All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Palo Alto Networks Core Crypto Module

Certificate#4741StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorPalo Alto Networks, Inc.
Low review priority  ·  no TCB surface named  ·  last validated 6 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date7/25/2029
CaveatInterim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
VendorPalo Alto Networks, Inc.

Approved Algorithms (55)

AlgorithmACVP Cert
AES-CBCA4206
AES-CBCA4207
AES-GCMA4206
AES-GCMA4207
Conditioning Component AES-CBC-MAC SP800-90BA1791
Conditioning Component AES-CBC-MAC SP800-90BA2138
Conditioning Component AES-CBC-MAC SP800-90BA2153
Conditioning Component AES-CBC-MAC SP800-90BA2165
Conditioning Component AES-CBC-MAC SP800-90BA2518
Conditioning Component AES-CBC-MAC SP800-90BA2541
Counter DRBGA4206
Counter DRBGA4207
ECDSA KeyGen (FIPS186-4)A4206
ECDSA KeyGen (FIPS186-4)A4207
ECDSA KeyVer (FIPS186-4)A4206
ECDSA KeyVer (FIPS186-4)A4207
ECDSA SigGen (FIPS186-4)A4206
ECDSA SigGen (FIPS186-4)A4207
ECDSA SigVer (FIPS186-4)A4206
ECDSA SigVer (FIPS186-4)A4207
HMAC-SHA-1A4206
HMAC-SHA-1A4207
HMAC-SHA2-224A4206
HMAC-SHA2-224A4207
HMAC-SHA2-256A4206
HMAC-SHA2-256A4207
HMAC-SHA2-384A4206
HMAC-SHA2-384A4207
HMAC-SHA2-512A4206
HMAC-SHA2-512A4207
KAS-ECC-SSC Sp800-56Ar3A4206
KAS-ECC-SSC Sp800-56Ar3A4207
KAS-FFC-SSC Sp800-56Ar3A4206
KAS-FFC-SSC Sp800-56Ar3A4207
RSA KeyGen (FIPS186-4)A4206
RSA SigGen (FIPS186-4)A4206
RSA SigGen (FIPS186-4)A4207
RSA SigVer (FIPS186-4)A4206
RSA SigVer (FIPS186-4)A4207
Safe Primes Key GenerationA4206
Safe Primes Key GenerationA4207
Safe Primes Key VerificationA4206
Safe Primes Key VerificationA4207
SHA-1A4206
SHA-1A4207
SHA2-224A4206
SHA2-224A4207
SHA2-256A4206
SHA2-256A4207
SHA2-384A4206
SHA2-384A4207
SHA2-512A4206
SHA2-512A4207
TLS v1.2 KDF RFC7627A4206
TLS v1.2 KDF RFC7627A4207

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Palo Alto Networks Core Crypto Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Self-test<br/>Show Status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C3,C5,C6 clue;
  class I3,I5,I6 infer;
  class R3,R5,R6 risk;
  class E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Palo Alto Networks Core Crypto Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Self-test<br/>Show Status</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Palo Alto Networks Core Crypto Module Version: 1.7 Revision Date: July 23, 2025 Palo Alto Networks, Inc.​ www.paloaltonetworks.com​ © 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. ​

Page 2
Table of Contents
#SectionPage
Page 3

1.​ General The table below provides the security levels of the various sections of FIPS 140-3 in relation to the Palo Alto Networks Core Crypto Module (hereafter referred to as the Module). ISO/IEC 24759 Section 6. FIPS 140-3 Section Title Security Level [Number Below]

1 General 1

2 Cryptographic Module Specification 1

3 Cryptographic Module Interfaces 1

4 Roles, Services, Authentication 1

5 Software / Firmware Security 1

6 Operational Environment 1

7 Physical Security N/A

8 Non-Invasive Security N/A

9 Sensitive Security Parameter Management 1

10 Self-Tests 1

11 Life-Cycle Assurance 1

12 Mitigation of Other Attacks N/A

Table 1 - Security Levels 2. Cryptographic Module Specification The Palo Alto Networks Core Crypto Module is a software cryptographic module that can run on various environments. The module is designed to run on various hardware devices (multi-chip standalone embodiment) and contains a cryptographic boundary. The cryptographic boundary includes all of the logical software components of the module. The physical perimeter is defined by the enclosure around the hardware on which it runs. See below for more details regarding the platforms. Once initialized, the module provides only an Approved mode of operation that only includes Approved algorithms and key sizes. There is no mechanism to enable non-Approved algorithms or functions. The module is built into PAN-OS/Panorama/WildFire 10.2,11.0, 11.1 and 11.2. It is delivered with the respective Device OS. There is no standalone delivery of the module as a software library. The vendor’s internal development process guarantees that the correct version of the module goes with its intended OS. The Module’s software version for this validation is 1.0 or 1.1 (see note under table 2) and is defined as a software cryptographic module

Page 4

Non-Compliant State Failure to follow the directions in the Approved Mode of Operation above and Section 11 will result in the module operating in a non-compliant state. Note: For Operational Environments which use Panorama or WildFire as the Operating System in Table 2, algorithms from A4207 are not supported. # Operating System Hardware Processor PAA/Acceler Platform ation

1 PAN-OS 10.2 PA-410 Intel Denverton C3436L N/A

2 PAN-OS 11.0 PA-410 Intel Denverton C3436L N/A

3 PAN-OS 11.0 PA-415 Intel Denverton C3436L N/A

4 PAN-OS 10.2 PA-440 Intel Denverton C3558R N/A

5 PAN-OS 11.0 PA-440 Intel Denverton C3558R N/A

6 PAN-OS 11.0 PA-445 Intel Denverton C3558R N/A

7 PAN-OS 10.2 PA-450 Intel Denverton C3758R N/A

8 PAN-OS 11.0 PA-450 Intel Denverton C3758R N/A

9 PAN-OS 10.2 PA-460 Intel Denverton C3758R N/A

10 PAN-OS 11.0 PA-460 Intel Denverton C3758R N/A

11 PAN-OS 10.2 PA-220 Marvell CN7130 N/A

12 PAN-OS 10.2 PA-220R Marvell CN7130 N/A

13 PAN-OS 10.2 PA-820 Marvell CN7240 N/A

14 PAN-OS 11.0 PA-820 Marvell CN7240 N/A

15 PAN-OS 10.2 PA-850 Marvell CN7240 N/A

16 PAN-OS 11.0 PA-850 Marvell CN7240 N/A

17 PAN-OS 11.0 PA-1410 Intel Atom C5325 N/A

18 PAN-OS 11.0 PA-1420 Intel Atom C5325C1 N/A

19 PAN-OS 10.2 PA-3410 Intel Atom P5332 N/A

20 PAN-OS 11.0 PA-3410 Intel Atom P5332 N/A

21 PAN-OS 10.2 PA-3420 Intel Atom P5342 N/A

22 PAN-OS 11.0 PA-3420 Intel Atom P5342 N/A

23 PAN-OS 10.2 PA-3430 Intel Atom P5352 N/A

24 PAN-OS 11.0 PA-3430 Intel Atom P5352 N/A

25 PAN-OS 10.2 PA-3440 Intel Atom P5362 N/A

26 PAN-OS 11.0 PA-3440 Intel Atom P5362 N/A

27 PAN-OS 10.2 PA-5410 AMD EPYC 7352 N/A

28 PAN-OS 11.0 PA-5410 AMD EPYC 7352 N/A

29 PAN-OS 10.2 PA-5420 AMD EPYC 7452 N/A

30 PAN-OS 11.0 PA-5420 AMD EPYC 7452 N/A

31 PAN-OS 10.2 PA-5430 AMD EPYC 7642 N/A

32 PAN-OS 11.0 PA-5430 AMD EPYC 7642 N/A

33 PAN-OS 11.0 PA-5440 AMD EPYC 7742 N/A

34 PAN-OS 10.2 PA-5450 Intel Xeon D-2187NT N/A

© 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 4

Page 5

35 PAN-OS 11.0 PA-5450 Intel Xeon D-2187NT N/A

36 PAN-OS 10.2 PA-3220 Intel Pentium D1517 / N/A

37 PAN-OS 11.0 PA-3220 Intel Pentium D1517 / N/A

38 PAN-OS 10.2 PA-3250 Intel Pentium D1517 / N/A

39 PAN-OS 11.0 PA-3250 Intel Pentium D1517 / N/A

40 PAN-OS 10.2 PA-3260 Intel Pentium D1517 / N/A

41 PAN-OS 11.0 PA-3260 Intel Pentium D1517 / N/A

42 PAN-OS 10.2 PA-5220 Intel Xeon D-1548 / CN7885 N/A

43 PAN-OS 11.0 PA-5220 Intel Xeon D-1548 / CN7885 N/A

44 PAN-OS 10.2 PA-5250 Intel Xeon D-1567 / CN7890 N/A

45 PAN-OS 11.0 PA-5250 Intel Xeon D-1567 / CN7890 N/A

46 PAN-OS 10.2 PA-5260 Intel Xeon D-1567 / CN7890 N/A

47 PAN-OS 11.0 PA-5260 Intel Xeon D-1567 / CN7890 N/A

48 PAN-OS 10.2 PA-5280 Intel Xeon D-1567 / CN7890 N/A

49 PAN-OS 11.0 PA-5280 Intel Xeon D-1567 / CN7890 N/A

50 PAN-OS 10.2 PA-7050 Intel Xeon D-1567 / CN7890 N/A

51 PAN-OS 11.0 PA-7050 Intel Xeon D-1567 / CN7890 N/A

52 PAN-OS 10.2 PA-7080 Intel Xeon D-1567 / CN7890 N/A

53 PAN-OS 11.0 PA-7080 Intel Xeon D-1567 / CN7890 N/A

54 Panorama 10.2 M-200 Intel Xeon E5-2620 V4 N/A

55 Panorama 11.0 M-200 Intel Xeon E5-2620 V4 N/A

56 Panorama 10.2 M-300 Intel Xeon 4310 N/A

57 Panorama 11.0 M-300 Intel Xeon 4310 N/A

58 Panorama 10.2 M-600 Intel Xeon E5-2680 V4 N/A

59 Panorama 11.0 M-600 Intel Xeon E5-2680 V4 N/A

60 Panorama 10.2 M-700 Intel Xeon 4316 N/A

61 Panorama 11.0 M-700 Intel Xeon 4316 N/A

62 WildFire 10.2 WF-500 Intel Xeon E5-2620 N/A

63 WildFire 11.0 WF-500 Intel Xeon E5-2620 N/A

64 WildFire 10.2 WF-500-B Intel Xeon 4316 N/A

65 WildFire 11.0 WF-500-B Intel Xeon 4316 N/A

66 PAN-OS 10.2 with VMware ESXi v7.0 Dell PowerEdge Intel Gold 6248 N/A

67 PAN-OS 11.0 with VMware ESXi v7.0 Dell PowerEdge Intel Gold 6248 N/A

68 PAN-OS 10.2 with KVM on Ubuntu 20.04 Dell PowerEdge Intel Gold 6248 N/A

69 PAN-OS 11.0 with KVM on Ubuntu 20.04 Dell PowerEdge Intel Gold 6248 N/A

R740 © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 5

Page 6

70 PAN-OS 10.2 with Microsoft Hyper-V Server 2019 Dell PowerEdge Intel Gold 6248 N/A

71 PAN-OS 11.0 with Microsoft Hyper-V Server 2019 Dell PowerEdge Intel Gold 6248 N/A

72 Panorama 10.2 with VMware ESXi v7.0 Dell PowerEdge Intel Gold 6248 N/A

73 Panorama 11.0 with VMware ESXi v7.0 Dell PowerEdge Intel Gold 6248 N/A

74 Panorama 10.2 with KVM on Ubuntu 20.04 Dell PowerEdge Intel Gold 6248 N/A

75 Panorama 11.0 with KVM on Ubuntu 20.04 Dell PowerEdge Intel Gold 6248 N/A

76 Panorama 10.2 with Microsoft Hyper-V Server 2019 Dell PowerEdge Intel Gold 6248 N/A

77 Panorama 11.0 with Microsoft Hyper-V Server 2019 Dell PowerEdge Intel Gold 6248 N/A

78 PAN-OS 11.1 PA-460 Intel Denverton C3758R N/A

79 PAN-OS 11.2 PA-460 Intel Denverton C3758R N/A

80 PAN-OS 11.1 PA-850 Marvell CN7240 N/A

81 PAN-OS 11.1 PA-1410 Intel Atom C5325 N/A

82 PAN-OS 11.2 PA-1410 Intel Atom C5325 N/A

83 PAN-OS 11.1 PA-3250 Intel Pentium D1517 / N/A

84 PAN-OS 11.1 PA-3410 Intel Atom P5332 N/A

85 PAN-OS 11.2 PA-3410 Intel Atom P5332 N/A

86 PAN-OS 11.1 PA-5250 Intel Xeon D-1567 / CN7890 N/A

87 PAN-OS 11.2 PA-5250 Intel Xeon D-1567 / CN7890 N/A

88 PAN-OS 11.1 PA-5410 AMD EPYC 7352 N/A

89 PAN-OS 11.2 PA-5410 AMD EPYC 7352 N/A

90 PAN-OS 11.1 PA-5440 AMD EPYC 7742 N/A

91 PAN-OS 11.2 PA-5440 AMD EPYC 7742 N/A

92 PAN-OS 11.1 PA-5450 Intel Xeon D-2187NT N/A

93 PAN-OS 11.2 PA-5450 Intel Xeon D-2187NT N/A

94 PAN-OS 11.1 PA-7080 Intel Xeon D-1567 / CN7890 N/A

95 PAN-OS 11.2 PA-7080 Intel Xeon D-1567 / CN7890 N/A

96 PAN-OS 11.1 PA-7500 Intel Atom P5752 N/A

Intel Xeon D-2798NX Intel Denverton C3758R

97 Panorama 11.1 M-200 Intel Xeon E5-2620 V4 N/A

98 Panorama 11.2 M-200 Intel Xeon E5-2620 V4 N/A

99 Panorama 11.1 M-300 Intel Xeon 4310 N/A

100 Panorama 11.2 M-300 Intel Xeon 4310 N/A

101 Panorama 11.1 M-600 Intel Xeon E5-2680 V4 N/A

102 Panorama 11.2 M-600 Intel Xeon E5-2680 V4 N/A

103 Panorama 11.1 M-700 Intel Xeon 4316 N/A

© 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 6

Page 7

104 Panorama 11.2 M-700 Intel Xeon 4316 N/A

105 WildFire 11.1 WF-500 Intel Xeon E5-2620 N/A

106 WildFire 11.2 WF-500 Intel Xeon E5-2620 N/A

107 WildFire 11.1 WF-500-B Intel Xeon 4316 N/A

108 WildFire 11.2 WF-500-B Intel Xeon 4316 N/A

109 PAN-OS 11.1 with VMware ESXi v7.0 Dell PowerEdge Intel Gold 6248 N/A

110 PAN-OS 11.2 with VMware ESXi v7.0 Dell PowerEdge Intel Gold 6248 N/A

111 PAN-OS 11.1 with Microsoft Hyper-V Server 2019 Dell PowerEdge Intel Gold 6248 N/A

112 PAN-OS 11.2 with Microsoft Hyper-V Server 2019 Dell PowerEdge Intel Gold 6248 N/A

113 PAN-OS 11.1 with KVM on Ubuntu 20.04 Dell PowerEdge Intel Gold 6248 N/A

114 PAN-OS 11.2 with KVM on Ubuntu 20.04 Dell PowerEdge Intel Gold 6248 N/A

115 Panorama 11.1 with VMware ESXi v7.0 Dell PowerEdge Intel Gold 6248 N/A

116 Panorama 11.2 with VMware ESXi v7.0 Dell PowerEdge Intel Gold 6248 N/A

117 Panorama 11.1 with Microsoft Hyper-V Server 2019 Dell PowerEdge Intel Gold 6248 N/A

118 Panorama 11.2 with Microsoft Hyper-V Server 2019 Dell PowerEdge Intel Gold 6248 N/A

119 Panorama 11.1 with KVM on Ubuntu 20.04 Dell PowerEdge Intel Gold 6248 N/A

120 Panorama 11.2 with KVM on Ubuntu 20.04 Dell PowerEdge Intel Gold 6248 N/A

R740 Table 2 - Tested Operational Environments Note: Operational Environments #27-33 and #88 - 91 in Table 2 were tested using software version 1.1 of the module. All other OE’s were tested using version 1.0 of the module. # Operating System Hardware Platform

1 PAN-OS VM-Series or Panorama Virtual Appliance 10.2, 11.0, 11.1, or 11.2 on x86 Architecture

Amazon Web Services (AWS) (Note: Specific processor/hardware is

2 PAN-OS VM-Series or Panorama Virtual Appliance 10.2, 11.0, 11.1, or 11.2 on dependent on Instance/Machine Type

Microsoft Azure selected for operation system)

3 PAN-OS VM-Series or Panorama Virtual Appliance 10.2, 11.0, 11.1, or 11.2 on

Google Cloud Platform (GCP)

4 PAN-OS 11.1 or PAN-OS 11.2 PA-410, PA-410R, PA-410R-5G, PA-415,

PA-415-5G, PA-440, PA-445, © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 7

Page 8

PA-450PA-450R, PA-450R-5G, PA-455, PA-455-5G

5 PAN-OS 11.1 PA-820

6 PAN-OS 11.1 or PAN-OS 11.2 PA-1420

7 PAN-OS 11.1 or PAN-OS 11.2 PA-3420, PA-3430, PA-3440

8 PAN-OS 11.1 or PAN-OS 11.2 PA-5420, PA-5430, PA-5445

9 PAN-OS 11.1 PA-3220, PA-3260

10 PAN-OS 11.1 or PAN-OS 11.2 PA-5220, PA-5260, PA-5280

11 PAN-OS 11.1 or PAN-OS 11.2 PA-7050

Table 3 - Vendor Affirmed Operational Environments The cryptographic modules support the following Approved algorithms. Only the algorithms, modes, and key sizes specified in this table are used by the module. The CAVP certificate may contain more tested options than listed in this table. CAVP Cert Algorithm and Mode/Method Description / Key Size(s) / Key Use / Function Standard Strength(s) Vetted conditioning component for A1791 ESV Cert. #E69 Vetted conditioning component for A2138 ESV Cert. #E70 Conditioning Vetted conditioning component for A2153 Component ESV Cert. #E68 AES-CBC-MAC 128 bits AES-CBC-MAC SP Vetted conditioning component for A2165 800-90B ESV Cert. #E65, E66, E72, E73 Vetted conditioning component for A2518 ESV Cert. #E64, E162 Vetted conditioning component for A2541 ESV Cert. #E71 A4206, A4207 Encryption AES-CBC [SP CBC 128, 192 and 256 bits Decryption 800-38A] A4206, A4207 128 and 256 bits AES-GCM GCM Encryption [SP 800-38D] Decryption Note: 192 tested, but not used A4206, A4207 Counter DRBG AES 256 bits with Derivation Function CTR DRBG Random Bit Generator [SP 800-90Arev1] Enabled A4206, A4207 ECDSA KeyGen Key Generation ECDSA KeyGen P-256, P-384, P-521 (FIPS 186-4) A4206, A4207 ECDSA KeyVer (FIPS Public Key Validation ECDSA KeyVer P-256, P-384, P-521 186-4) A4206, A4207 ECDSA SigGen (FIPS P-256, P-384, P-521 with SHA2-224, Signature Generation ECDSA SigGen 186-4) SHA2-256, SHA2-384, and SHA2-512 A4206, A4207 P-256, P-384, P-521 with SHA-1, ECDSA SigVer (FIPS ECDSA SigVer SHA2-224, SHA2-256, SHA2-384, and Signature Verification 186-4) SHA2-512 © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 8

Page 9

A4206, A4207 HMAC-SHA-1 [FIPS HMAC HMAC-SHA-1 with λ=96, 160 Authentication for protocols 198-1] A4206, A4207 HMAC-SHA2-224 HMAC-SHA2-224 with λ=224 HMAC Authentication for protocols [FIPS 198-1] A4206, A4207 HMAC-SHA2-256 HMAC HMAC-SHA2-256 with λ=256 Authentication for protocols [FIPS 198-1] A4206, A4207 HMAC-SHA2-384 HMAC HMAC-SHA2-384 with λ=384 Authentication for protocols [FIPS 198-1] A4206, A4207 HMAC-SHA2-512 HMAC HMAC-SHA2-512 with λ=512 Authentication for protocols [FIPS 198-1] A4206, A4207 KAS-ECC-SSC KAS ephemeralUnified: P-256/P-384/P-521 Key Exchange Sp800-56Ar3 A4206, A4207 KAS-FFC-SSC SP KAS dhEphem: MODP-2048/3072/4096 Key Exchange 800-56Ar3 A4206 RSA KeyGen RSA KeyGen Key Pair Generation 2048, 3072, and 4096 bits (FIPS 186-4) (FIPS 186-4) A4206, A4207 RSA SigGen RSA SigGen 2048, 3072, and 4096-bit with hashes Signature Generation (FIPS 186-4) (FIPS 186-4) SHA2-256/384/512 A4206, A4207 2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1/SHA2-224+++/256/384/512 RSA SigVer RSA SigVer (Signature Verification) Signature Verification (FIPS 186-4) (FIPS 186-4) +++ This Hash algorithm is not supported for ANSI X9.31 A4206, A4207 Digital Signature Generation/Verification SHA-1 SHA-1 [FIPS 180-4] SHA Non-Digital Signature Applications (e.g. component of HMAC) A4206, A4207 Digital Signature Generation/Verification SHA2-224 [FIPS SHA2 SHA-224 180-4] Non-Digital Signature Applications (e.g. component of HMAC) A4206, A4207 Digital Signature Generation/Verification SHA2-256 [FIPS SHA2 SHA-256 180-4] Non-Digital Signature Applications (e.g. component of HMAC) A4206, A4207 Digital Signature Generation/Verification SHA2-384 [FIPS SHA2 SHA-384 180-4] Non-Digital Signature Applications (e.g. component of HMAC) A4206, A4207 Digital Signature Generation/Verification SHA2-512 [FIPS SHA2 SHA-512 180-4] Non-Digital Signature Applications (e.g. component of HMAC) A4206, A4207 Safe Primes Key Safe Primes Key Generation [RFC MODP-2048/3072/4096 Safe Primes Key Generation Generation 3526] A4206, A4207 Safe Primes Key Safe Primes Key Verification [RFC MODP-2048/3072/4096 Safe Primes Key Verification Verification 3526] © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 9

Page 10

A4206, A4207 TLS v1.2 KDF TLS v1.2 KDF TLS v1.2 Hash Algorithm: SHA2-256, RFC7627 TLS RFC7627 (CVL) SHA2-384 SP 800-38A, FIPS AES Cert. 198-1, and SP AES-CBC plus HMAC #A4206 and KTS 800-38F. KTS (key

128 or 256-bit keys providing 128 or 256 Key Wrapping

HMAC Cert. [SP 800-38F] wrapping and bits of encryption strength #A4206 unwrapping) per IG D.G. SP 800-38A, FIPS AES Cert. 198-1, and SP AES-CBC plus HMAC #A4207 and KTS 800-38F. KTS (key

128 or 256-bit keys providing 128 or 256 Key Wrapping

HMAC Cert. [SP 800-38F] wrapping and bits of encryption strength #A4207 unwrapping) per IG D.G. SP 800-38D and SP 800-38F. KTS (key AES-GCM AES-GCM Cert. KTS wrapping and 128 and 256-bit keys providing 128 or Key Wrapping #A4206 [SP 800-38F] unwrapping) per IG 256 bits of encryption strength D.G. SP 800-38D and SP 800-38F. KTS (key AES-GCM AES-GCM Cert. KTS wrapping and 128 and 256-bit keys providing 128 or Key Wrapping #A4207 [SP 800-38F] unwrapping) per IG 256 bits of encryption strength D.G. ESV Cert. #E27 AMD Random Number Generator ESV Cert. #E64 Palo Alto Networks DRNG Entropy Source ESV Cert. #E65 Palo Alto Networks DRNG Entropy Source ESV Cert. #E66 Palo Alto Networks DRNG Entropy Source ESV Cert. #E68 Palo Alto Networks DRNG Entropy Source ESV Cert. #E69 Palo Alto Networks DRNG Entropy Source ESV Cert. #E70 SP 800-90B ESV Palo Alto Networks DRNG Entropy Entropy Source ESV Cert. #E71 Palo Alto Networks DRNG Entropy Source ESV Cert. #E72 Palo Alto Networks DRNG Entropy Source ESV Cert. #E73 Palo Alto Networks DRNG Entropy Source ESV Cert. #E128 Octeon III Entropy Source ESV Cert. #E130 Palo Alto Networks RTC Entropy Source ESV Cert, #E162 Palo Alto Networks DRNG Entropy Source KAS-ECC-SSC SP 800-56Arev3. Cert. #A4206, P-256, P-384, and P-521 curves providing KAS [SP KAS-ECC per IG TLS v1.2 KDF 128, 192, or 256 bits of encryption Key Exchange with protocol KDF 800-56Arev3] D.F Scenario 2 path RFC7627 Cert. strength (2). #A4206 KAS-ECC-SSC P-256, P-384, and P-521 curves providing KAS [SP SP 800-56Arev3. Cert. #A4207, 128, 192, or 256 bits of encryption Key Exchange with protocol KDF 800-56Arev3] KAS-ECC per IG TLS v1.2 KDF strength © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 10

Page 11

RFC7627 Cert. D.F Scenario 2 path #A4207 (2). KAS-FFC-SSC SP 800-56Arev3. Cert. #A4206, MODP-2048/3072/4096 KAS [SP KAS-FFC per IG TLS v1.2 KDF 2048-bit to 4096-bit key providing 112 Key Exchange with protocol KDF 800-56Arev3] D.F Scenario 2 path RFC7627 Cert. bits to 150 bits of encryption strength (2). #A4206 KAS-FFC-SSC SP 800-56Arev3. Cert. #A4207, MODP-2048/3072/4096 KAS [SP KAS-FFC per IG TLS v1.2 KDF 2048-bit to 4096-bit key providing 112 Key Exchange with protocol KDF 800-56Arev3] D.F Scenario 2 path RFC7627 Cert. bits to 150 bits of encryption strength (2). #A4207 Key Generation Cryptographic Key Note: The seeds used for asymmetric Vendor CKG Section 5.1, Section Generation; SP 800- key pair generation are produced Affirmed (SP 800-133rev2) 5.2

133 and IG D.H. using the unmodified/direct output of

the DRBG Table 4 - Approved Algorithms The module does not have any algorithms that fall under:

Page 12

186-2 SigVer. All supported modulus sizes are CAVP testable and tested as noted above. The module does not implement RSA key transport in the approved mode. In all the above cases, the nonce_explicit is always generated deterministically. AES GCM keys are zeroized when the module is power-cycled. For each new TLS session, a new AES GCM key is established. Figure 1 - Cryptographic Boundary © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 12

Page 13

Figure 1A - Physical Perimeter © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 13

Page 14

3. Cryptographic Module Interfaces The module is a software module and does not have any physical ports, but the hardware platform that the module executes on has physical ports. The module does not support a control output interface. Physical Port Logical Interface Data that passes over port/interface Physical ports of the tested platform Status Output API return values Physical ports of the tested platform Data Input API input parameters Physical ports of the tested platform Data Output API output parameters and return values Physical ports of the tested platform Control Input API input parameters Table 5 - Ports and Interfaces © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 14

Page 15

4. Roles, Services, and Authentication Roles The module implements only one role, which is the Crypto Officer (CO) role. There is no User role supported. The module does not support operator authentication. The CO role is implicitly assumed by the entity accessing services implemented by the module. No further authentication is required. The module does not provide a maintenance role or bypass capability. Services The Approved services supported by the module are noted in the following table: Role Service Input Output CO Initialize API to initialize module Status of initialization of module Self-test API for running self-test Status of the self-test results CO CO Show Status API for show status Module’s status information CO Show Module Version API for module version Module’s name and version CO Zeroize API for zeroization Status of zeroization CO Random Number API for random number Random number provided Generation generator CO Asymmetric Key API for asymmetric key Module generated asymmetric key Generation generation CO Symmetric API for encrypting/decrypting Module performs Encrypt/Decrypt encrypt/decrypting with a symmetric key CO Message Digest API for message digest Module provides hash for calling application CO Keyed Hash API for keyed hash Module provides keyed hash for calling application CO Key Wrapping API for key wrapping Module provides key wrapping service for calling application CO Digital Signature API for digital signature Module performs digital signature functions for calling application CO Crypto Protocols API for TLS crypto protocol Module provides crypto protocol processing for calling application Table 6 - Roles, Service Commands, Input and Output © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 15

Page 16

The following table defines the relationship between access to SSPs and the different module services. The module performs key generation in accordance with the applicable protocol/algorithm. The resulting generated seed used in the asymmetric key generation is the unmodified output from SP800-90A DRBG. The calling application is responsible for storage of generated keys returned by the module. Service Description Approved Security Keys and/or SSPs Roles Access rights to Indicator Functions Keys and/or SSPs Initialize Module performs N/A N/A CO N/A Global indicator initialization (“FIPS-CC” mode) procedures for and System logs Approved mode Self-test Performs self-tests HMAC-SHA2-256, Software Integrity CO E Global indicator including software ECDSA SigVer (FIPS Verification Key (“FIPS-CC” mode) integrity verification 186-4) and System logs Show Status Function that provides N/A N/A CO N/A Global indicator module status (“FIPS-CC” mode) information and System logs Show Module Function that provides N/A N/A CO N/A Global indicator Version the module’s name and (“FIPS-CC” mode) version and System logs Zeroize Function that destroys N/A All keys and SSPs CO Z Zeroization indicator all SSPs Random Number Used for random Counter DRBG, ESV DRBG Seed CO G/E Global indicator Generation number generation (“FIPS-CC” mode) DRBG V and System logs Entropy Input String DRBG Key Asymmetric Key Used to generate CKG, Counter DRBG, ESV RSA Private Keys, RSA CO G/W/E Global indicator Generation asymmetric keys RSA KeyGen (FIPS 186-4) Public Keys (“FIPS-CC” mode) ECDSA KeyGen (FIPS ECDSA Private Keys, and System logs 186-4) ECDSA Public Keys, CA Certificates DRBG Seed G/E DRBG V Entropy Input String DRBG Key Symmetric Used to AES-CBC TLS Encryption Keys CO W/E Global indicator Encrypt/Decrypt encrypt/decrypt data AES-GCM (“FIPS-CC” mode) and System logs Message Digest Used to generate a SHA2-256 N/A CO N/A Global indicator SHA message digest SHA2-384 (“FIPS-CC” mode) SHA2-512 and System logs Keyed Hash Used to generate or HMAC-SHA2-256 TLS HMAC Keys CO G/R/W/E Global indicator verify data integrity HMAC-SHA2-384 (“FIPS-CC” mode) with HMAC and System logs Key Wrapping Used to encrypt or KTS AES-GCM TLS Encryption Keys CO R/E Global indicator decrypt a key value on (“FIPS-CC” mode) behalf of the calling and System logs application KTS AES-CBC HMAC-SHA TLS HMAC Keys 2-256 HMAC-SHA 2-384 Digital Signature Used to generate or RSA SigGen RSA Private Keys CO G/R/W/E Global indicator verify RSA/ECDSA (“FIPS-CC” mode) digital signatures and System logs RSA SigVer RSA Public Keys ECDSA SigGen ECDSA Private Keys ECDSA SigVer ECDSA Public Keys © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 16

Page 17

Counter DRBG, ESV DRBG Seed G/E Global indicator (“FIPS-CC” mode) DRBG V and System logs Entropy Input String DRBG Key Crypto Protocols Used to support crypto KAS-ECC TLS v1.2 TLS Pre-Master Secret CO G/E/Z Global indicator protocols for TLS -SSC KDF (“FIPS-CC” mode) RFC7627 and System logs KAS-FFCTLS v1.2 TLS Master Secret SSC KDF RFC7627 CKG, TLS DHE/ECDHE Private ECDSA Components KeyGen TLS DHE/ECDHE Public (FIPS 186-4), Components ECDSA KeyVer (FIPS 186-4), KAS-ECC-SS C, KAS-FFC-SS C, Safe Primes Key Generation, Safe Primes Key Verification KTS HMAC-SHA TLS HMAC Keys 2-256 HMAC-SHA 2-384 AES-CBC TLS Encryption Keys KTS AES-GCM Counter DRBG, ESV DRBG Seed G/E DRBG V Entropy Input String DRBG Key Table 7 - Approved Services G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Note: There is no table for non-Approved services as the module only supports Approved services. 5. Software/Firmware Security The module performs the Software Integrity test by using HMAC-SHA-256 (HMAC Cert. #A4206) and ECDSA signature verification (ECDSA Cert. #A4206) during the Pre-Operational Self-Test. © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 17

Page 18
  1. Operational Environment The module will operate in a modifiable operational environment per the FIPS 140-3 definition. The operating system shall be restricted to a single operator mode of operation (i.e., concurrent operators are explicitly excluded). The external application that makes calls to the module is the single user of the module, even when the application is serving multiple clients. For a listing of tested environments, see Table 2 and Table 3 above. The module is also available in other environments besides the tested environment if the module’s show status outputs the proper name and version as noted in Section
  2. The CMVP allows user porting of a validated software module to an operational environment which was not included as part of the validation testing. An operator may install and run the Palo Alto Networks Crypto Module on any general purpose computer (GPC) or platform using the specified hypervisor and operating system on the validation certificate or other compatible operating and/or hypervisor system and affirm the modules continued FIPS 140-3 validation compliance. The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when ported and executed in an operational environment not listed on the validation certificate.
  3. Physical Security There are no applicable FIPS 140-3 physical security requirements as this is a software module.
  4. Non-Invasive Security No approved non-invasive attack mitigation test metrics are defined at this time.
  5. Sensitive Security Parameters The following table details all the sensitive security parameters utilized by the module. Key/SSP/Name/T Strength Security Generation Import/Expo Establishment Storage Zeroization Use & Related ype Function and rt Keys Cert. Number ECDSA/RSA Public key - Used to trust RSA SigVer a root CA (FIPS 186-4), Imported/Ex HDD – Zeroize intermediate CA ECDSA

112 bits DRBG, FIPS ported HDD/RAM

CA Certificates SigVer (FIPS N/A minimum 186-4 through API plaintext RAM - Zeroize at entity certificates 186-4) Cert. calls session termination (RSA 2048, 3072, #A4206, and 4096 bits) A4207 (ECDSA P-256, P-384, and P-521) RSA public keys managed as RSA SigVer certificates for the (FIPS 186-4) Imported/Ex verification of

112 bits DRBG, FIPS ported HDD/RAM

RSA Public Keys N/A Zeroize Service minimum RSA Cert. 186-4 through API plaintext establishment of #A4206, calls TLS, operator A4207 authentication and peer authentication. © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 18

Page 19

(RSA 2048, 3072, or 4096-bit) RSA Private keys RSA SigGen for generation of Imported/Ex HDD

112 bits DRBG, FIPS ported RAM

RSA Private Keys Cert. N/A authentication or minimum 186-4 through API plaintext RAM - Zeroize at #A4206, key establishment. calls session termination A4207 (RSA 2048, 3072, or 4096-bit) ECDSA public keys managed as certificates for the ECDSA verification of SigVer (FIPS Imported/Ex signatures, ECDSA Public 128 bits 186-4) DRBG, FIPS ported HDD/RAM

112 bits KAS-FFC-SSC RAM - Zeroize at session component used in

Private 800-56A N/A N/A minimum Cert. plaintext termination TLS Components Rev. 3 #A4206, (DHE 2048, A4207 ECDHE P-256, P-384, P-521) Diffie_Hellman or KAS-ECC-SS EC Diffie-Hellman C, Imported/Ex Ephemeral values TLS DHE/ECDHE DRBG, SP

112 bits KAS-FFC-SSC ported Zeroize at session used in key

Public 800-56A N/A N/A minimum Cert. through API termination agreement ​ Components Rev. 3 #A4206, calls (DHE 2048, A4207 ECDHE P-256, P-384, P-521) Secret value used TLS v1.2 KDF to derive the TLS RFC7627 KAS SP TLS Pre-Master RAM

160 bits HMAC-SHA2 TLS, KAS SP RAM - Zeroize at session

TLS HMAC Keys KDF N/A (SHA-1, 256, 384) minimum -384 Cert. 800-56A Rev. 3 plaintext termination RFC7627 (160, 256, 384 #A4206, bits) A4207 Software Integrity HMAC-SHA2 HDD - Used to check the

128 bits N/A N/A N/A N/A

Verification Key -256, plaintext integrity of © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 19

Page 20

(not considered an ECDSA crypto-related SSP) SigVer code. (FIPS 186-4) (HMAC-SHA-256 Cert. and ECDSA P-256) #A4206, A4207

384 bits

(Palo Alto Networks DRNG Entropy Source) 77,598 bits (AMD CKG (vendor DRBG seed Random affirmed), coming from the Number Entropy as Counter RAM - entropy source DRBG Seed per SP N/A N/A Power cycle Generator) DRBG Cert. plaintext 800-90B #A4206, Seed length = 384

194 bits A4207 bits

(Octeon III Entropy Source/Pal

384 bits

(Palo Alto Networks DRNG Entropy Source) 77,598 bits (AMD Random CKG (vendor DRBG input string Number affirmed), coming from the Entropy as Entropy Input Counter RAM - entropy source Generator) per SP N/A N/A Power cycle String DRBG Cert. plaintext 800-90B #A4206, Input length = 384

194 bits A4207 bits

(Octeon III Entropy Source/Pal

Page 21

Table 10 - Sensitive Security Parameters Note: SSPs are implicitly zeroized when power is lost, or explicitly zeroized by the zeroize service. In the case of implicit zeroization, the SSPs are implicitly overwritten with random values due to their ephemeral memory being reset upon power loss. For the zeroization service and zeroization at session termination, the SSP's memory location is overwritten with random values. Entropy Source Minimum number of Details bits of entropy AMD Random Number Generator 77,598 bits ESV Cert. #E27 The entropy source provides 1.31221 bits of entropy per 128-bit output. The DRBG is seeded with at least 7569408 bits of output from the entropy source. Therefore, the DRBG is seeded with at least 77,598 bits of entropy. before generating keys. [PA-5410/5420/5430/5440] Palo Alto Networks DRNG Entropy 384 bits The module uses entropy provided by the following ESV Certificates: Source E64, E65, E66, E68, E69, E70, E71, E72, E73, and E162. There are no configuration settings needed for this entropy source as per the ESV PUD. Source produces full entropy in the 384 bit seed. Octeon III Entropy Source 194 bits ESV Cert. #E128 The entropy source provides at least .506 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g. keys) whose strengths are modified by available entropy. [PA-220/PA-220R/PA-800/PA-3200/PA-5200/PA-7000] Palo Alto Networks RTC Entropy 194 bits ESV Cert. #E130 Source The entropy source provides at least .5069 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g. keys) whose strengths are modified by available entropy. [WF-500] Table 11 - Non-Deterministic Random Number Generation Specification Note: These entropy sources are provided by the platforms themselves listed in Table 2 and Table 3, which are external to the module itself. © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 21

Page 22

10. Self-Tests The cryptographic module automatically performs the following tests below when the module is loaded (i.e. at power on or reboot). The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module; these tests do not require any additional operator action. Algorithm Self-Test Details Software Integrity Test HMAC-SHA-256 Digital signature verification using ECDSA P-256 Note: The ECDSA and HMAC-SHA-256 KATs are performed prior to the Software integrity test Table 12 - Pre-Operational Self-Test Algorithm Self-Test Details AES KAT using AES ECB 128 bits (Encrypt) Note: Only used for satisfying self-test requirements. AES KAT using AES ECB 128 bits (Decrypt) Note: Only used for self-test. AES KAT using AES CMAC 128 bits (Self-tested, but not used) AES GCM KAT using AES GCM 256 bits (Encrypt) AES GCM KAT using AES GCM 256 bits (Decrypt) DRBG KAT: CTR_DRBG (256 bits) Note: DRBG Health Tests as specified in SP800-90A Section 11.3 are performed (i.e. instantiate/generate/reseed) ECDSA KAT using P-256, P-384, P-521 (Sign/Verify) HMAC KAT using HMAC-SHA-1/256/384/512 RSA KAT using RSA 2048 bits and SHA-256 (Sign/Verify) KAT using RSA 2048 bits with SHA-256 (Encrypt/Decrypt) (Self-tested, but not used) SHA KAT using SHA-1/256/384/512 SP 800-56Arev3 KAS-ECC-SSC KAT using KAS-ECC-SSC (Shared Secret Computation) primitive Z value (P-256/384) SP 800-56Arev3 KAS-FFC-SSC KAT using KAS-FFC-SSC (Shared Secret Computation) primitive Z value (2048 bits) SP 800-135 KDF KAT for TLS 1.2 KDF Table 13 - Conditional Cryptographic Algorithm Self-Tests © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 22

Page 23

Algorithm Self-Test Details ECDSA ECDSA Pair-Wise Consistency Test (PCT) RSA RSA Pair-Wise Consistency Test (PCT) Table 14 - Conditional Pair-Wise Consistency Tests Algorithm Self-Test Details SP 800-56Arev3 KAS-ECC-SSC SP 800-56Arev3 Assurance Tests based on Sections 5.5.2, 5.6.2, and /KAS-FFC-SSC 5.6.3 Table 15 - Conditional Critical Function Tests Error Handling In the event of a conditional test failure, the module will output a description of the error. These are summarized below. Table 16 - Errors and Indicators Cause of Error Error State Indicator Conditional Cryptographic Algorithm Self-Test or Software FIPS-CC mode failure. <Algorithm test> failed. Integrity Test Failure Conditional Pairwise Consistency or Critical Functions Test System log prints an error message. Failure

  1. Life-Cycle Assurance The module is provided directly to solution developers, and is not directly available for the general public to download. The Palo Alto Networks Core Crypto Module is not distributed as a standalone library, and can only be used in conjunction with the platforms listed in Table 2 and Table
  2. For details regarding secure installation, initialization, startup, and operation of the module, see below. The steps below are required to place the module in a compliant state. Failure to do so will result in the module operating in a non-compliant state. Secure Operation The module is initialized via the following procedure: 1.​ During the initial boot-up, break the boot sequence by entering “maint” to access the main menu a.​ Note: PAN-OS / Panorama / WildFire version 10.2, 11.0, 11.1, or 11.2 is required to access APIs of the module 2.​ Select “Continue” 3.​ Select “Set FIPS-CC Mode” option to enter “FIPS-CC” mode (i.e. Approved mode) 4.​ Select “Enable FIPS-CC Mode” 5.​ When prompted, select “Reboot” and the module will re-initialize and continue into “FIPS-CC” mode a.​ The module will perform all necessary self-tests as part of initialization © 2025 Palo Alto Networks, Inc. Palo Alto Networks Core Crypto Module Security Policy 23
Page 24

6.​ The module will provide a status output indicator via the PAN-OS/Panorama/WildFire API that queries the module, and provide the following: a.​ “FIPS-CC Failure”: In event of an initialization failure, the module will provide this output b.​ “FIPS-CC mode enabled successfully”: Module provides this output if initialization is successful The module’s show status can be seen by initiating the following command, which provides the name of the module and version: