All modules
CMVP Validated Module · FIPS 140-3 Security Policy

PAN-OS 10.2 running on PA-220, PA-220R, PA-400 Series, PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs

Certificate#4760StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusHistoricalVendorPalo Alto Networks, Inc.
Low review priority  ·  exposes firmware-update authentication, debug/recovery interface  ·  last validated 10 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusHistorical
EntropyENT (P)
CaveatInterim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
VendorPalo Alto Networks, Inc.
Hardware versions910-000102 with Physical Kit 920-000112 [1], 910-000122 with Physical Kit 920-000119 [1], 910-000128 with Physical Kit 920-000084 [1], 910-000147 with Physical Kit 920-000226 [1], 910-000223 with Physical Kit 920-000309 [1], [910-000119 and 910-000120] with Physical Kit 920-000185 [1], [910-000125, 910-000131, 910-000132, and 910-000157] with Physical Kit 920-000186 [1], [910-000162, 910-000163, and 910-000164] with Physical Kit 920-000212 [1], [910-000212, 910-000230, 910-000231, and 910-000232] with Physical Kit 920-000454 [1], [910-000241, 910-000242, 910-000243, and 910-000244] with Physical Kit 920-000333 [1], and [910-000252, 910-000253, and 910-000254] with Physical Kit 920-000320 [2]

Approved Algorithms (35)

AlgorithmACVP Cert
AES-CBCA2906
AES-CCMA2906
AES-CFB128A2906
AES-CTRA2906
AES-GCMA2906
Conditioning Component AES-CBC-MAC SP800-90BA2138
Conditioning Component AES-CBC-MAC SP800-90BA2153
Conditioning Component AES-CBC-MAC SP800-90BA2165
Conditioning Component AES-CBC-MAC SP800-90BA2541
Counter DRBGA2906
ECDSA KeyGen (FIPS186-4)A2906
ECDSA KeyVer (FIPS186-4)A2906
ECDSA SigGen (FIPS186-4)A2906
ECDSA SigVer (FIPS186-4)A2906
HMAC-SHA-1A2906
HMAC-SHA2-224A2906
HMAC-SHA2-256A2906
HMAC-SHA2-384A2906
HMAC-SHA2-512A2906
KAS-ECC-SSC Sp800-56Ar3A2906
KAS-FFC-SSC Sp800-56Ar3A2906
KDF IKEv2A2906
KDF SNMPA2906
KDF SSHA2906
KDF TLSA2906
RSA KeyGen (FIPS186-4)A2906
RSA SigGen (FIPS186-4)A2906
RSA SigVer (FIPS186-4)A2906
Safe Primes Key GenerationA2906
Safe Primes Key VerificationA2906
SHA-1A2906
SHA2-224A2906
SHA2-256A2906
SHA2-384A2906
SHA2-512A2906

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Roles, Services, and Authentication3
Software/Firmware Security2
Operational EnvironmentN/A
Physical Security2
Non-Invasive SecurityN/A
Sensitive Security Parameter Management2
Self-Tests2
Life-Cycle Assurance3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for PAN-OS 10.2 running on PA-220, PA-220R, PA-400 Series, PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>10.2.8-h4 [1] and 10.2.17 [2]</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Update<br/>RSA SigVer (FIPS 186-4)</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status<br/>Zeroize<br/>Self-Tests</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>Micro USB Console (PA-220, PA-220R, PA-800 Series,…<br/>RJ45 Console<br/>RJ45 Ethernet</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for PAN-OS 10.2 running on PA-220, PA-220R, PA-400 Series, PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>10.2.8-h4 [1] and 10.2.17 [2]</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Update<br/>RSA SigVer (FIPS 186-4)</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status<br/>Zeroize<br/>Self-Tests</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>Micro USB Console (PA-220, PA-220R, PA-800 Series,…<br/>RJ45 Console<br/>RJ45 Ethernet</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

PAN-OS 10.2 running on PA-220, PA-220R, PA-400 Series, PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs Version: 1.3 Revision Date: May 1, 2025 Palo Alto Networks, Inc.​ www.paloaltonetworks.com​ © 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. This document may be freely

Page 2
  1. General​
  2. Cryptographic Module Specification​
  3. Cryptographic Module Interfaces​
  4. Roles, Services, and Authentication​
  5. Software/Firmware Security​
  6. Operational Environment​
  7. Physical Security​
  8. Non-Invasive Security​
  9. Sensitive Security Parameter Management​
  10. Self-Tests​
  11. Life-Cycle Assurance​
  12. Mitigation of Other Attacks​
  13. Definitions and Acronyms​
  14. Reference Documents​ Appendix A - PA-220 - FIPS Accessories/Tamper Seal Installation (6 Seals)​ Appendix B - PA-220R- FIPS Accessories/Tamper Seal Installation (5 Seals)​ Appendix C - PA-800 series - FIPS Accessories/Tamper Seal Installation (11 Seals)​ Appendix D – PA-3200 Series – FIPS Accessories/Tamper Seal Installation (19 Seals)​ Appendix E - PA-5200- FIPS Accessories/Tamper Seal Installation (28 Seals)​ Appendix F - PA-7050 - FIPS Accessories/Tamper Seal Installation (24 Seals)​ Appendix G - PA-7080 - FIPS Accessories/Tamper Seal Installation (10 Seals)​ Appendix H - PA-5450 FIPS Accessories/Tamper Seal Installation (12 Seals)​ Appendix I - PA-410 FIPS Accessories/Tamper Seal Installation (4 Seals)​ Appendix J - PA-440/450/460 FIPS Accessories/Tamper Seal Installation (4 Seals)​ Appendix K - PA-3400 Series FIPS Accessories/Tamper Seal Installation (11 Seals)​ Appendix L - PA-5400 Series FIPS Accessories/Tamper Seal Installation (11 Seals)​ Page 1
Page 3
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic Module Specification2
33Cryptographic Module Interfaces2
44Roles, Services, and Authentication3
55Software/Firmware Security2
66Operational EnvironmentN/A
77Physical Security2
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management2
1010Self-Tests2
1111Life-Cycle Assurance3
1212Mitigation of Other AttacksN/A
Overall Security LevelOverall Security Level2

Palo Alto Networks offers a full line of next-generation security appliances. Our platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration. The cryptographic modules meet the overall requirements applicable to Level 2 security of FIPS 140-3. Table 1

Page 4
Module configuration
NameModelHardware VersionFirmware VersionFeatures
PA-220PA-220910-000128, Physical Kit: 920-00008410.2.8-h4RJ45 Ports, Micro-USB, LEDs, USB, Power Supply
PA-220RPA-220R910-000147, Physical Kit: 920-00022610.2.8-h4RJ-45 Ports, SFP, USBs, Micro-USB, LEDs, Power Supply
PA-410PA-410910-000231, Physical Kit: 920-00045410.2.8-h4RJ45 interfaces, USB, LED, Power supply, Ground stud
PA-440PA-440910-000212, Physical Kit: 920-00045410.2.8-h4RJ 45 interfaces, USB, LEDs, Micro USB
PA-450PA-450910-000232, Physical Kit: 920-00045410.2.8-h4RJ 45 interfaces, USB, LEDs, Micro USB
PA-460PA-460910-000230, Physical Kit: 920-00045410.2.8-h4RJ 45 interfaces, USB, LEDs, 1 Micro USB
PA-820PA-820910-000120, Physical Kit: 920-00018510.2.8-h4RJ45 Ports, Micro-USB, SFP, SFP/SFP+, Power, LEDs, USB
PA-850PA-850910-000119, Physical Kit: 920-00018510.2.8-h4RJ45 Ports, Micro-USB, SFP, SFP/SFP+, Power, LEDs, USB
PA-3220PA-3220910-000162, Physical Kit: 920-00021210.2.8-h4RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3250PA-3250910-000163, Physical Kit: 920-00021210.2.8-h4RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3260PA-3260910-000164, Physical Kit: 920-00021210.2.8-h4RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3410PA-3410910-000241, Physical Kit: 920-00033310.2.8-h41 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28
PA-3420PA-3420910-000242, Physical Kit: 920-00033310.2.8-h41 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28
PA-3430PA-3430910-000243, Physical Kit: 920-00033310.2.8-h41 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28
PA-3440PA-3440910-000244, Physical Kit: 920-00033310.2.8-h41 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28
PA-5220PA-5220910-000132, Physical Kit: 920-00018610.2.8-h4RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5250PA-5250910-000131, Physical Kit: 920-00018610.2.8-h4RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5260PA-5260910-000125, Physical Kit: 920-00018610.2.8-h4RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5280PA-5280910-000157, Physical Kit: 920-00018610.2.8-h4RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5410PA-5410910-000252, Physical Kit: 920-00032010.2.171 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45
PA-5420PA-5420910-000253, Physical Kit: 920-00032010.2.171 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45
PA-5430PA-5430910-000254, Physical Kit: 920-00032010.2.171 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45
PA-5450*PA-5450*910-000223, Physical Kit: 920-000309, PA-5400 BC-A: 920-000293, PA-5400 MPC-A: 910-000195, PA-5400 NC-A: 910-000194, PA-5400 DPC-A: 910-00020410.2.8-h4Networking cards, Data processing cards, Base cards, Management processor cards, Electrostatic Discharge, LEDs, Logging Drive Corner, USB, Console port, HSCI-A/B, Logging ports, Management Ports, HA ports, Ejector Tabs, RJ45, QSFP28, SFP/SFP+, Ground Studs, Fans, Power
PA-7050**PA-7050**910-000102, Physical Kit: 920-000112, PAN-PA-7050-SMC-B: 910-000185, PAN-PA-7000-DPC-A: 910-000169, PAN-PA-7000-LFC-A: 910-000183, PAN-PA-7000-100G-NPC-A: 910-00015610.2.8-h4Networking cards, Log/Data processing cards, Log forwarding cards, Management processor cards, RJ45 ports, SFP ports, SFP+ ports, HSCI ports, QSFP+ ports, Power supply, Power Switch, LEDs, USB
PA-7080**PA-7080**910-000122, Physical Kit: 920-000119, PAN-PA-7080-SMC-B: 910-000186,10.2.8-h4Networking cards, Log/Data processing cards, Log forwarding
Page 7
PAN-PA-7000-DPC-A: 910-000169, PAN-PA-7000-LFC-A: 910-000183, PAN-PA-7000-100G-NPC-A: 910-000156cards, Management processor cards, RJ45 ports, SFP+, HSCI, QSFP+, Power Switch, LEDs, USB
* Palo Alto Networks PA-5450 firewalls are tested with the following cards that can be configured for use in the Approved mode of operation PA-5450 Cards ● Base Card (BC): PA-5400 BC-A P/N: 920-000293 ● Management Processor Card (MPC): PA-5400 MPC-A P/N: 910-000195 ● Networking Card (NC): PA-5400 NC-A P/N: 910-000194 ● Data Processor Card (DPC): PA-5400 DPC-A P/N: 910-000204
**PA-7050/7080 uses the following cards below. The required cards include the SMC (must use either the 7050 or 7080 to match the chassis), LFC, and at least one NPC. A DPC can be optionally utilized as well, but must be accompanied by at least one NPC. Network Processing Cards: ● PAN-PA-7000-100G-NPC-A: P/N: 910-000156 Log Forwarding Card: ● PAN-PA-7000-LFC-A: P/N: 910-000183 Log/Data Processing Card: ● PAN-PA-7000-DPC-A: P/N: 910-000169 Switch Management Cards: ● PAN-PA-7080-SMC-B: P/N: 910-000186 ● PAN-PA-7050-SMC-B: P/N: 910-000185

The following procedure will put the modules into the Approved mode of operation:

Page 8
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Conditioning Component AES-CBC-MAC SP 800-90BA2138AES-CBC-MAC128 bitsVetted conditioner component for ESV Cert. #E70
A2153A2153Vetted conditioner component for ESV Cert. #E68
A2165A2165Vetted conditioner component for ESV Cert. #E72, E73
A2541A2541Vetted conditioner component for ESV Cert. #E71
AES-CBC [SP 800-38A]A2906CBC128, 192 and 256 bitsEncryption Decryption
AES-CCM [SP 800-38C]A2906CCM128 bitsEncryption Decryption
AES-CFB128 [SP 800-38A]A2906CFB128128 bitsEncryption Decryption
AES-CTR [SP 800-38A]A2906CTR128, 192 and 256 bitsEncryption Decryption
AES-GCM [SP 800-38D]A2906GCM**128 and 256 bitsEncryption Decryption
Counter DRBG [SP 800-90Arev1]A2906CTR DRBGAES 256 bits with Derivation Function EnabledRandom Bit Generator
ECDSA KeyGen (FIPS 186-4)A2906ECDSA KeyGenP-256, P-384, P-521Key Generation
ECDSA KeyVer (FIPS 186-4)A2906ECDSA KeyVerP-256, P-384, P-521Public Key Validation
ECDSA SigGen (FIPS 186-4)A2906ECDSA SigGenP-256, P-384, P-521 with SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature Generation
ECDSA SigVer (FIPS 186-4)A2906ECDSA SigVerP-256, P-384, P-521 with SHA-1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature Verification
HMAC-SHA-1 [FIPS 198-1]A2906HMACHMAC-SHA-1 with λ=96, 160Authentication for protocols
HMAC-SHA2-224 [FIPS 198-1]A2906HMACHMAC-SHA2-224 with λ=224Authentication for protocols
HMAC-SHA2-256 [FIPS 198-1]A2906HMACHMAC-SHA2-256 with λ=256Authentication for protocols
HMAC-SHA2-384 [FIPS 198-1]A2906HMACHMAC-SHA2-384 with λ=384Authentication for protocols
HMAC-SHA2-512 [FIPS 198-1]A2906HMACHMAC-SHA2-512 with λ=512Authentication for protocols
KAS-ECC-SSC Sp800-56Ar3A2906KASP-256/P-384/P-521Key Exchange
KAS-FFC-SSC SP 800-56Ar3A2906KASMODP-2048/3072/4096Key Exchange
KDF IKEv2 [SP 800-135rev1] (CVL)A2906IKEv2 KDFSHA2-256, SHA2-384, SHA2-512IKEv2
KDF SNMP [SP 800-135rev1] (CVL)A2906SNMPv3 KDFEngine ID: 80001F88043030303030 343935323630SNMPv3
KDF SSH [SP 800-135rev1] (CVL)A2906SSHv2 KDFSHA-1, SHA2-256, SHA2-512SSH
KDF TLS [SP 800-135rev1] (CVL)A2906TLS1.2 KDFTLS v1.2 Hash Algorithm: SHA2-256, SHA2-384TLS
RSA KeyGen (FIPS 186-4)A2906RSA KeyGen (FIPS 186-4)2048, 3072, and 4096 bitsKey Pair Generation
RSA SigGen (FIPS 186-4)A2906RSA SigGen (FIPS 186-4)2048, 3072, and 4096-bit with hashes 256/384/512Signature Generation
RSA SigVer (FIPS 186-4)A2906RSA SigVer (FIPS 186-4)2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1/224+++/256/384/512 (Signature Verification) +++ This Hash algorithm is not supported for ANSI X9.31Signature Verification
SHA-1 [FIPS 180-4]A2906SHASHA-1Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-224 [FIPS 180-4]A2906SHA2SHA-224Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-256 [FIPS 180-4]A2906SHA2SHA-256Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-384 [FIPS 180-4]A2906SHA2SHA-384Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-512 [FIPS 180-4]A2906SHA2SHA-512Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
Safe Primes Key Generation [RFC 3526]A2906Safe Primes Key GenerationMODP-2048, MODP-3072, MODP-4096Safe Primes Key Generation
Safe Primes Key Verification [RFC 3526]A2906Safe Primes Key VerificationMODP-2048, MODP-3072, MODP-4096Safe Primes Key Verification
KTS [SP 800-38F]AES Cert. #A2906 and HMAC Cert. #A2906SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES-CBC or AES-CTR plus HMAC 128, 192, and 256-bit keys providing 128, 192, or 256 bits of encryption strengthKey Wrapping
KTS [SP 800-38F]AES-CCM Cert. #A2906SP 800-38C and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES-CCM 128-bit keys providing 128 bits of encryption strengthKey Wrapping
KTS [SP 800-38F]AES-GCM Cert. #A2906SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES-GCM 128 and 256-bit keys providing 128 or 256 bits of encryption strengthKey Wrapping
SP 800-90BESV Cert. #E27ESVAMD Random Number GeneratorEntropy
SP 800-90BESV Cert. #E68, E70, E71, E72, E73ESVPalo Alto Networks DRNG Entropy SourceEntropy
SP 800-90BESV Cert. #E128ESVOcteon III Entropy SourceEntropy
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A2906, KDF IKEv2 Cert. #A2906SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A2906, KDF SSH Cert. #A2906SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A2906, KDF TLS Cert. #A2906SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A2906, KDF IKEv2 Cert. #A2906SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048, 3072, and 4096-bit keys providing 112, 128, or 150 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A2906, KDF SSH Cert. #A2906SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A2906, KDF TLS Cert. #A2906SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDF
CKG (SP 800-133rev2)Vendor AffirmedSection 5.1, Section 5.2, and Section 6.1Cryptographic Key Generation; SP 800-Key Generation

Non-Compliant State Failure to follow the directions in the Approved Mode of Operation above and Section 11 will result in the module operating in a non-compliant state. Zeroization The following procedure will zeroize the module:

Page 11
133 and IG D.H (symmetric keys and

asymmetric seeds). Note: The symmetric keys and seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG **The module is compliant to IG C.H: GCM is used in the context of TLS, IPsec/IKEv2, SSH:

Page 12

Module Diagrams Figure 1 depicts the logical block diagram for the modules. The cryptographic physical perimeter includes all of the logical components of the modules and the boundary is the physical enclosure of the firewall. Figure 1 - Logical Diagram Figures 2 - 29 depict the modules and their interfaces. Please refer to the appendices for depictions of the modules with the physical kits installed. Figure 2 - PA-220 Front Interfaces Figure 3 - PA-220 Rear Interfaces Page 11

Page 13

Figure 4 - PA-220R Front Interfaces Figure 5 - PA-220R Rear Interfaces Figure 6 - PA-820 / PA-850 Front Interfaces Figure 7 - PA-820 Rear Interfaces Figure 8 - PA-850 Rear Interfaces Page 12

Page 14

Figure 9 - PA-3200 Series Front Interfaces Figure 10 - PA-3200 Series Rear Interfaces Figure 9 - PA-3200 Series Front Interfaces Figure 10 - PA-3200 Series Rear Interfaces Page 13

Page 15

Figure 11 - PA-3410/3420 Front Interfaces Figure 12 - PA-3430/3440 Front Interfaces Figure 13 - PA-3400 Rear Interfaces Figure 14 - PA-5200 Series Front Interfaces Figure 15 - PA-5200 Rear Interfaces Page 14

Page 16

Figure 16 - PA-7050 Front Interfaces Figure 17 - PA-7050 Back Interfaces Page 15

Page 17

Figure 18 - PA-7080 Front (on Left) and Back (on Right) Interfaces Figure 19 - PA-410 Front Interfaces Page 16

Page 18

Figure 20 - PA-410 Rear Ports and Interfaces Figure 21 - PA-400 Front Interfaces (PA-440/450/460 front panels are identical) Figure 22 - PA-400 Rear Interfaces (PA-440/450/460 rear panels are identical) Figure 23 - PA-5410/5420/5430 Front Interfaces (Note: All modules are identical) Page 17

Page 19

Figure 24 - PA-5410/5420/5430 Rear Interfaces (Note: All modules are identical) Figure 25 - PA-5450 Front Interfaces Figure 26 - PA-5450 Management Processor Card Page 18

Page 20

Figure 27 - PA-5450 Networking Card Figure 28 - PA-5450 Data Processing Card Page 19

Page 21
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
HSCI (PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5450, PA-7000 Series)HSCI (PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5450, PA-7000 Series)Data input, control input, data output, status outputSSH
LEDLEDStatus outputModule status via LED indicators
Micro USB Console (PA-220, PA-220R, PA-800 Series, PA-3200 Series, PA-3400 Series,, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7050, PA-7080)Micro USB Console (PA-220, PA-220R, PA-800 Series, PA-3200 Series, PA-3400 Series,, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7050, PA-7080)Status outputSelf-test output
PowerPowerPowerN/A
Power switchPower switchControl inputPower input switch
(PA-7000 Series)(PA-7000 Series)
QSFP+ (PA-3260, PA-3430/PA-3440, PA-5250, PA-5260, PA-5280, PA-5400 Series, PA-7000 Series)QSFP+ (PA-3260, PA-3430/PA-3440, PA-5250, PA-5260, PA-5280, PA-5400 Series, PA-7000 Series)Data input, control input, data output, status outputTLS, IPsec, or SSH
QSFP28 (PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7000 Series)QSFP28 (PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7000 Series)Data input, control input, data output, status outputTLS, IPsec, or SSH
RJ45 ConsoleRJ45 ConsoleStatus outputSelf-test output
RJ45 EthernetRJ45 EthernetData input, control input, data output, status outputTLS, IPSec
RJ45 HA (PA-3200 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080)RJ45 HA (PA-3200 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080)Data input, control input, data output, status outputSSH
RJ45 Log (PA-5450)RJ45 Log (PA-5450)Data input, control input, data output, status outputTLS, IPsec
RJ45 MGT (PA-400 Series, PA-3200 Series, PA-3400 Series, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7000 Series)RJ45 MGT (PA-400 Series, PA-3200 Series, PA-3400 Series, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7000 Series)Data input, control input, data output, status outputTLS, SSH
SFP (PA-220R,PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-7000 Series)SFP (PA-220R,PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-7000 Series)Data input, control input, data output, status outputTLS, IPSec, or SSH
SFP+ (PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080)SFP+ (PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080)Data input, control input, data output, status outputTLS, IPSec, or SSH
SFP28 (PA-3400 Series, PA-5400 Series)SFP28 (PA-3400 Series, PA-5400 Series)Data input, control input, data output, status outputTLS, IPSec

Figure 29 - PA-5450 Rear Interfaces 3.​Cryptographic Module Interfaces The modules are multi-chip standalone modules with ports and interfaces as shown below. The modules do not implement a Table 5 - Ports and Interfaces N/A Page 20

Page 23
Service
NameRolesInputOutput
Show VersionCrypto OfficerQuery module for versionModule provides version
Security Configuration ManagementCrypto Officer, UserConfiguring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accounts via CLI or WebUIConfirmation of service via Configuration Logs
Other ConfigurationCrypto OfficerNetworking parameter configuration, logging configuration, and other non-security relevant configuration via CLI or WebUIConfirmation of service via Configuration Logs
View Other ConfigurationCrypto Officer, UserQuery module for current non-security relevant configuration via WebUI or CLIConfirmation of service via Configuration Logs
Show StatusCrypto Officer, User, RA VPN, S-S VPNQuery status of the module via WebUI or CLIModule status information via CLI or System Logs
VPNRA VPN, S-S VPNInitialize VPN connectionConfirmation of service via System Logs
Firmware UpdateCrypto OfficerLoading new imageMessage output noting version updated successfully
ZeroizeUnauthenticatedInitialize Factory Reset via Maintenance ModeConsole Output
Self-TestsUnauthenticatedPower removalConsole Output
Show Status (LEDs)UnauthenticatedN/ALEDs

4.​Roles, Services, and Authentication Services While in the Approved mode of operation, all CO and User services are accessed via SSH or TLS sessions. Approved and allowed algorithms, relevant CSPs, and public keys related to these protocols are accessed to support the following services. CSP access by services is further described in the following tables. Table 6 - Roles, Service Commands, Input and Output N/A Page 22

Page 24
Approved algorithm
NameUse Function
Authentication StrengthAuthentication MethodRole
Password-based The minimum length is eight (8) characters1 (95 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(958) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(958), which is less than 1/100,000. The firewall’s configuration supports at most ten failed attempts to authenticate in a one-minute period. Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 3,600,000/(2112), which is less than 1/100,000. The firewall supports at most 60,000 new sessions per second to authenticate in a one-minute period.Memorized Secret (Username/password) and/or Single-Factor Cryptographic Software (certificate/public key-based authentication)Cryptographic Officer
UserMemorized Secret (Username/password) and/or Single-Factor Cryptographic Software (certificate/public key-based authentication)User
Remote Access VPN (RA VPN)Memorized Secret (Username/password) and/or Single-Factor Cryptographic Software (certificate-based authentication)Remote Access VPN (RA VPN)
The pre-shared key authentication method has a minimum security strength of 2112. The probability of successfully authenticating to the module is 1/(2112), which is less than 1/1,000,000. The number of authentication attempts is limited by the number of new connections per second supported (120,000) on the fastest platform of the Palo Alto Networks firewalls. The probability of successfully authenticating to the module within a one minute period is 7,200,000/(2112), which is less than 1/100,000. The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521.IKE/IPSec Pre-shared keys - Identification with the IP Address and authentication with the Pre-Shared Key (Memorized Secret) or Single-Factor Cryptographic Software (certificate based authentication)Site-to-Site VPN (S-S VPN)

Assumption of Roles VPN. The cryptographic modules enforce the separation of roles using unique authentication credentials associated with operator accounts. The modules support concurrent operators. The modules do not provide a maintenance role or bypass capability. The modules all support the use of a password (i.e. Memorized Secret as per SP 800-140E). Upon first boot, the module enforces a maximum of 10 failed attempts. Passwords stored in the module are hashed using SHA-256, and any passwords that are transported into/out of the module are protected via TLS 1.2. The passwords for the RA VPN and S-S VPN roles are created as part of the Security Configuration Management service Table 7 - Roles and Authentication In FIPS-CC Mode, the module checks and enforces the minimum password length of eight (8) as specified in SP 800-63B. Passwords are securely stored hashed with salt value, with very restricted access control, and rate limiting mechanism for Page 23

Page 25
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show VersionQuery the module to display the versionCON/AN/AN/AVersion displayed via System Logs / CLI / UI
Security Configuration ManagementConfiguring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accountsCORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/EConfiguration/System Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)COECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/E
KASCOTLS Pre-Master SecretKASG/E/ZKDF TLS (CVL)
KDF TLS (CVL)COTLS Master SecretG/E/ZKDF TLS (CVL)
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOTLS DHE/ECDHE Private ComponentsG/E/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
KTSCOTLS HMAC KeysKTSG/E/ZHMAC-SHA2- 256 HMAC-SHA2- 384
AES-CBCCOTLS Encryption KeysG/E/ZAES-CBC
KTSKTSAES-GCM
KTSCOSSH Session Authentication KeysKTSG/E/ZHMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 512
AES-CBC, AES-CTRCOSSH Session Encryption KeysG/E/ZAES-CBC, AES-CTR
KTSKTSAES-GCM
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZKDF SSH (CVL)
SSH DHE/ECDHE Public ComponentsSSH DHE/ECDHE Public ComponentsG/E/R/W/Z
N/ACOCO, User, RA VPN PasswordN/AG/E/W
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/E
KDF SNMP (CVL)COSNMPv3 Authentication SecretKDF SNMP (CVL)W/E
KDF SNMP (CVL)COSNMPv3 Privacy SecretKDF SNMP (CVL)W/E
HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512COAuthentication KeyHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512G/E/Z
AES-CFB128COSession KeyAES-CFB128G/E/Z
N/ACOProtocol SecretsN/AW/E
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COCA CertificatesRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/W
ECDSA SigVer (FIPS 186-4)COECDSA Public KeysECDSA SigVer (FIPS 186-4)G/R/E/W
RSA SigVer (FIPS 186-4)CORSA Public KeysRSA SigVer (FIPS 186-4)G/R/E/W
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COSSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/W
RSA SigVer (FIPS 186-4)COSSH Client Public KeyRSA SigVer (FIPS 186-4)W/E
RSA SigVer (FIPS 186-4)COPublic key for firmware load testRSA SigVer (FIPS 186-4)W/E
Other ConfigurationNetworking parameter configuration, logging configuration, and other non-security relevant configurationCORSA Private KeysRSA SigGen (FIPS 186-4)G/W/EConfiguration/System Logs
ECDSA SigGen (FIPS 186-4)COECDSA Private KeysECDSA SigGen (FIPS 186-4)G/W/E
KASCOTLS Pre-Master SecretKASG/E/ZKDF TLS (CVL)
KDF TLS (CVL)COTLS Master SecretG/E/ZKDF TLS (CVL)
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOTLS DHE/ECDHE Private ComponentsG/E/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
HMAC-SHA2-256 HMAC-SHA2-384COTLS HMAC KeysHMAC-SHA2-256 HMAC-SHA2-384G/E/Z
AES-CBC or AES-GCMCOTLS Encryption KeysAES-CBC or AES-GCMG/E/Z G/Z
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512COSSH Session Authentication KeysHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512
AES-CBC, AES-CTR, or AES-GCMCOSSH Session Encryption KeysAES-CBC, AES-CTR, or AES-GCMG/E/Z
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZKDF SSH
KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsKeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
N/ACOCO, User, RA VPN PasswordN/AG/E/W
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/E
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COSSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/W
RSA SigVer (FIPS 186-4)COSSH Client Public KeyRSA SigVer (FIPS 186-4)W/E
View Other ConfigurationRead-only of non-security relevant configurationCO, UserCO, User, RA VPN Password Note: includes all items in “Other Configuration”N/AW/EConfiguration/System Logs
Show StatusProvides status information of the moduleCO, UserRSA Private KeysRSA SigGen (FIPS 186-4)EConfiguration/System Logs
ECDSA SigGen (FIPS 186-4)CO, UserECDSA Private KeysECDSA SigGen (FIPS 186-4)E
KASCO, UserTLS Pre-Master SecretKASG/E/ZKDF TLS (CVL)
KDF TLS (CVL)CO, UserTLS Master SecretG/E/ZKDF TLS (CVL)
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCO, UserTLS DHE/ECDHE Private ComponentsG/E/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
HMAC-SHA2-256 HMAC-SHA2-384CO, UserTLS HMAC KeysHMAC-SHA2-256 HMAC-SHA2-384G/E/Z
AES-CBC or AES-GCMCO, UserTLS Encryption KeysAES-CBC or AES-GCMG/E/Z
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512CO, UserSSH Session Authentication KeysHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512G/E/Z
AES-CBC, AES-CTR, or AES-GCMCO, UserSSH Session Encryption KeysAES-CBC, AES-CTR, or AES-GCMG/E/Z
Counter DRBG, ESVRA VPNDRBG SeedCounter DRBG, ESVG/E
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZKDF SSH (CVL)
CKG, ECDSA KeyGen (FIPS 186-4), ECDSASSH DHE/ECDHE Public ComponentsG/E/R/W/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA
VPNProvide network access for remote users or site-to-site connectionS-S VPNS-S VPN IPSec/IKE Authentication KeysKTSG/E/ZConfiguration/System LogsHMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512
AES-CBCS-S VPNS-S VPN IPSec/IKE Session KeysG/E/ZAES-CBC
KTSKTSAES-CCM
KTSKTSAES-GCM
KASS-S VPNS-S VPN IPSec/IKE DHE/ECDHE Private ComponentsKASG/E/ZKDF IKEv2 (CVL)
N/AS-S VPNS-S VPN IPSec Pre-Shared KeysN/AW/E
ECDSA SigVer (FIPS 186-4)S-S VPNECDSA Public KeysECDSA SigVer (FIPS 186-4)W/E
RSA SigVer (FIPS 186-4)S-S VPNRSA Public KeysRSA SigVer (FIPS 186-4)W/E
RSA SigGen (FIPS 186-4)RA VPNRSA Private KeysRSA SigGen (FIPS 186-4)E
ECDSA SigGen (FIPS 186-4)RA VPNECDSA Private KeysECDSA SigGen (FIPS 186-4)E
KASRA VPNTLS Pre-Master SecretKASG/E/ZKDF TLS (CVL)
KDF TLS (CVL)TLS Master SecretG/E/ZKDF TLS (CVL)
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationRA VPNTLS DHE/ECDHE Public ComponentsG/E/R/W/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Private ComponentsRA VPNTLS DHE/ECDHE Private ComponentsG/E/Z
KTSRA VPNTLS HMAC KeysKTSG/E/ZHMAC-SHA2- 256 HMAC-SHA2- 384
AES-CBCRA VPNTLS Encryption KeysG/E/ZAES-CBC
KTSKTSAES-GCM
CKG, AES-CBC or AES-GCMRA VPNRA VPN IPSec Session KeysCKG, AES-CBC or AES-GCMG/E/Z
CKG, HMAC-SHA-1RA VPNRA VPN IPSec AuthenticationCKG, HMAC-SHA-1G/E/Z
Counter DRBG, ESVRA VPNDRBG SeedCounter DRBG, ESVG/E

The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 3,600,000/(2112), which is less than 1/100,000. The firewall supports at most 60,000 new sessions per second to authenticate in a one-minute period. The table below defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Table 8 - Approved Services N/A HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2256 HMAC-SHA2512 N/A N/A G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/Z G/E/Z Page 24

Page 28

HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 N/A HMAC-SHA2256 HMAC-SHA2384 G/E/Z G/E/Z G/E/Z G/E/R/W/Z W/E W/E W/E E E G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E Page 27

Page 29
Approved algorithm
NameUse Function
RSA SigVer (FIPS 186-4)) ECDSA SigVer (FIPS 186-4)CA CertificatesRA VPNW/E
ECDSA SigVer (FIPS 186-4)ECDSA Public KeysRA VPNW/E
RSA SigVer (FIPS 186-4)RSA Public KeysRA VPNW/E
RSA SigVer (FIPS 186-4)Public key for firmware content load test Note: Includes all keys from Other ConfigurationCOEFirmware UpdateProvides a method to update the firmware of the moduleConfiguration/System Logs
N/AAll keys and SSPsCOZZeroizeDestroys all keys in the moduleZeroization indicator
HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4)FIrmware integrity verification keyCOESelf-TestInitiates self-tests and integrity testSystem Logs
N/AN/AAllRShow Status (LEDs)Provides status of the moduleLEDs

N/A N/A W/E W/E W/E E Z E N/A R Note: Configuration/System Logs for Approved services above will indicate FIPS-CC mode is enabled, configuration requirements from Section 11 are followed, and that the service succeeded. 5.​Software/Firmware Security ECDSA Cert. #A2906) during the Pre-Operational Self-Test. In addition, the module also conducts the firmware load test by using RSA 2048 with SHA-256 (Cert. #A2906) for the new validated firmware to be uploaded into the module. The pre-operational self-tests can be initiated by power cycling the module. When this is performed, the module automatically runs the cryptographic algorithm self-tests in addition to the pre-operational firmware integrity test. 6.​Operational Environment The FIPS 140-3 Operational Environment requirements are not applicable because the Firewalls do not contain modifiable operational environments. The operational environment is limited since the modules include a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into these modules is out of the scope of this validation and requires a separate FIPS 140-3 validation. 7.​Physical Security The multi-chip standalone modules are production quality containing standard passivation. Chip components are protected by an opaque enclosure. There are tamper evident seals that are applied on the modules by the Crypto-Officer. All unused seals are to be controlled by the Crypto-Officer. The seals prevent removal of the opaque enclosure without evidence. The Crypto-Officer must ensure that the module surface is clean and dry. Tamper evident seals must be pressed firmly onto the adhering surfaces during installation and once applied the Crypto- Officer shall permit 24 hours of cure time for all tamper-evident seals. The Crypto-Officer should inspect the seals and shields for evidence of tamper every 30 days. If the seals show evidence of tamper, the Crypto-Officer should assume that the modules have been compromised and contact Customer Support. Note: For ordering information, see Table 2 for physical kit part numbers and versions. Opacity shields and Tamper Seals are included for the physical kits. Page 28

Page 30
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportKey/SSP/Name/Ty pe
ECDSA/RSA Public key - Used to trust a root CA intermediate CA and leaf /end entity certificates (RSA 2048, 3072, and 4096 bits) (ECDSA P-256, P-384, and P-521)112 bits minimumRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedCA Certificates
RSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (RSA 2048, 3072, or 4096-bit)112 bits minimumRSA SigVer (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeRSA Public Keys
RSA Private keys for generation of signatures, authentication or key establishment. (RSA 2048, 3072, or 4096-bit)112 bits minimumRSA SigGen (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedRSA Private Keys
ECDSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (ECDSA P-256, P-384, or P-521)128 bits minimumECDSA SigVer (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeECDSA Public Keys
ECDSA Private key for generation of signatures and authentication (P-256, P-384, or P-521)128 bits minimumECDSA SigGen (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedECDSA Private Keys
Ephemeral Diffie-Hellman private FFC or EC component used in TLS (DHE 2048, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SSC KAS-FFC-SSC Cert. #A2906DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ATLS DHE/ECDHE Private Components
Diffie_Hellman or EC Diffie-Hellman Ephemeral values used in key agreement (DHE 2048, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SSC KAS-FFC-SSC Cert. #A2906DRBG, SP 800-56A Rev. 3N/AN/AZeroize at session terminationPlaintext - TLS handshakeTLS DHE/ECDHE Public Components
Secret value used to derive the TLS Master Secret along with client and server random noncesN/AKDF TLS Cert. #A2906KAS SP 800-56A Rev. 3N/ARAM – plaintextZeroize at session terminationN/ATLS Pre-Master Secret
Secret value used to derive the TLS session keysN/AKDF TLS Cert. #A2906KDF TLSN/ARAM – plaintextZeroize at session terminationN/ATLS Master Secret
AES (128 or 256 bit) keys used in TLS connections (GCM; CBC)128 bits minimumAES-CBC or AES-GCM Cert. #A2906KDF TLSTLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS Encryption Keys
HMAC keys used in TLS connections (HMAC-SHA2-256 /384) ( 256, 384 bits)256 bits minimumHMAC-SHA2- 256 HMAC-SHA2- 384 Cert. #A2906KDF TLSTLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS HMAC Keys
Diffie Hellman or EC Diffie-Hellman private (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521)112 bits minimumKAS-ECC-SSC KAS-FFC-SSC Cert. #A2906DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ASSH DHE/ECDHE Private Components
Diffie Hellman or EC Diffie-Hellman public component (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521)112 bits minimumKAS-ECC-SSC KAS-FFC-SSC Cert. #A2906DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationPlaintext SSH handshakeSSH DHE/ECDHE Public Components
SSH Host Public Key (RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521)112 bits minimumRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceN/ASSH Host Public Key
Public RSA key used to authenticate client. (RSA 2048, 3072, and 4096 bits)112 bits minimumRSA SigVer (FIPS 186-4) Cert. #A2906N/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via SSH or TLSSSH Client Public Key
Used in all SSH connections to the security module’s command line interface. (128, 192, or 256 bits: AES CBC or CTR) (128 or 256 bits: AES GCM)128 bits minimumAES-CBC, AES-CTR, or AES-GCM Cert. #A2906KDF SSHSSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Encryption Keys
Authentication keys used in all SSH connections to the security module’s command line interface (HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512) (160, 256, 512 bits)160 bits minimumHMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 512 Cert. #A2906KDF SSHSSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Authentication Keys
Diffie-Hellman or EC Diffie-Hellman private component used in key establishment (DHE 2048, DHE 3072, DHE 4096, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SSC KAS-FFC-SSC Cert. #A2906DBRG, SP 800-56A Rev. 3N/ARAM - plaintextPower cycleN/AS-S VPN IPSec/IKE DHE or ECDHE Private Components
Diffie-Hellman or EC Diffie-Hellman public component used in key agreement (DHE 2048, DHE 3072, DHE 4096, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SSC KAS-FFC-SSC Cert. #A2906DRBG, SP 800-56A Rev. 3N/ARAM - plaintextPower cycleN/AS-S VPN IPSec/IKE DHE or ECDHE Public Components
Used to encrypt IKE/IPSec data. These are AES (128, 192, or 256 CBC) IKE keys and (128, 192 or 256 CBC, 128 CCM, 128 or 256 GCM) IPSec keys128 bits minimumAES-CBC, AES-CCM, AES-GCM Cert. #A2906KDF IKEv2IPSec/IKE, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/AS-S VPN IPSec/IKE Session Keys
(HMAC-SHA-1, SHA-256, SHA-384 or SHA-512) Used to authenticate the peer in an IKE/IPSec tunnel connection. (160, 256, 384, 512 bits)160 bits minimumHMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 Cert. #A2906KDF IKEv2IPSec/IKE, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/AS-S VPN IPSec/IKE Authentication Keys
PSK used in conjunction with HMAC listed above for authentication. Entered into the module by theN/AN/AN/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via SSH or TLSS-S VPN IPSec Pre-Shared Keys
Used to encrypt remote access sessions utilizing IPSec. (AES 128-CBC, 128/256-GCM)128 bits minimumAES-CBC or AES-GCM Cert. #A2906CKG, DRBGN/ARAM - plaintextZeroize at session terminationN/ARA VPN IPSec Session Keys
(HMAC-SHA-1, 160 bits) Used in authentication of remote access IPSec data.160 bitsHMAC-SHA-1 Cert. #A2906CKG, DRBGN/ARAM - plaintextZeroize at session terminationN/ARA VPN IPSec Authentication
Used to check the integrity of all firmware code (HMAC-SHA-256 and ECDSA P-256) (Note: This is not considered an SSP)128 bitsHMAC-SHA2- 256, ECDSA SigVer (FIPS 186-4) Cert. #A2906N/AN/AHDD - plaintextN/AN/AFirmware integrity verification key
Used to authenticate firmware and content to be installed on the firewall (RSA 2048 with SHA-256)112 bitsRSA SigVer (FIPS 186-4) Cert. #A2906N/AN/AHDD - plaintextN/AN/APublic key for firmware content load test
Authentication string with a minimum length of eight (8) characters.N/ASHA2-256 Cert. #A2906ExternalN/AHDD - a password hash (SHA2-256)Zeroize ServiceEncrypted via SSH or TLSCO, User, RA VPN Password
Secrets used by RADIUS or TACACS+ (8 characters minimum)N/AN/AN/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via IPSEC, SSH or TLSProtocol Secrets
Entropy input string coming from the entropy source Input length = 384 bits384 bits (Palo Alto Networks DRNG Entropy Source) 77,598 bits (AMD Random Number Generator) 194 bits (Octeon III Entropy Source)CKG (vendor affirmed), Counter DRBG Cert. #A2906Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/AEntropy Input String
DRBG seed coming from the entropy source Seed length = 384 bits384 bits (Palo Alto Networks DRNG Entropy Source) 77,598 bits (AMD Random Number Generator) 194 bits (Octeon III Entropy Source)CKG (vendor affirmed), Counter DRBG Cert. #A2906Entropy as per SP 800-90BN/ARAM - PlaintextPower cycleN/ADRBG Seed
AES 256 CTR DRBG state Key used in the generation of a random values256 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2906Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG Key
AES 256 CTR DRBG state V used in the generation of a random values128 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2906Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG V
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP Cert. #A2906N/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via TLS/SSHSNMPv3 Authentication Secret
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP Cert. #A2906N/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via TLS/SSHSNMPv3 Privacy Secret
HMAC–SHA-1/224 /256/384/512 Authentication protocol key (160 bits)160 bits minimumHMAC-SHA-1 HMAC-SHA2- 224 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 Cert. #A2906KDF SNMPN/AHDD/RAM - PlaintextZeroize ServiceN/AAuthentication Key
Privacy protocol encryption key (AES 128 CFB)128 bits minimumAES-CFB128 Cert. #A2906KDF SNMPN/AHDD/RAM - PlaintextZeroize ServiceN/ASession Key
Physical Security MechanismsRecommended Frequency of Inspection/TestInspection/Test Guidance Details
Tamper-Evident Seals (PA-7080, PA-7050, PA-5220, PA-5250, PA-5260, PA-5280, PA-3220, PA-3250, PA-3260, PA-820, PA-850, PA-220R, PA-220, PA-410/440/450/460, PA-5450, PA-5410/5420/5430, and PA-3410/3420/3430/3440)30 daysVerify integrity of tamper-evident seals in the locations identified in the physical Kit Installation Guide. Seal integrity to be verified within the modules operating temperature range.
Top, Bottom, Front and Rear Opacity Shields (PA-7050 PA-5450)30 daysVerify that the plenums and opacity shields have not been deformed from their original shape, thereby reducing their effectiveness
Front and Rear Covers (PA-3220, PA-3250, PA-3260)30 daysVerify that front and rear covers have not been deformed from their original shape, thereby reducing their effectiveness
Front Cover (PA-7080, PA-5450, PA-5410/5420/5430, and PA-3410/3420/3430/3440)30 daysVerify that front cover has not been deformed from its original shape thereby reducing its effectiveness
Front cover and Cage Enclosure (PA-220)30 daysVerify that front cover and cage enclosure have not been deformed from their original shape, thereby reducing their effectiveness

8.​Non-Invasive Security No approved non-invasive attack mitigation test metrics are defined at this time. 9.​Sensitive Security Parameter Management The following table details all the sensitive security parameters utilized by the module. Table 10 - SSPs n N/A Page 29

Page 31

N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A HMAC-SHA2256 HMAC-SHA2384 N/A N/A N/A Page 30

Page 32

N/A N/A N/A N/A N/A N/A HMAC-SHA2256 HMAC-SHA2512 N/A N/A N/A N/A N/A N/A HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 N/A N/A N/A N/A N/A Page 31

Page 34
Approved algorithm
NameKey Size
DetailsMinimum number of bits of entropyEntropy Source
ESV Cert. #E68, E70, E71, E72, E73 Entropy source provides full entropy, which is provided in the 384 bit seed.384 bitsPalo Alto Networks DRNG Entropy Source
ESV Cert. #E27 The entropy source provides 1.31221 bits of entropy per 128-bit output. The DRBG is seeded with at least 7569408 bits of output from the entropy source. Therefore, the DRBG is seeded with at least 77,598 bits of entropy before generating keys. [PA-5410/5420/5430]77,598 bitsAMD Random Number Generator
ESV Cert. #E128 The entropy source provides at least 0.506 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy. [PA-220/PA-220R/PA-3200/PA-5200/PA-7000]194 bitsOcteon III Entropy Source

N/A N/A N/A N/A N/A N/A N/A N/A HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 N/A N/A N/A N/A Note: SSPs are implicitly zeroized when power cycling and explicitly zeroized when using the zeroize service. Table 11 - Non-Deterministic Random Number Generation Specification 10.​ Self-Tests The cryptographic module automatically performs the following tests below. The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module; these tests do not require any additional operator action. Page 33

Page 35

Pre-operational Self-Tests Pre-operational Firmware Integrity Test

Page 36
Cause of ErrorError State Indicator
Conditional Cryptographic Algorithm Self-Test or Firmware Integrity Test FailureFIPS-CC mode failure. <Algorithm test> failed.
Conditional Pairwise Consistency or Critical Functions Test FailureSystem log prints an error message.
Conditional Firmware Load Test FailureSystem prints Invalid image message.

Table 12 - Errors and Indicators 11. Life-Cycle Assurance The module does not have any specific maintenance requirements. For details regarding the secure installation, initialization, startup, and operation of the module, see section “Modes of Operation”. Palo Alto Network provides an Administrator Guide for additional information noted in the “Reference Documents” section of this Security Policy. The module design corresponds to the module security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-3 Level 2 module. 1.​ The cryptographic module provides four distinct operator roles. These are the User role, Remote Access VPN role, Site-to-site VPN role, and the Cryptographic Officer role. 2.​ The cryptographic module provides identity-based authentication. 3.​ The cryptographic module clears previous authentications on each power cycle. 4.​ When the module has not been placed in a valid role, the operator does not have access to any cryptographic services. 5.​ Data output is inhibited during power-up self-tests, zeroization and error states. 6.​ Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 7.​ There are no restrictions on which keys or CSPs are zeroized by the zeroization service. 8.​ The module maintains separation between concurrent operators. 9.​ The module does not support a maintenance interface or role. 10.​ The module does not have any external input/output devices used for entry/output of data. 11.​ The module does not enter or output plaintext CSPs. 12.​ The module does not output intermediate key generation values. Vendor imposed security rules In FIPS-CC mode, the following rules shall apply: 1.​ The operator shall not enable TLSv1.0 or use RSA for key wrapping; it is disabled by default a.​ Checked via CLI using “show shared” command 2.​ The operator should not enable TLSv1.3, it is disabled by default. a.​ Checked via CLI using “show profiles” command 3.​ If using RADIUS, it must be configured using TLS. a.​ Checked via CLI using “show shared” command 4.​ If using TACACS+, configure the service route via an IPSec tunnel, and ensure the TACACS+ server is configured for a minimum password length of eight (8) characters or greater. a.​ Checked via CLI using “show deviceconfig” command Failure to follow these Security Rules will cause the module to operate in a non-compliant state. Page 35

Page 37
  1. Mitigation of Other Attacks The module is not designed to mitigate any specific attacks outside the scope of FIPS 140-3. These requirements are not applicable.
  2. Definitions and Acronyms API – Application Programming Interface App-ID – Application Identification - Palo Alto Networks’ ability to identify applications and apply security policy based on the ID rather than the typical port and protocol-based classification. BGP – Border Gateway protocol – Dynamic routing protocol CA – Certificate authority Content-ID – Content Identification – Palo Alto Networks’ threat prevention features including Antivirus, Antispyware, and Intrusion Prevention. CO – Cryptographic Officer DLP – Data loss prevention Gbps – Gigabits per second HA – High Availability HSCI - High Speed Chassis Interconnect IKE – Internet Key Exchange IP – Internet Protocol IPSec – Internet Protocol Security LDAP – Lightweight Directory Access Protocol LED – Light Emitting DiodeOCSP – Online Certificate Status Protocol OSPF – Open Shortest Path First – Dynamic routing protocol PAN-OS – Palo Alto Networks’ Operating System QoS – Quality of Service QSFP - Quad Small Form-factor Pluggable RA VPN – Remote Access Virtual Private Network RIP – Routing Information Protocol – Dynamic routing protocol RJ45 – Networking Connector RNG –Random number generator S-S VPN – Site to site Virtual Private Network SFP – Small Form-factor Pluggable Transceiver SSL – Secure Sockets Layer TLS – Transport Layer Security USB – Universal Serial Bus User-ID – User Identification – Palo Alto Networks’ ability to apply security policy based on who initiates the traffic rather than the typical IP-based approach. VPN – Virtual Private Network XML – Extensible Markup Language
  3. Reference Documents FIPS 140-3 - FIPS Publication 140-3 Security Requirements for Cryptographic Modules Palo Alto Networks Administrator’s Guide : https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/10-2/pan-os-admin/pan-os-admin.pdf Page 36
Page 38

Appendix A - PA-220 - FIPS Accessories/Tamper Seal Installation (6 Seals) 1.​ Place the firewall upside down on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. 2.​ Slide the firewall into the physical chassis cover and attach it to the cover using a Phillips-head screwdriver to tighten four (4) captive screws (two (2) screws on each side of the cover). 3.​ Install the front (network, management, and console) cables (you cannot access the front ports after you complete the front-cover install described in the following steps). 4.​ Place the physical front cover onto the physical chassis cover and attach it using four (4) #4-40 x .25” screws (two (2) screws on each side of the cover). 5.​ Route the front-port cables through the front-cover cable-guide openings. Page 37

Page 39

6.​ Attach the physical front-cover panel to the FIPS front cover by sliding the two (2) panel tabs under the physical chassis cover and then attach the panel using two (2) #4-40 x .25” screws. 7.​ Apply a tamper-evident seal to each location shown in the following illustration (six (6) seals total). After all seals are applied, place the firewall right-side up. Page 38

Page 40

Appendix B - PA-220R- FIPS Accessories/Tamper Seal Installation (5 Seals) 1.​ Place three tamper-evident seals on the top of the module. 2.​ Place two tamper-evident seals on the bottom of the module. Appendix C - PA-800 series - FIPS Accessories/Tamper Seal Installation (11 Seals) 1.​ Place the firewall on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. Page 39

Page 41

2.​ Place the physical back cover onto the back of the firewall and attach it using four #4-40 x 5/16 screws (two screws on each side of the back cover). ​ 3.​ Insert the front (network, management, and console) cables in to the front ports. 4.​ Place the physical front cover onto the front of the firewall and place the rack-mount brackets over the holes on the front cover. Attach the front cover and rack-mount brackets to the firewall using eight (8) #6-32 x 5/16” rack-mount bracket screws (shipped with the firewall)—use four (4) screws on each side. Route the front cables through the front-cover cable-guide opening. ​ ​ Page 40

Page 42

​ 5.​ Apply a tamper-evident seal to each location shown in the following illustrations (eleven (11) seals total). The seal placement over the power supply of the PA-820 firewall and PA-850 firewall is slightly different as shown. ​ Page 41

Page 43

Appendix D

Page 44

3.​ Place 19 tamper seals on the module. Note: Tamper seal placement is the same for all mount types. Seal #16 is required only for the front-mount of four-post rack installations. It is not required for the mid-mount installation Page 43

Page 45

Appendix E - PA-5200- FIPS Accessories/Tamper Seal Installation (28 Seals) 1.​ Place the firewall upside down on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. 2.​ Install power cables: plug the power cords into the power inlets located on the back of the firewall and connect the ground lug and ground cable to the ground lug bolts (you cannot access these back ports after you attach the FIPS back cover). 3.​ Place the physical back cover onto the back of the firewall and attach it to the firewall using four (4) #8-32 x 1/4” screws (two (2) screws on each side of the cover). Route the power cables through the back-cover cable-guide openings. ​ ​ 4.​ Attach the physical back-cover panel to the physical back cover using four (4) #4-40 x 1/4” screws (one (1) screw on each side of the cover and two (2) screws on the back of the cover). ​ 5.​ Place the physical front cover onto the front of the firewall and place the rack-mount brackets over the holes on the front cover. Attach the front cover and rack-mount brackets to the firewall using eighteen (18) #8-32 x 5/16” screws (shipped with the firewall)—use nine (9) screws on each side. Page 44

Page 46

​ 6.​ Apply a tamper-evident seal to each location shown in the illustrations (28 seals). Page 45

Page 48

Appendix F - PA-7050 - FIPS Accessories/Tamper Seal Installation (24 Seals) 1.​ Attach front right rack mount brackets in 4-post rack position. Do not attach rear rack mount brackets. Note that brackets are rotated 180 degrees, so the screw holes line up and the rack mount holes are now on the front of the chassis. 2.​ Align the right plenum bracket with five (5) open screw holes. Attach air plenum brackets using five (5) of the remaining bracket screws as shown. Repeat for the left side. 3.​ Attach bottom plenum to the front right rack mount bracket. Place only the middle two (2) screws. Page 47

Page 49

4.​ Attach the bottom plenum to the rearward right plenum bracket. 5.​ Rotate PA-7050 chassis clockwise 90 degrees onto the bottom plenum. Page 48

Page 50

6.​ Assemble top plenum and cable guide hardware. 7.​ Attach top plenum to the front left rack mount bracket Page 49

Page 51

8.​ Attach front opacity shield using the four (4) captive screws 9.​ Attach top plenum to the rearward left plenum bracket along with plenum’s rear opacity shield as shown Page 50

Page 52

10.​ Loosen four (4) screws on the panel containing the power supply vent. Insert the power supply vent opacity shield and tighten screws. 11.​ Facing the front of the module, affix two (2) seals to top of the front opacity shield, one (1) near left edge and one (1) near the right edge. Ensure the seals, when placed, overlap onto the top of the plenum, as shown. (2 total) Page 51

Page 53

12.​ Facing the front of the module affix one (1) seal centered to the bottom of the front opacity shield to the bottom air plenum, as shown. (1 total) 13.​ Facing the rear of the module, affix two (2) seals to top of the rear opacity shield, one (1) near left edge and one (1) near the right edge. Ensure the seals, when placed, overlap onto the top of the plenum, as shown. (2 total) Page 52

Page 54

14.​ Facing the rear of the module; A.​ Affix one (1) seal to the top plenum/opacity shield, covering the left and right outermost screws, as shown. B.​ Affix one (1) seal to the left and right edge of the top plenum bracket folding over the outer edge of the module, as shown. C.​ Affix one (1) seal to the top of each rear panel (three (3). Ensure that the seals lap onto the top rear plenum brackets, as shown. (7 total) 15.​ Facing the rear of the module, Page 53

Page 55

A.​ Affix one (1) seal to the bottom of each rear panel (three (3). Ensure that the seals laps onto the bottom rear plenum brackets, as shown. B.​ Affix one (1) seal to the left and right edge of the bottom plenum bracket folding over the outer edge of the module, as shown. C.​ Affix one (1) seal to the bottom plenum’s rear side and the bottom plenum rear bracket. (6 total) 16.​ Facing the rear of the module;

Page 57

Appendix G - PA-7080 - FIPS Accessories/Tamper Seal Installation (10 Seals) 1.​ Using the supplied screws attach the Cable Manager Kit with upper opacity lip to the front of the PA-7080, as shown. 2.​ Using the supplied screws, attach the Left and Right Front Cover brackets to the sides of the PA-7080, as shown. Page 56

Page 58

3.​ Using the supplied screws attach front opacity shield to the PA-7080 as shown. 4.​ The final assembly for the PA-7080 with the physical kit is as shown. Page 57

Page 59

5.​ Facing the front of the PA-7080: A.​ Affix one (1) seal to the front and center of the exhaust fan tray. Ensure the seal overlaps the seam with the front PA-7080 branding panel as shown. (1 total) B.​ Affix one (1) seal to the left and right outer edge of mounting flanges for the front opacity shield. Seals should fold over the edge of the cover flange and mounting bracket onto the side of the PA-7080. (2 total) C.​ Affix one (1) seal to the front and center of the air intake fan tray. Ensure the seal overlaps the seam with the PA-7080 electrostatic discharge port panel as shown. (1 total) Page 58

Page 60

6.​ Facing the rear of the PA-7080; D.​ Affix one (1) seal to the left and right outer edge of the upper back panel. Seals should be placed just below the rear exhaust vent as shown. Seals should wrap around onto the sides of the PA-7080 (2 total). E.​ Affix one (1) seal to the left and right outer edges of each power entry module as shown. Seals should wrap around onto the sides of the PA-7080 (4 total). Page 59

Page 62

Appendix H - PA-5450 FIPS Accessories/Tamper Seal Installation (12 Seals) The PA-5450 requires twelve tamper seals. Follow the directions below to install the physical kit. Affix 7 seals at the locations on the rear of the device: On the top cover of the module, place one seal at the following location: Affix the front opacity shield to the front of the device and screw into the locations as below: Page 61

Page 63

Finalize the process by adding four seals at the following locations to secure the screws: Appendix I - PA-410 FIPS Accessories/Tamper Seal Installation (4 Seals) The PA-410 requires four tamper labels. The placement of these seals are needed in the following areas. Affix one seal to the front of the module that connects to the top/bottom. Page 62

Page 64

The left and right side of the module requires one seal each in the same location, as noted in the following area. This wraps to the top and bottom of the module. The last seal is placed on the rear side of the module, and wraps to the top and bottom of the module. Appendix J - PA-440/450/460 FIPS Accessories/Tamper Seal Installation (4 Seals) The PA-440/450/460 require four tamper labels that are placed at the same location as the modules have the same enclosure. Affix four seals on the rear of the module as shown below: Page 63

Page 65

Appendix K - PA-3400 Series FIPS Accessories/Tamper Seal Installation (11 Seals) The PA-3400 series require 12 tamper labels that are placed at the same location on all devices in the series. Affix 12 seals on the module as shown below in the diagrams: Page 64

Page 66

Appendix L - PA-5400 Series FIPS Accessories/Tamper Seal Installation (11 Seals) The PA-5400 series requires 11 tamper labels. The location of the tamper labels placement is the same for all models in the series. Affix 11 seals on the module as shown below in the diagrams: Page 65

Referenced URLs