1,
"TLSv1.2": 1
}
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 6
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 40,
"P-384": 30,
"P-521": 30
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#11": 2,
"#12": 2,
"#13": 2,
"#14": 2,
"#15": 2,
"#18": 2,
"#19": 2
}
},
"fips_certlike": {
"Certlike": {
"# A3453": 3,
"AES (128": 1,
"AES 256": 3,
"HMAC-SHA-1": 24,
"HMAC-SHA-256": 10,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2,
"PKCS#1": 4,
"RSA 2048": 10,
"RSA 3072": 2,
"RSA 4096": 2,
"SHA-1": 4,
"SHA-256": 9,
"SHA-384": 2,
"SHA-512": 3,
"SHA2": 4,
"SHA2-224": 3,
"SHA2-256": 6,
"SHA2-384": 4,
"SHA2-512": 3
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 3,
"level 2": 1
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 4
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 10,
"SHA-384": 3,
"SHA-512": 4,
"SHA2": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 48
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 10,
"FIPS 180-4": 5,
"FIPS 186-2": 1,
"FIPS 186-4": 60,
"FIPS 198-1": 6
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-140F": 1,
"SP 800-38A": 4,
"SP 800-38D": 2,
"SP 800-38F": 4,
"SP 800-52": 1,
"SP 800-56A": 10,
"SP 800-63B": 2,
"SP 800-90B": 11
},
"PKCS": {
"PKCS#1": 2
},
"RFC": {
"RFC 3526": 2,
"RFC 5246": 1,
"RFC 5288": 2,
"RFC7627": 16
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 15
},
"CAST": {
"CAST": 1
}
},
"DES": {
"DES": {
"DES": 1
}
},
"constructions": {
"MAC": {
"CMAC": 1,
"HMAC": 19,
"HMAC-SHA-256": 5,
"HMAC-SHA-384": 1,
"HMAC-SHA-512": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {
"TLS": {
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Producer": "Skia/PDF m133 Google Docs Renderer",
"/Title": "Panorama HW 11.0 Security Policy-Interim-24.11.25.docx",
"pdf_file_size_bytes": 4573243,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin.html",
"http://www.paloaltonetworks.com"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 46
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "d26ebc4774af226f1bd44b9f27d49c29b3d6cdaeb63e7ecd07f846046743d0f6",
"policy_txt_hash": "96cbfe42b66b27a4e774fe845a86c44d1f7a76381f5a08afdf269b3d96d56708"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and physical kit installed as indicated in the Security Policy",
"certificate_pdf_url": null,
"date_sunset": "2026-12-18",
"description": "Panorama M-Series management appliances provide centralized management and visibility of Palo Alto Networks next generation firewalls. From a central location, you can gain insight into applications, users, and content traversing the firewalls. The knowledge of what is on the network, in conjunction with safe application enablement policies, maximizes protection and control while minimizing administrative effort. Your security team can centrally perform analysis, reporting, and forensics with the aggregated data over time, or on data stored on the local firewall.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, services, and authentication: Level 3",
"Operational environment: N/A",
"Non-invasive security: N/A",
"Life-cycle assurance: Level 3",
"Mitigation of other attacks: N/A"
],
"fw_versions": "11.0.4",
"historical_reason": null,
"hw_versions": "910-000175 with 920-000209, 910-000176 with 920-000208, 910-000270 with 920-000318, 910-000271 with 920-000319",
"level": 2,
"mentioned_certs": {},
"module_name": "Panorama 11.0 M-200, M-300, M-600 and M-700",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-12-19",
"lab": "LEIDOS CSTL",
"validation_type": "Initial"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}