| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Historical |
| Caveat | Interim Validation. When installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys) |
| Vendor | Cisco Systems, Inc. |
flowchart LR
%% Deterministic review-risk graph for Adaptive Security Appliance Virtual Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>recovery<br/>upgrade</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Adaptive Security Appliance Virtual Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>recovery<br/>upgrade</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Cisco Systems, Inc. ISO/IEC 19790 and FIPS 140-3 Non-Proprietary Security Policy for Adaptive Security Appliance Virtual Cryptographic Module Last Updated: June 17, 2024, Version 0.4 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Table of Content List of Figures List of Tables
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | N/A |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | N/A |
Virtual Cryptographic Module (hereinafter referred to as ASAv or the Module), software version 9.16.4. The following details how this module meets the security requirements of FIPS 140-3, The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic actual security levels for each area of the cryptographic module. N/A N/A N/A Table 1 Security Levels The module has an overall security level of 1. The Module is a multi-chip standalone software module deployed as the virtualized version of the Cisco Firepower Threat Defense which houses ASA, FX-OS and Firepower solutions with underlying operating system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FX-OS throughout this document). This solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security, secure unified communications, TLSv1.2, SSHv2, IPSec/IKEv2 and Cryptographic Cipher Suite B, which delivers enterprise-class security for business-to-enterprise networks in a virtual environment. The module has been tested on the following Operational Environments.
| Name | Operating System | Hardware Platform | Processor | Paa Pai | |
|---|---|---|---|---|---|
| 1 | Linux 4 (FX-OS) on VMware ESXi 6.7 | UCS C220 M5 SFF Server | INTEL Skylake 6128 (Skylake) | With PAA | 1 |
| 2 | Linux 4 (FX-OS) on VMware ESXi 6.7 | UCS C220 M5 SFF Server | INTEL Skylake 6128 (Skylake) | Without PAA | 2 |
| 3 | Linux 4 (FX-OS) on VMware ESXi 7.0 | UCS C220 M5 SFF Server | INTEL Skylake 6128 (Skylake) | With PAA | 3 |
| 4 | Linux 4 (FX-OS) on VMware ESXi 7.0 | UCS C220 M5 SFF Server | INTEL Skylake 6128 (Skylake) | Without PAA | 4 |
| 5 | Linux 4 (FX-OS) on NFVIS 4.4 | ENCS 5412 Server | Intel Xeon Processor D-1557 (Broadwell) | With PAA | 5 |
| 6 | Linux 4 (FX-OS) on NFVIS 4.4 | ENCS 5412 Server | Intel Xeon Processor D-1557 (Broadwell) | Without PAA | 6 |
# Table 2 Tested Operational Environment Figure 1 UCS C220 M5 front view with Bezel Figure 2 UCS C220 M5 front view without Bezel Figure 3 UCS C220 M5 rear view Figure 4 ENCS 5412 front view1 Figure 5 ENCS 5412 rear view
1 https://www.cisco.com/c/dam/global/da_dk/assets/training/seminaria-materials/enterprise_network_compute_system_encs_.pdf
| Name | Operating System | Hardware Platform | |
|---|---|---|---|
| 1 | Linux 4 (FX-OS) | C220 M5 w/KVM/AWS | 1 |
| 2 | Linux 4 (FX-OS) | C240 M5 w/ESXi/KVM/AWS | 2 |
| 3 | Linux 4 (FX-OS) | C480 M5 w/ESXi/KVM/AWS | 3 |
| 4 | Linux 4 (FX-OS) | E160-M3 w/ESXi/KVM/AWS | 4 |
| 5 | Linux 4 (FX-OS) | E180D-M3 w/ESXi/KVM/AWS | 5 |
| 6 | Linux 4 (FX-OS) | ENCS 5406 | 6 |
| 7 | Linux 4 (FX-OS) | ENCS 5408 | 7 |
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| AES [FIPS 197; SP800-38A] | A2952 and A3376 | CBC | Key Length: 128 and 256 bits | Symmetric encryption and decryption |
| AES [FIPS 197; SP 800-38D] | A2952 and A3376 | GCM | Key Length: 128 and 256 bits | Authenticated symmetric encryption and decryption |
| KDF SSH [SP 800-135rev1] (CVL) | A2952 and A3376 | KDF SSH | N/A | Key derivation function used in SSHv2 |
| TLS v1.2 KDF RFC7627 [RFC7627] (CVL) | A2952 and A3376 | TLS v1.2 KDF with RFC7627 | N/A | Key derivation function used in TLSv1.2 (RFC7627) with extended master secret |
| KDF IKEv2 [SP 800-135rev1] (CVL) | A2952 and A3376 | KDF IKEv2 | N/A | Key derivation function used in IPSec/IKEv2 |
| CTR_DRBG [SP 800-90Arev1] | A2952 and A3376 | AES-256 Derivation Function Enabled; Prediction Resistance: Yes | N/A | Deterministic Random Bit Generators (DRBG); uses an algorithm to produce random output |
| ECDSA [FIPS 186-4] | A2952 and A3376 | ECDSA KeyGen | Curves: P-256, P-384, P-521 | ECDSA keypair generation |
| ECDSA [FIPS 186-4] | A2952 and A3376 | ECDSA KeyVer | Curves: P-256, P-384, P-521 | ECDSA keypair verification |
| ECDSA [FIPS 186-4] | A2952 and A3376 | ECDSA SigGen | Curves: P-256, P-384, P-521 | ECDSA signature generation |
| ECDSA [FIPS 186-4] | A2952 and A3376 | ECDSA SigVer | Curves: P-256, P-384, P-521 | ECDSA signature verification |
| HMAC [FIPS 198-1] | A2952 and A3376 | HMAC-SHA-1 | Key Length: 112 bits or greater | Keyed hash |
| HMAC [FIPS 198-1] | A2952 and A3376 | HMAC-SHA2-256 | Key Length: 112 bits or greater | Keyed hash |
| HMAC [FIPS 198-1] | A2952 and A3376 | HMAC-SHA2-384 | Key Length: 112 bits or greater | Keyed hash |
| HMAC [FIPS 198-1] | A2952 and A3376 | HMAC-SHA2-512 | Key Length: 112 bits or greater | Keyed hash |
| KAS-SSC [SP 800-56Arev3] | A2952 and A3376 | KAS-ECC-SSC: Scheme: ephemeralUnified: KAS Role: initiator, responder | Curves: P-256, P-384, P-521 | KAS-ECC shared secret computation |
| KAS [SP800-56Arev3] | A2952 and A3376 | KAS (ECC): Scheme: ephemeralUnified KAS Role: initiator, responder KAS (KAS-SSC Cert. #A2952, TLSv1.2 KDF RFC7627 Cert. A#2952, or KDF IKEv2 Cert. #A2952) KAS (KAS-SSC Cert. #A3376, TLSv1.2 KDF RFC7627 Cert. A#3376, or KDF IKEv2 Cert. #A3376) | Curves: P-256, P-384 and P-521 with TLSv1.2 KDF RFC 7627, or KDF IKEv2 (SP800-135rev1) Key establishment methodology provides between 128 and 256 bits of encryption strength | Key Agreement Scheme per SP800-56Arev3 with key derivation function (SP800- 135rev1) Note: The module’s KAS (ECC) implementation is FIPS 140-3 IG D.F Scenario 2 (path 2) compliant |
| KAS-SSC [SP 800-56Arev3] | A2952 and A3376 | KAS-FFC-SSC: Scheme: dhEphem: KAS Role: initiator, responder | MODP-2048 | KAS-FFC shared secret computation |
| KAS [SP 800-56Arev3] | A2952 and A3376 | KAS (FFC): Scheme: dhEphem KAS Role: initiator, responder KAS (KAS-SSC Cert. #A2952, KDF SSH Cert. #A2952, or KDF IKEv2 Cert. #A2952) KAS (KAS-SSC Cert. #A3376, KDF SSH Cert. #A3376, or KDF IKEv2 Cert. #A3376) | MODP-2048 with KDF SSH or KDF IKEv2 (SP800- 135rev1) Key establishment methodology provides 112 bits of encryption strength | Key Agreement Scheme per SP800-56Arev3 with key derivation function (SP800- 135rev1) Note: The module’s KAS (FFC) implementation is FIPS 140-3 IG D.F Scenario 2 (path 2) compliant |
| RSA [FIPS 186-4] | A2952 and A3376 | RSA KeyGen: - Mode: B.3.4 - 2048/3072 modulus | Modulus: 2048/3072 | RSA keypair generation |
| RSA [FIPS 186-4] | A2952 and A3376 | RSA SigGen: - PKCSv1.5 - 2048/3072 modulus with SHA-256/384/512 | Modulus: 2048/3072 | RSA signature generation |
| RSA [FIPS 186-4] | A2952 and A3376 | RSA SigVer: - PKCSv1.5 - 2048/3072 modulus with SHA-256/384/512 | Modulus: 2048/3072 | RSA signature verification |
| Safe Primes Key Generation [SP 800-56Arev3] | A2952 and A3376 | KeyGen for KAS-SSC (FFC) | Safe Prime Groups: MODP-2048 | KAS-FFC Keypair domain parameters generation |
| SHS [FIPS 180-4] | A2952 and A3376 | SHA-1 | N/A | Message digest Note: SHA-1 is not used for digital signature generation |
| SHS [FIPS 180-4] | A2952 and A3376 | SHA2-256 | N/A | Message digest |
| SHS [FIPS 180-4] | A2952 and A3376 | SHA2-384 | N/A | Message digest |
| SHS [FIPS 180-4] | A2952 and A3376 | SHA2-512 | N/A | Message digest |
| CKG (SP800-133rev2) | Vendor Affirmed | Section 5.1, Section 5.2 | Cryptographic Key Generation; SP 800- 133rev2 and IG D.H. | Key generation. Note: The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per section 5 in SP800-133rev2 (vendor affirmed). A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800- 90Arev1 CTR_DRBG. |
# Table 3 Vendor Affirmed Operational Environments The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when ported to an operational environment which is not listed on the validation certificate. Modes of operation The module has one approved mode of operation and is always in the approved mode of operation after initial operations are performed (See Section 11). The module does not claim implementation of a degraded mode of operation. Section 4 provides details on the service indicator implemented by the module. The table below lists all Approved or Vendor-affirmed security functions of the module, including specific key size(s) -in bits unless otherwise noted- employed for approved services, and implemented modes of operation. There are some algorithm modes that were tested but not implemented by the module. Only the algorithms, modes, and key sizes that are implemented by the module are shown in this table. N/A N/A N/A N/A
N/A N/A N/A N/A Table 4 Approved Algorithms Notes:
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input Interface | Arguments for an API call that provide the data to be used or processed by the module. |
| N/A | N/A | Data Output Interface | Arguments output from an API call. |
| N/A | N/A | Control Input Interface | Arguments for an API call used to control and configure module operation. |
| N/A | N/A | Control Output Interface | N/A |
| N/A | N/A | Status Output Interface | Return values, and/or log messages. |
| Name | Roles | Input | Output |
|---|---|---|---|
| Show Status | Crypto Officer | API command to show status | Module’s current status |
| Show Version | Crypto Officer | API commands to show version | Module’s name/ID and versioning information |
| Perform Self-Tests | Crypto Officer | API commands to conduct on- demand Self-Tests | Status of the self-tests results |
| Perform Zeroization | Crypto Officer | API commands to conduct Zeroization operation or Power down the tested platform | Status of the SSPs zeroization |
| Configure Network | Crypto Officer | API Commands to configure the module | Status of the completion of network related configuration |
| Configure Bypass capability | Crypto Officer | API Commands to configure the Bypass capability | Status of the completion of Bypass capability configuration |
| Configure IPsec/IKEv2 Functions | Crypto Officer | API commands to configure IPsec/IKEv2 | Status of completion of IPsec/IKEv2 secure tunnel configuration |
| Configure SSHv2 Function | Crypto Officer | API commands to configure SSHv2 | Status of the completion of SSHv2 configuration |
| Configure HTTPS over TLSv1.2 Function | Crypto Officer | API commands to configure HTTPS over TLSv1.2 | Status of the completion of HTTPS over TLSv1.2 configuration |
| Run SSHv2 Function | Crypto Officer | API commands to execute SSHv2 service | Status of SSHv2 secure tunnel establishment |
| Run IPsec/IKEv2 Functions | Crypto Officer | API command to execute IPsec/IKEv2 | Status of IPsec/IKEv2 secure tunnel establishment |
| Name | Description | Roles | Csps Accessed | Approved Functions | Indicator | A r K a S |
|---|---|---|---|---|---|---|
| Show Status | Provide Module’s current status | Crypto Officer | N/A | N/A | None | N/A |
| Show Version | Provide Module’s name/ID and versioning information | Crypto Officer | N/A | N/A | None | N/A |
| Perform Self-Tests | Perform Self- Tests (Pre- operational self- tests and Conditional Self- Tests) | Crypto Officer | Software Integrity Test Key (non-SSP) | N/A | None | N/A |
| Perform Zeroization | Perform Zeroization | Crypto Officer | All SSPs | N/A | None | Z |
| Configure Network | Sets configuration of the systems | Crypto Officer | N/A | N/A | None | N/A |
| Configure Bypass capability | Sets the Bypass capability | Crypto Officer | N/A | N/A | None | N/A |
| Configure SSHv2 Function | Configure SSHv2 Function | Crypto Officer | DRBG entropy input; DRBG Seed, Internal State V value, and Key; Diffie-Hellman Private Key; Diffie-Hellman Public Key; Peer Diffie-Hellman Public Key; Diffie-Hellman Shared Secret; RSA Private Key; RSA Public Key; SSH Session Integrity Key; | AES-CBC; CKG; KDF SSH; CTR_DRBG; HMAC-SHA-1; KAS-FFC-SSC; KAS (FFC); RSA KeyGen; RSA SigGen; RSA SigVer; Safe Primes Key Generation; SHA-1 | Global Indicator and SSHv2 configuration success status message | W, E |
| Configure HTTPS over TLSv1.2 Function | Configure HTTPS over TLSv1.2 Function | Crypto Officer | DRBG entropy input; DRBG Seed, Internal State V value, and Key; EC Diffie-Hellman Private Key; EC Diffie-Hellman Public Key; Peer EC Diffie-Hellman Public Key; EC Diffie-Hellman Shared Secret; ECDSA Private Key; ECDSA Public Key; RSA Private Key; RSA Public Key; TLS master secret; TLS Session Encryption Key; TLS Session Integrity Key | AES-CBC; AES-GCM CKG; TLS v1.2 KDF RFC7627; CTR_DRBG ECDSA KeyGen; ECDSA KeyVer; ECDSA SigGen; ECDSA SigVer; HMAC-SHA2-256; HMAC-SHA2-384; HMAC-SHA2-512; KAS-ECC-SSC; KAS (ECC); RSA KeyGen; RSA SigGen; RSA SigVer; SHA2-256; SHA2-384; SHA2-512 | Global Indicator and HTTPS over TLSv1.2 configuration success status message | W, E |
| Configure IPsec/IKE v2 Function | Configure IPsec/IKEv2 Functions | Crypto Officer | DRBG entropy input; DRBG Seed; Internal State V value; and Key; Diffie-Hellman Private Key; Diffie-Hellman Public Key; Peer Diffie-Hellman Public Key; Diffie-Hellman Shared Secret; EC Diffie-Hellman Private Key; EC Diffie-Hellman Public Key; Peer EC Diffie-Hellman Public Key; EC Diffie-Hellman Shared Secret; ECDSA Private Key; ECDSA Public Key; RSA Private Key; RSA Public Key; IPSec/IKE Pre-Shared Secret; SKEYSEED; IPSec/IKE Session Encryption key; | AES-CBC; AES-GCM; CKG; CTR_DRBG; KDF IKEv2; ECDSA KeyGen; ECDSA KeyVer; ECDSA SigGen; ECDSA SigVer; HMAC-SHA2-256; HMAC-SHA2-384; HMAC-SHA2-512 KAS-ECC-SSC; KAS (ECC); KAS-FFC-SSC; KAS (FFC); RSA KeyGen; RSA SigGen; RSA SigVer; SafePrimes KeyGen; SHA2-256; SHA2-384; SHA2-512 | Global Indicator with IPsec/IKEv2 configuration success status message | W, E |
| Run SSHv2 Function | Execute SSHv2 Function | Crypto Officer | DRBG entropy input; DRBG Seed, Internal State V value, and Key; Diffie-Hellman Private Key; Diffie-Hellman Public Key; Peer Diffie-Hellman Public Key; Diffie-Hellman Shared Secret; RSA Private Key; RSA Public Key; SSH Session Integrity Key; SSH Session Encryption Key | AES-CBC; CKG; KDF SSH; CTR_DRBG; HMAC-SHA-1; KAS-FFC-SSC; KAS (FFC); RSA KeyGen; RSA SigGen; RSA SigVer; Safe Primes Key Generation; SHA-1 | Global Indicator and Successful SSHv2 log message | W, E |
| Run HTTPS over TLSv1.2 Function | Execute HTTPS over TLSv1.2 Function | Crypto Officer | DRBG entropy input; DRBG Seed, Internal State V value, and Key; EC Diffie-Hellman Private Key; EC Diffie-Hellman Public Key; Peer EC Diffie-Hellman Public Key; EC Diffie-Hellman Shared Secret; ECDSA Private Key; ECDSA Public Key; RSA Private Key; RSA Public Key; TLS master secret; TLS Session Encryption Key; TLS Session Integrity Key | AES-CBC; AES-GCM; CKG; TLS v1.2 KDF RFC7627; CTR_DRBG; ECDSA KeyGen; ECDSA KeyVer; ECDSA SigGen; ECDSA SigVer; HMAC-SHA2-256; HMAC-SHA2-384; HMAC-SHA2-512; KAS-ECC-SSC; KAS (ECC); RSA KeyGen; RSA SigGen; RSA SigVer; SHA2-256; SHA2-384; SHA2-512 | Global Indicator and Successful HTTPS over TLSv1.2 log message | W, E |
| Run IPsec/IKE v2 Function | Execute IPsec/IKEv2 Functions | Crypto Officer | DRBG entropy input; DRBG Seed; Internal State V value; and Key; Diffie-Hellman Private Key; Diffie-Hellman Public Key; Peer Diffie-Hellman Public Key; Diffie-Hellman Shared Secret; | AES-CBC; AES-GCM; CKG; CTR_DRBG; CVL (IKE-KDF); ECDSA KeyGen; ECDSA KeyVer; ECDSA SigGen; ECDSA SigVer; HMAC-SHA2-256; HMAC-SHA2-384; HMAC-SHA2-512 | Global Indicator and Successful IPsec/IKEv2 log message | W, E |
| KAS-ECC-SSC; KAS (ECC); KAS-FFC-SSC; KAS (FFC); RSA KeyGen; RSA SigGen; RSA SigVer; SafePrimes KeyGen; SHA2-256; SHA2-384; SHA2-512 | EC Diffie-Hellman Private Key; EC Diffie-Hellman Public Key; Peer EC Diffie-Hellman Public Key; EC Diffie-Hellman Shared Secret; ECDSA Private Key; ECDSA Public Key; RSA Private Key; RSA Public Key; IPSec/IKE Pre-Shared Secret; SKEYSEED; IPSec/IKE Session Encryption key; IPSec/IKE Session Integrity Key | KAS-ECC-SSC; KAS (ECC); KAS-FFC-SSC; KAS (FFC); RSA KeyGen; RSA SigGen; RSA SigVer; SafePrimes KeyGen; SHA2-256; SHA2-384; SHA2-512 | ||||
| Run Bypass capability | Execute Bypass capability | Crypto Officer | N/A | N/A | None | N/A |
| Crypto Officer | Run Bypass capability | API command to execute Bypass capability | Status of Bypass capability |
|---|
Table 7 below lists all approved services that can be used in the approved mode of operation. The abbreviations of the access rights to keys and SSPs have the following interpretation: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module. W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. N/A = The service does not access any SSP during its operation. Perform SelfSelf-Tests Tests (Preoperational selftests and Conditional SelfTests) N/A N/A N/A N/A N/A Access rights to N/A N/A Z N/A N/A N/A N/A N/A N/A W, E
N/A N/A Access rights to N/A As the module can only be operated in the Approved mode of operation, and as such any algorithms not listed in Table 4 above will be rejected by the module while in the approved mode, the required table defined in SP800-140B for Non-Approved Services is missing from this document. Software/Firmware security Integrity techniques The module is provided in the form of binary executable code. To ensure the software security, the module is protected by RSA 2048 bits with SHA2-512 (RSA and SHA2-512 Cert. #A2952 and #A3376) algorithm. The software integrity test key (non-SSP) was preloaded to the module’s binary by/at the factory and used for software integrity test only at the pre-operational self-test. At crypto module library initialization, the signature is recalculated and compared to the hardcoded build-time generated signature value. If at load time the signature does not match, the crypto module library exits with error. If failure occurs during self-test, all crypto functionality is disabled. Integrity test on-demand Integrity test is performed as part of the pre-operational self-test. It is automatically executed at power-on. The operator can power cycle or reboot the tested platform to initiate the software integrity test on-demand.
| Name | Strength | Generation | Storage | Zeroization | Use | Import Export | |||
|---|---|---|---|---|---|---|---|---|---|
| DRBG entropy input (CSP) | 384 bits | Obtained from the Entropy Source within TOEPP (GPS INT Pathways) | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Random Number Generation | Import to the module via Module’s API Export: No | DRBG entropy input (CSP) | N/A | N/A |
| DRBG Seed, Internal State V value, and Key (CSP) | 256 bits | Internally Derived from entropy input string as defined by SP800- 90Arev1 | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Random Number Generation | Import: No Export: No | DRBG Seed, Internal State V value, and Key (CSP) | CTR_DRBG Certs. #A2952 or #A3376 | N/A |
| Diffie- Hellman Private Key (CSP) | MODP- 2048 | Internally generated conformant to SP800-133r2 (CKG) using SP800-56A rev3 Diffie-Hellman key generation | N/A: The module does not provide persistent keys/ SSPs storage. | Automatic zeroization when the tested platform is powered down | Used to derive Diffie- Hellman Shared Secret | Import: No Export: No | Diffie- Hellman Private Key (CSP) | CKG; CTR_DRBG; KAS (FFC); KAS-FFC- SSC; Safe Primes Key Generation | N/A |
| Certs. #A2952 or #A3376 | method, and the random value used in key generation is generated using SP800-90ARev1 DRBG | Certs. #A2952 or #A3376 | |||||||
| Diffie- Hellman Public Key (PSP) | MODP- 2048 | Internally derived per the Diffie-Hellman key agreement (SP800- 56Arev3) | N/A: The module does not provide persistent keys/ SSPs storage. | Automatic zeroization when the tested platform is powered down | Used to derive Diffie- Hellman Shared Secret | Import: No Export: to the SSH Peer application | Diffie- Hellman Public Key (PSP) | KAS (FFC); KAS-FFC- SSC; Safe Primes Key Generation Certs. #A2952 or #A3376 | N/A |
| Peer Diffie- Hellman Public Key (PSP) | MODP- 2048 | N/A | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Used to derive Diffie- Hellman Shared Secret | Import: to the Module via API Export: No | Peer Diffie- Hellman Public Key (PSP) | KAS (FFC); KAS-FFC-SSC Certs. #A2952 or #A3376 | N/A |
| Diffie- Hellman Shared Secret (CSP) | MODP- 2048 | Internally generated using SP800-56Arev3 DH shared secret computation | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Used to derive SSH session related keys | Import: No Export: No | Diffie- Hellman Shared Secret (CSP) | KAS (FFC); KAS-FFC-SSC Certs. #A2952 or #A3376 | N/A |
| EC Diffie- Hellman Private Key (CSP) | P-256, P-384 and P- 521 | Internally generated conformant to SP800-133r2 (CKG) using SP800-56A rev3 EC Diffie- Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG | N/A: The module does not provide persistent keys/ SSPs storage. | Automatic zeroization when the tested platform is powered down | Used to derive EC Diffie- Hellman Shared Secret | Import: No Export: No | EC Diffie- Hellman Private Key (CSP) | CKG; CTR_DRBG; KAS (ECC); KAS-ECC-SSC Certs. #A2952 or #A3376 | N/A |
| EC Diffie- Hellman Public Key (PSP) | P-256, P-384 and P- 521 | Internally derived per the EC Diffie- Hellman key agreement (SP800- 56Arev3) | N/A: The module does not provide persistent keys/ SSPs storage. | Automatic zeroization when the tested platform is powered down | Used to derive EC Diffie- Hellman Shared Secret | Import: No Export: to the TLS Peer application | EC Diffie- Hellman Public Key (PSP) | KAS (ECC); KAS-ECC-SSC Certs. #A2952 or #A3376 | N/A |
| Peer EC Diffie- Hellman Public Key (PSP) | P-256, P-384 and P- 521 | N/A | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Used to derive EC Diffie- Hellman Shared Secret | Import: to the Module via API Export: No | Peer EC Diffie- Hellman Public Key (PSP) | KAS (ECC); KAS-ECC-SSC Certs. #A2952 or #A3376 | N/A |
| EC Diffie- Hellman Shared Secret (CSP) | P-256, P-384 and P- 521 | Internally generated using SP800-56Ar3 ECDH shared secret computation | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Used to derive TLS session related keys | Import: No Export: No | EC Diffie- Hellman Shared Secret (CSP) | KAS (ECC); KAS-ECC-SSC Certs. #A2952 or #A3376 | N/A |
| ECDSA Private Key (CSP) | P-256, P-384 and P- 521 | Internally generated conformant to SP800-133r2 (CKG) using FIPS 186-4 ECDSA key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Signature generation and Verification used in TLS or IPSec/IKE | Import: No Export: No | ECDSA Private Key (CSP) | CKG; CTR_DRBG ECDSA KeyGen; ECDSA KeyVer; ECDSA SigGen; Certs. #A2952 or #A3376 | N/A |
| ECDSA Public Key (PSP) | P-256, P-384 and P- 521 | Internally derived per the FIPS 186-4 ECDSA key generation method | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Signature generation and Verification used in TLS or IPSec/IKE | Import: No Export: No | ECDSA Public Key (PSP) | ECDSA KeyGen; ECDSA KeyVer; ECDSA SigVer; Certs. #A2952 or #A3376 | N/A |
| RSA Private Key (CSP) | 2048 and 3072 bits | Internally generated conformant to SP800-133r2 (CKG) using FIPS 186-4 RSA key generation method, and the random value used in the key generation is generated using SP800-90Arev1 DRBG | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when the tested platform is powered down | Signature generation and Verification used in SSH, TLS or IPSec/IKE | Import: No Export: No | RSA Private Key (CSP) | CKG; CTR_DRBG; RSA KeyGen; RSA SigGen; Certs. #A2952 or #A3376 | N/A |
| RSA Public Key (PSP) | 2048 and | Internally derived per the FIPS 186-4 RSA | N/A: The module does not | Automatic zeroization when the | Signature generation and Verification | Import: No Export: No | RSA Public Key (PSP) | KeyGen; RSA SigVer; | N/A |
| 3072 bits | 3072 bits | key generation method | provide persistent keys/SSPs storage. | tested platform is powered down | used in SSH, TLS or IPSec/IKE | Certs. #A2952 or #A3376 | |||
| SSH Session Integrity Key (CSP) | 160 bits | Internally Derived per the key derivation function defined in SP800-135 KDF (KDF SSH). | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when SSH session is terminated or when the tested platform is powered down | Used for SSH session integrity protection. | Import: No Export: No | SSH Session Integrity Key (CSP) | KDF SSH; HMAC-SHA-1 Certs. #A2952 or #A3376 | N/A |
| SSH Session Encryption Key (CSP) | 128/256 bits | Internally Generated via key derivation function defined in SP800-135 KDF (KDF SSH) | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when SSH session is terminated or when the tested platform is powered down | Used for SSH session confidentiality protection | Import: No Export: No | SSH Session Encryption Key (CSP) | AES-CBC; KDF SSH; Certs. #A2952 or #A3376 | N/A |
| TLS Master Secret (CSP) | 48 Bytes | Internally Derived per the key derivation function defined in SP800-135 KDF (KDF-TLS v1.2 RFC7627) | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when TLS session is terminated or when the tested platform is powered down | Keying material used to derive other TLS keys | Import: No Export: No | TLS Master Secret (CSP) | Keying Material | N/A |
| TLS Session Encryption Key (CSP) | 128/256 bits | Internally Derived per the key derivation function defined in SP800-135 KDF (TLS v1.2 KDF RFC7627) | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when TLS session is terminated or when the tested platform is powered down | Used for TLS session confidentiality protection | Import: No Export: No | TLS Session Encryption Key (CSP) | AES-CBC; AES-GCM; TLS v1.2 KDF RFC7627; Certs. #A2952 or #A3376 | N/A |
| TLS Session Integrity Key (CSP) | 256-384 bits | Internally Derived per the key derivation function defined in SP800-135 KDF (TLS v1.2 KDF RFC7627) | N/A: The module does not provide persistent keys/SSPs storage. | Automatic zeroization when TLS session is terminated or when the tested platform is powered down | Used for TLS session integrity protection | Import: No Export: No | TLS Session Integrity Key (CSP) | HMAC-SHA2- 256; HMAC-SHA2- 384; TLS v1.2 KDF RFC7627; Certs. #A2952 or #A3376 | N/A |
| IPSec/IKE Pre-Shared Secret (CSP) | At least 8 characters | N/A | N/A. The module does not provide persistent keys/ SSPs storage | Zeroized by SSP/CSP/PS P Zeroization Command | Used for IPSec/IKE peer authentication | Import to the Module wrapped with TLS or SSH session keys Export: No | IPSec/IKE Pre-Shared Secret (CSP) | N/A | MD/ EE |
| SKEYSEE D (CSP) | 160 bits | N/A | N/A. The module does not provide persistent keys/ SSPs storage | Zeroized when IPSec/IKE session is terminated or when the tested platform is powered down | Used for IPSec/IKE Session Encryption Key and Session Integrity Key derivation | Import: No Export: No | SKEYSEE D (CSP) | KDF IKEv2 Certs. #A2952 or #A3376 | N/A |
| IPSec/IKE Session Encryption Key (CSP) | 128/256 bits | Internally derived per the key derivation function defined in SP800-135 KDF (KDF IKEv2). | N/A: The module does not provide persistent keys/SSPs storage | Zeroized when IPSec/IKE session is terminated or when the tested platform is powered down | Used to secure IPSec/IKE session confidentiality | Import: No Export: No | IPSec/IKE Session Encryption Key (CSP) | AES-CBC; AES-GCM; KDF IKEv2 Certs. #A2952 or #A3376 | N/A |
| IPSec/IKE Session Integrity Key (CSP) | 160-512 bits | Internally derived per the key derivation function defined in SP800-135 KDF (KDF IKEv2). | N/A: The module does not provide persistent keys/SSPs storage | Zeroized when IPSec/IKE session is terminated or when the tested platform is powered down | Used to secure IPSec/IKE session integrity | Import: No Export: No | IPSec/IKE Session Integrity Key (CSP) | HMAC-SHA2- 256; HMAC-SHA2- 384; HMAC-SHA2- 521; KDF IKEv2 Certs. #A2952 or #A3376 | N/A |
Operational environment The module is a software module, which is operated in a modifiable operational environment per FIPS 140-3 level 1 specifications. The module’s software version running on each tested The module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevent unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environments provide the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators. Physical security The FIPS 140-3 physical security requirements do not apply to the Module since it is a software Non-invasive security Currently, non-invasive security is not required by FIPS 140-3 (see NIST SP 800-140F). The requirements of this area are not applicable to the module. Sensitive security parameters management The following table summarizes the keys and Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. N/A DiffieHellman by SP80090Arev1 MODP2048 KAS-FFCSSC; N/A N/A N/A DiffieHellman
DiffieHellman Peer DiffieHellman MODP2048 MODP2048 KAS-FFCSSC; (SP80056Arev3) N/A DiffieHellman MODP2048 EC DiffieHellman and P521 EC DiffieHellman and P521 N/A DiffieHellman N/A DiffieHellman EC DiffieHellman (SP80056Arev3) N/A N/A N/A EC DiffieHellman
DiffieHellman and P521 N/A EC DiffieHellman and P521 and P521 and P521 N/A EC DiffieHellman N/A N/A N/A N/A N/A
HMAC-SHA2256; HMAC-SHA2384; N/A N/A N/A N/A N/A
| Name | Key Size | ||
|---|---|---|---|
| Details | Entropy sources | Minimum number | |
| While operating in the Approved Mode, the entropy and seeding material for the SP800-90Arev1 DRBG are provided by the external calling application (and not by the Module) which is outside the Module’s Cryptographic boundary but contained within the Module’s Tested Operational Environment’s Physical Perimeter (TOEPP) boundary. The module receives a LOAD command with entropy obtained from the entropy source (Intel CPU processor with instructions RDRand) inside the TOEPP. The minimum effective strength of the SP 800-90Arev1 DRBG seed is required to be at least 112 bits when used in an approved mode of operation, therefore the minimum | At least 112 bits | Entropy within the TOEPP was passively load into the Module to seed the 800-90Arev1 DRBG by the Operating System |
N/A N/A HMAC-SHA2256; HMAC-SHA2384; HMAC-SHA2521; N/A N/A N/A Table 8 SSPs
number of bits of entropy requested when the Module makes a call to the SP 800-90Arev1 DRBG is at least 112 bits. Per the IG 9.3.A Entropy Caveats, the following caveat applies: When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys). Table 9 Non-Deterministic Random Number Generation Specification
When the module is loaded or instantiated (after being powered off, rebooted, etc.), the module runs pre-operational self-tests. The operating system is responsible for the initialization process and loading of the library. The module is designed with a default entry point (DEP) which ensures that the self-tests are initiated automatically when the module is loaded. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). The self-test success or failure results are an output of the return value of the library load API call, which is functioning as the self-test status indicator. If any one of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state. Below are the details of the self-tests conducted by the module. Pre-Operational Self-Tests: Pre-operational software integrity test
o o o o o o o o o o
Secure operations The module meets all the Level 1 requirements for FIPS 140-3. The validated Module’s package asav9-16-4.zip (for VMware ESXi system), or asav9-16-4.qcow2 (for NFVIS system) is the only allowable software image running on the respective tested platform listed in Table 2 above while in the approved mode. The Crypto Officer must configure and enforce the following initialization steps: Step 1: Install AES licenses to require the module to use AES (for data traffic and SSH). Step 2: Issue “fips enable” to allow the module to internally enforce approved compliant services. (config)# fips enable Step 3: Disable password recovery. (config)#no service password-recovery Step 4: Set the configuration register to bypass ROMMON prompt at boot.
(config)# config-register 0x10011 Step 5: Configure the TLS protocol when using HTTPS to protect administrative functions. Due to known issues relating to the use of TLS with certain versions of the Java plugin, we require that you upgrade to JRE 1.5.0_05 or later. The following configuration settings are known to work when launching ASDM in a TLS-only environment with JRE 1.5.0_05: a. Configure the device to allow only TLSv1.2 packets using the following command: (config)# ssl server-version tlsv2-only (config)# ssl client-version tlsv2-only b. Check TLS v1.2.0 in both the web browser and JRE security settings. Step 6: Configure the module to use SSHv2. Note that all operators must still authenticate after remote access is granted. (config)# ssh version 2 Step 7: Configure the module such that any remote connections via Telnet are secured through IPSec. Step 8: Configure the module such that only approved algorithms are used for IPSec tunnels. Step 9: Configure the IPSec/IKE secure tunnel, including the Access-list (ACL) which classifies the data transferred through the data path to be cryptographic processed or be in Bypass capability. Step 10: Configure the module such that error messages can only be viewed by a Crypto Officer. Step 11: Disable the TFTP server. Step 12: Disable HTTP for performing system management in approved mode of operation. HTTPS with TLS should always be used for Web-based management. Step 13. Save the configuration. Step 14: Reboot the Module.
The requirements under INCITS+ISO+IEC 19790+2012[2014], section 7.12 “Mitigation of other attacks”, are not applicable to the module since the module currently does not support any mitigation of other attacks services.