| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 9/22/2029 |
| Caveat | When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy |
| Vendor | Palo Alto Networks, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A2244 |
| AES-CFB128 | A2244 |
| AES-CTR | A2244 |
| AES-GCM | A2244 |
| Conditioning Component AES-CBC-MAC SP800-90B | A1791 |
| Counter DRBG | A2244 |
| ECDSA KeyGen (FIPS186-4) | A2244 |
| ECDSA KeyVer (FIPS186-4) | A2244 |
| ECDSA SigGen (FIPS186-4) | A2244 |
| ECDSA SigVer (FIPS186-4) | A2244 |
| HMAC-SHA-1 | A2244 |
| HMAC-SHA2-224 | A2244 |
| HMAC-SHA2-256 | A2244 |
| HMAC-SHA2-384 | A2244 |
| HMAC-SHA2-512 | A2244 |
| KAS-ECC-SSC Sp800-56Ar3 | A2244 |
| KAS-FFC-SSC Sp800-56Ar3 | A2244 |
| KDF SNMP | A2244 |
| KDF SSH | A2244 |
| KDF TLS | A2244 |
| RSA KeyGen (FIPS186-4) | A2244 |
| RSA SigGen (FIPS186-4) | A2244 |
| RSA SigVer (FIPS186-4) | A2244 |
| Safe Primes Key Generation | A2244 |
| Safe Primes Key Verification | A2244 |
| SHA-1 | A2244 |
| SHA2-224 | A2244 |
| SHA2-256 | A2244 |
| SHA2-384 | A2244 |
| SHA2-512 | A2244 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 3 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Physical Security | N/A |
| Non-Invasive Security | N/A |
| Self-Tests | 1 |
| Life-Cycle Assurance | 3 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Panorama Virtual Appliance 10.1
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Panorama Software Update</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Zeroize<br/>Self-Test<br/>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Panorama Virtual Appliance 10.1
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Panorama Software Update</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Zeroize<br/>Self-Test<br/>Show Status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3 clueHigh;
class C5,C6 clueLow;Panorama Virtual Appliance 10.1 Version: 1.2 Revision Date: February 13, 2025 Palo Alto Networks, Inc. www.paloaltonetworks.com © 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.
| # | Section | Page |
|---|---|---|
| 1 | General | 3 |
| 2 | Cryptographic Module Specification | 3 |
| 3 | Cryptographic Module Interfaces | 10 |
| 4 | Roles, Services, and Authentication | 11 |
| 5 | Software/Firmware Security | 17 |
| 6 | Operational Environment | 18 |
| 7 | Physical Security | 18 |
| 8 | Non-Invasive Security | 18 |
| 9 | Sensitive Security Parameters Management | 18 |
| 10 | Self-Tests | 21 |
| 11 | Life-cycle Assurance | 23 |
| 12 | Mitigation of Other Attacks | 25 |
| 13 | References | 25 |
| 14 | Definitions and Acronyms | 25 |
| 1 | General | 1 |
| 2 | Cryptographic Module Specification | 1 |
| 3 | Cryptographic Module Interfaces | 1 |
| 4 | Roles, Services, and Authentication | 3 |
| 5 | Software/Firmware Security | 1 |
| 6 | Operational Environment | 1 |
| 9 | Security Parameter Management | 1 |
| 10 | Self-Tests | 1 |
| 11 | Life-Cycle Assurance | 3 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 3 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | 1 |
| 7 | 7 | Physical Security | N/A |
| 8 | 8 | Non-Invasive Security | N/A |
| 9 | 9 | Security Parameter Management | 1 |
| 10 | 10 | Self-Tests | 1 |
| 11 | 11 | Life-Cycle Assurance | 3 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
| Overall Level | Overall Level | 1 |
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # |
|---|---|---|---|---|---|
| 1 | VMware ESXi v7.0 | Dell PowerEdge R740 | Intel Gold 6248 | N/A | 1 |
| 2 | KVM on Ubuntu 20.04 | Dell PowerEdge R740 | Intel Gold 6248 | N/A | 2 |
| 3 | Hyper-V 2019 on Microsoft Hyper-V Server 2019 | Dell PowerEdge R740 | Intel Gold 6248 | N/A | 3 |
1. The Panorama Virtual Appliance 10.1 from Palo Alto Networks Inc., hereafter referred to as “Panorama VM” or the “cryptographic module” are multi-chip standalone cryptographic modules designed to fulfill FIPS 140-3 level 1 requirements. The Panorama VM provides a centralized monitoring and management of multiple Palo Alto Networks next-generation (NG) firewalls and Wildfire appliances. For purposes of this validation, the exact software version of the module tested was 10.1.5. The cryptographic module meets Table 1 - Security Levels 2. N/A N/A N/A The tested operational environments are highlighted in Table 2. Table 2
| Name | Operating System | Hardware Platform | # |
|---|---|---|---|
| 1 | Amazon Web Services (AWS) | x86 Architecture (Note: Specific processor/hardware is dependent on Instance/Machine Type selected for operation system) | 1 |
| 2 | Microsoft Azure | 2 | |
| 3 | Google Cloud Platform (GCP) | 3 |
Table 3
Non-Compliant State Failure to follow the directions in the Approved Mode of Operation above or rules noted in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Selecting Panorama, Management-Only, and Log Collector System Modes The Panorama VM supports multiple configurations that provide varying services. The Cryptographic Officer can initialize the module into different System Mode. The module supports the following System Modes:
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| Conditioning Component AES-CBC-MAC SP 800-90B | A1791 | AES-CBC-MAC | 128 bits | Vetted conditioning component for ESV Cert. #E129 |
| AES-CBC [SP 800-38A] | A2244 | CBC | 128, 192 and 256 bits | Encryption Decryption |
| AES-CFB128 [SP 800-38A] | A2244 | CFB128 | 128 bits | Encryption Decryption |
| AES-CTR [SP 800-38A] | A2244 | CTR | 128, 192 and 256 bits | Encryption Decryption |
| AES-GCM [SP 800-38D] | A2244 | GCM** | 128 and 256 bits | Encryption Decryption |
| Counter DRBG [SP 800-90Arev1] | A2244 | Counter DRBG | AES 256 bits with Derivation Function Enabled | Random Bit Generator |
| ECDSA KeyGen (FIPS 186-4) | A2244 | ECDSA KeyGen (FIPS 186-4) | P-256, P-384, P-521 | Key Generation |
| ECDSA KeyVer (FIPS 186-4) | A2244 | ECDSA KeyVer (FIPS 186-4) | P-256, P-384, P-521 | Public Key Validation |
| ECDSA SigGen (FIPS 186-4) | A2244 | ECDSA SigGen (FIPS 186-4) | P-256, P-384, P-521 with SHA2-224, SHA2-256, SHA2-384, and SHA2-512 | Signature Generation |
| ECDSA SigVer (FIPS 186-4) | A2244 | ECDSA SigVer (FIPS 186-4) | P-256, P-384, P-521 with SHA-1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512 | Signature Verification |
| HMAC-SHA-1 [FIPS 198-1] | A2244 | HMAC | HMAC-SHA-1 with λ=160 | Authentication for protocols |
| HMAC-SHA2-224 [FIPS 198-1] | A2244 | HMAC | HMAC-SHA2-224 with λ=224 | Authentication for protocols |
| HMAC-SHA2-256 [FIPS 198-1] | A2244 | HMAC | HMAC-SHA2-256 with λ=256 | Authentication for protocols |
| HMAC-SHA2-384 [FIPS 198-1] | A2244 | HMAC | HMAC-SHA2-384 with λ=384 | Authentication for protocols |
| HMAC-SHA2-512 [FIPS 198-1] | A2244 | HMAC | HMAC-SHA2-512 with λ=512 | Authentication for protocols |
| KAS-ECC-SSC Sp800-56Ar3 | A2244 | KAS | Ephemeral Unified Model: P-256/P-384/P-521 | Key Exchange |
| KAS-FFC-SSC SP 800-56Ar3 | A2244 | KAS | dhEphem: MODP-2048 | Key Exchange |
| KDF SNMP [SP 800-135rev1] (CVL) | A2244 | SNMPv3 KDF | Engine ID: 80001F88043030303030343935323630 | SNMPv3 |
| KDF SSH [SP 800-135rev1] (CVL) | A2244 | SSHv2 KDF | SHA-1, SHA2-256, SHA2-512 | SSH |
| KDF TLS | A2244 | TLS 1.0/1.1 KDF, TLS1.2 KDF | TLS v1.0/1.1 TLS v1.2 Hash Algorithm: SHA2-256, SHA2-384 | TLS |
| RSA KeyGen (FIPS 186-4) | A2244 | RSA KeyGen (FIPS 186-4) | 2048, 3072, and 4096 bits | Key Pair Generation |
| RSA SigGen (FIPS 186-4) | A2244 | RSA SigGen (FIPS 186-4) | (ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, and 4096-bit with hashes SHA2-256/384/512 | Signature Generation |
| RSA SigVer (FIPS 186-4) | A2244 | RSA SigVer (FIPS 186-4) | (ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1 and SHA2-224+++/256/384/512 (Signature Verification) +++ This Hash algorithm is not supported for ANSI X9.31 | Signature Verification |
| SHA-1 [FIPS 180-4] | A2244 | SHA | SHA-1 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| SHA2-224 [FIPS 180-4] | A2244 | SHA2 | SHA-224 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| SHA2-256 [FIPS 180-4] | A2244 | SHA2 | SHA-256 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| SHA2-384 [FIPS 180-4] | A2244 | SHA2 | SHA-384 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| SHA2-512 [FIPS 180-4] | A2244 | SHA2 | SHA-512 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| Safe Primes Key Generation [RFC 3526] | A2244 | Safe Primes Key Generation | MODP-2048 | Safe Primes Key Generation |
| Safe Primes Key Verification [RFC 3526] | A2244 | Safe Primes Key Verification | MODP-2048 | Safe Primes Key Verification |
| KTS [SP 800-38F] | AES Cert. #A2244 and HMAC Cert. #A2244 | SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys providing 128, 192, or 256 bits of encryption strength | Key Wrapping. AES-CBC or AES-CTR with HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-384, or HMAC-SHA2-512 |
| KTS [SP 800-38F] | AES-GCM Cert. #A2244 | SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128 and 256-bit keys providing 128 or 256 bits of encryption strength | Key Wrapping. AES-GCM. |
| SP 800-90B | ESV Cert. #E129 | ESV | Palo Alto Networks DRNG RDSEED Entropy Source | Entropy |
Table 4
D.G. D.G. © 2025 Panorama VM 10.1 Security Policy 7
| Name | Strength | Security Function | SP 800-56 Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | Key Exchange with protocol KDF |
|---|---|---|---|---|
| CKG (SP 800-133rev2) | Cryptographic Key Generation; SP 800-133rev2 and IG D.I (asymmetric seeds). | Vendor Affirmed | Section 5.1, Section 5.2 | Key Generation Note:The seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG |
5.2 ** The module is compliant to IG C.H: GCM is used in the context of TLS and SSH:
| Name | Use Function | Use / Function |
|---|---|---|
| MD5 | Only allowed as the PRF in TLSv1.1 per IG 2.4.AOnly allowed as the PRF in TLSv1.0 and v1.1 per IG 2.4.A | Message digest used in TLSv1.0 / v1.1 |
| KDF only | KDF only |
The module is compliant to IG C.F: The module utilizes approved modulus sizes 2048, 3072, and 4096 bits for RSA signatures. This functionality has been CAVP tested as noted above. The minimum number of Miller Rabin tests for each modulus size is implemented according to Table C.2 of FIPS 186-4. For modulus size 4096 the module implements the largest number of Miller-Rabin tests shown in Table C.2. RSA SigVer is CAVP tested for all three supported modulus sizes as noted above. The module does not perform FIPS 186-2 SigVer. All supported modulus sizes are CAVP testable and tested as noted above. The module does not implement RSA key transport in the approved mode. The module does not have any algorithms that fall under: - Non-Approved Algorithms Allowed in the Approved Mode of Operation - Non-Approved Algorithms Not Allowed in the Approved Mode of Operation The cryptographic module supports the following non-Approved algorithms that are allowed for use in the Approved mode of operation: Table 5A - Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed Table 6 - Supported Protocols in the Approved Mode Supported Protocols* TLS v1.1, v1.2 SSHv2 SNMPv3 *Note: No parts of these protocols, other than the approved cryptographic algorithms and the KDFs, have been tested or reviewed by the CAVP and CMVP. Cryptographic Boundary The Panorama Virtual Appliance is a software cryptographic module and requires an underlying general purpose computer (GPC) environment. The module consists of a GPC (multi-chip standalone embodiment) with the cryptographic boundary defined below. The cryptographic boundary (CB) includes all of the software components of the module, which is included in the file name in Section 11 (Panorama_pc-10.1.5) and also the configuration file that resides on the virtual machine’s virtual disk. The physical perimeter (PP) is defined by the enclosure around the host GPC on which it runs. Figure 1 depicts the boundary and illustrates the hardware components of a GPC. © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 9
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| Power | Power | Power | Power supplies |
| Console, GPC I/O | Console, GPC I/O | Status Output | Self-test status output |
| Ethernet | Ethernet | Data input, control input, control output, data output, status output | HTTPS, TLS, SNMP, and SSH traffic data. |
Figure 1
| Name | Roles | Input | Output |
|---|---|---|---|
| Show Version | CO | Query module for version | Module provides version |
| Access web portal | CO, User | Connect to web portal from TLS client. | Confirmation of service via Configuration Logs |
| Access CLI | CO, User | Connect to SSH server from SSH client | Confirmation of service via Configuration Logs |
| System Provisioning | CO | Configuring and managing system configurations (e.g., IP address, system time, etc.) via CLI or WebUI | Confirmation of service via Configuration Logs |
| Panorama Software Update | CO | Loading new image | Message output noting version updated successfully via System Logs |
| Panorama Manager Setup | CO | Configuring and managing Manager configurations (e.g., HTTPS, NTP, etc.) via CLI or WebUI | Confirmation of service via Configuration Logs |
| Manage Panorama Administrative Access | CO | Configuring and managing Administrative configurations (e.g., creating user accounts, setting authentication method, etc.) via CLI or WebUI | Confirmation of service via Configuration Logs |
| Configure High Availability | CO | Configuring and managing High Availability (HA) configuration via CLI or WebUI | Confirmation of service via Configuration Logs |
| Panorama Certificate Management | CO | Configuring and managing certificates via CLI or WebUI | Confirmation of service via Configuration Logs |
| Panorama Log Setting | CO | Configuring and managing log settings via CLI or WebUI | Confirmation of service via Configuration Logs |
| Panorama Server Profiles | CO | Configuring and managing Server configurations (e.g. SNMP, etc.) via CLI or WebUI | Confirmation of service via Configuration Logs |
| Setup Managed Devices and Deployment | CO | Configuring and managing Managed Devices configurations (e.g., Versions, Licenses, etc.) via CLI or WebUI | Confirmation of service via Configuration Logs |
| Configure Managed Log Collectors | CO | Configuring and managing Managed Log Collectors configurations via CLI or WebUI | Confirmation of service via Configuration Logs |
| Zeroize | CO, Unauthenticated | Zeroize from CLI | Zeroization Indicator |
| Self-Test | CO, User, Unauthenticated | Run self-test via CLI or WebUI | Output results via System Logs |
| Show Status | CO, User | Show status via CLI or WebUI | FIPS-CC Mode Indicator |
| System Audit | CO, User | View system audit records via CLI or WebUI | Audit records via System Logs |
| Monitor System Status and Logs | CO, User | View system status records via CLI or WebUI | System status via System Logs |
| Panorama Log Collector Setup | CO | Configuring and managing Log Collectors configurations via CLI or WebUI | Confirmation of service via Configuration Logs. |
4. Roles, Services, and Authentication Roles and Services While in the Approved mode of operation, all CO and User services are accessed via SSH or TLS sessions. Approved and allowed algorithms, relevant CSPs and public keys related to these protocols are accessed to support the following services. CSP access by services is further described in the following tables. Table 8
| Name | Use Function | |
|---|---|---|
| Authentication Strength | Authentication Method | Role |
| Password-based Minimum length is eight1 (8) characters (95 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(958) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(958), which is less than 1/100,000. The module’s configuration supports at most ten failed attempts to authenticate in a one-minute period. Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. | Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication) | CO |
| User | Memorized Secret (Unique Username/password) and/or | User |
Assumption of Roles The module supports distinct operator roles. The cryptographic module in Panorama or Management-Only mode enforces the separation of roles using unique authentication credentials associated with operator accounts. The Log Collector mode The module does not provide a maintenance role or bypass capability. Table 9 - Roles and Authentication In FIPS-CC Mode, the module checks and enforces the minimum password length of eight (8) as specified in SP 800-63B. Passwords are securely stored hashed with salt value, with very restricted access control, and rate limiting mechanism for authentication attempts. © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 12
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | |
|---|---|---|---|---|---|---|---|
| Show Version | Query the module to display the version | CO | N/A | N/A | N/A | Version displayed via System Logs / CLI / UI | |
| Access web portal | Connect to module’s web portal to invoke services. (Panorama or Management-Only Mode) | CO, User | CA Certificates | RSA SigVer (186-4) | G/R/E/W | System Logs | |
| RSA SigVer (186-4) | RSA Public Keys | RSA SigVer (186-4) | G/R/E/W | ||||
| ECDSA SigVer (186-4) | ECDSA Public Keys | ECDSA SigVer (186-4) | G/R/E/W | ||||
| KAS | TLS Pre-Master Secret | KAS | G/E/Z | KDF TLS (CVL), MD5 (No security claimed) | |||
| TLS Master Secret | TLS Master Secret | G/E/Z | |||||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | TLS DHE/ECDHE Private Components | G/E/Z | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | ||||
| TLS DHE/ECDHE Public Components | TLS DHE/ECDHE Public Components | G/E/Z | |||||
| KTS | TLS HMAC Keys | KTS | G/E/Z | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384 | |||
| AES-CBC | TLS Encryption Keys | G/E/Z | AES-CBC | ||||
| KTS | TLS Encryption Keys | KTS | G/E/Z | AES-GCM | |||
| Counter DRBG, ESV | CO | DRBG Seed | Counter DRBG, ESV | G/E | |||
| Access CLI | Connect to module’s CLI via SSH | CO, User | SSH Session Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA-1 HMAC-SHA2-256 |
| AES-CBC AES-CTR | SSH Session Encryption Keys | G/E/Z | AES-CBC AES-CTR | ||||
| KTS | KTS | G/E/Z | AES-GCM | ||||
| KAS | SSH DHE/ECDHE Private Components | KAS | G/E/Z | KDF SSH (CVL) | |||
| KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation Safe Primes Key Verification | SSH DHE/ECDHE Public Components | G/E/R/W/Z | KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation Safe Primes Key Verification | ||||
| Counter DRBG, ESV | CO | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | ||
| System Provisioning | Perform panorama licensing, diagnostics, debug functions, manage Panorama support information and switch between Panorama Management-only, and Logger modes. (Panorama or Management-Only Mode) | CO | N/A | N/A | N/A | System and Configuration logs | |
| Panorama Software Update | Download and install software updates | CO | Public Key for Software Content Load Test | RSA SigVer (FIPS 186-4) | W/E | System and Configuration logs | |
| Panorama Manager Setup | Presents configuration options for management interfaces and communication for peer services (e.g., SNMP, RADIUS). Import, Export, Save, Load, revert and validate Panorama configurations and state role (Panorama or Management-Only Mode) | CO | RSA Private Keys | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/W/E | System and Configuration logs | |
| CKG ECDSA KeyGen ( FIPS 186-4) ECDSA SigGen (FIPS 186-4) | ECDSA Private Keys | CKG ECDSA KeyGen ( FIPS 186-4) ECDSA SigGen (FIPS 186-4) | G/W/E | ||||
| RSA SigVer (FIPS 186-4) | RSA Public Keys | RSA SigVer (FIPS 186-4) | G/R/E/W | ||||
| ECDSA SigVer (FIPS 186-4) | ECDSA Public Keys | ECDSA SigVer (FIPS 186-4) | G/R/E/W | ||||
| KDF SNMP (CVL) | SNMPv3 Authentication Secret | KDF SNMP (CVL) | W/E | ||||
| SNMPv3 Privacy Secret | SNMPv3 Privacy Secret | W/E | |||||
| HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | Authentication Key | HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | G/E/Z | ||||
| AES-CFB128 | Session Key | AES-CFB128 | G/E/Z | ||||
| RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | CA Certificates | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | G/R/E/W | ||||
| KAS | TLS Pre-Master Secret | KAS | G/E/Z | KDF TLS (CVL), MD5 (No security claimed) | |||
| TLS Master Secret | TLS Master Secret | G/E/Z | |||||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | TLS DHE/ECDHE Private Components | G/E/Z | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | ||||
| TLS DHE/ECDHE Public Components | TLS DHE/ECDHE Public Components | G/E/R/W/Z | |||||
| KTS | TLS HMAC Keys | KTS | G/E/Z | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384 | |||
| AES-CBC | TLS Encryption Keys | G/E/Z | AES-CBC | ||||
| KTS | TLS Encryption Keys | KTS | G/E/Z | AES-GCM | |||
| KTS | SSH Session Authentication Keys | KTS | G/E/Z | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | |||
| AES-CBC, AES-CTR | SSH Session Encryption Keys | G/E/Z | AES-CBC, AES-CTR | ||||
| KTS | KTS | AES-GCM | |||||
| KAS | SSH DHE/ECDHE Private Components | KAS | G/E/Z | KDF SSH (CVL) | |||
| SSH DHE/ECDHE Public Components | SSH DHE/ECDHE Public Components | G/E/R/W/Z | |||||
| N/A | CO | Protocol Secrets | N/A | W/E | |||
| Counter DRBG, ESV | CO | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | ||
| Manage Panorama Administrative Access | Define access control methods via admin profiles, configure administrators and password profiles Configure local user database, authentication profiles, sequence of methods and access domains | CO | CO, User Password | N/A | G/E/W | System and Configuration logs | |
| RSA SigVer (FIPS 186-4) | SSH Client Public Key | RSA SigVer (FIPS 186-4) | W/E | ||||
| RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | SSH Host Public Key | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | G/R/E/W | ||||
| Configure High Availability | Configure High Availability communication settings (Panorama or Management-Only Mode) | CO | RSA Public Key | RSA SigVer (FIPS 186-4) | G/R/E/W | Configuration Logs | |
| ECDSA SigVer (FIPS 186-4) | ECDSA Public Key | ECDSA SigVer (FIPS 186-4) | G/R/E/W | ||||
| Panorama Certificate Management | Manage RSA/ECDSA certificates and private keys, certificate profiles, revocation status, and usage; show status. | CO | RSA Private Keys ECDSA Private Keys | ECDSA SigGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/R/W/E | Configuration Logs | |
| ECDSA SigVer (FIPS 186-4) RSA SigVer (FIPS 186-4) | RSA Public Keys ECDSA Public Keys | ECDSA SigVer (FIPS 186-4) RSA SigVer (FIPS 186-4) | G/R/W/E | Configuration Logs | |||
| Counter DRBG, ESV | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | |||
| Panorama Log Setting | Configure log forwarding (Panorama or Management-Only Mode) | CO | N/A | N/A | N/A | Configuration Logs | |
| Panorama Server Profiles | Configure communication parameters and information for peer servers (Panorama or Management-Only Mode) | CO | SNMPv3 Authentication Secret | KDF SNMP (CVL) | W/E | System Logs | |
| SNMPv3 Privacy Secret | SNMPv3 Privacy Secret | W/E | |||||
| HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | Authentication Key | HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | G/E/Z | ||||
| AES-CFB128 | Session Key | AES-CFB128 | G/E/Z | ||||
| Setup Managed Devices and Deployment | Set-up and define managed devices, device groups for firewalls | CO | N/A | N/A | N/A | Configuration Logs |
Single-Factor Cryptographic Software (certificate common name / public The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 10/(2112), which is less than 1/100,000. The module supports at most 10 failed attempts and locks out afterwards. Definition of CSPs Modes of Access The following table defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Note: Unless otherwise specified, all services are available in all system modes. If there is a service that is specific to a certain system mode, it is noted in the Description column. Table 10
G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E N/A N/A N/A W/E G/W/E G/W/E G/R/E/W W/E G/E/Z G/E/Z G/R/E/W G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z Palo Alto Networks, Inc. W/E © 2025 G/R/E/W G/E/R/W/Z G/E/Z Panorama VM 10.1 Security Policy 14
G/E/Z G/E/Z G/E/Z G/E/R/W/Z N/A W/E G/E N/A G/E/W W/E G/R/E/W G/R/E/W G/R/E/W G/R/W/E G/R/W/E G/E N/A © 2025 Palo Alto Networks, Inc. N/A N/A W/E W/E N/A N/A G/E/Z G/E/Z N/A Panorama VM 10.1 Security Policy 15
| Configure device deployment applications and licenses View current deployment information on the managed firewalls. It also allows you to manage software/firmware versions and schedule updates on the managed firewalls and managed log collectors. (Panorama or Management-Only Mode) | ||||||
|---|---|---|---|---|---|---|
| Configure Managed Log Collectors | Setup and manage other Log Collector management, communication and storage settings View current deployment information on the managed Log Collectors. It also allows you to manage software/firmware versions and schedule updates on managed log collectors. (Panorama or Management-Only Mode) | N/A | CO, User Password | CO | G/E/W | System and Configuration logs |
| Zeroize | Overwrite all CSPs | N/A | All keys and SSPs | CO, Unauth enticate d | Z | Zeroization Indicator |
| Self-Test | Run power up self-tests on demand by power cycling the module. | N/A | Software Integrity Verification Key | CO, User, Unauth enticate d | E | System Logs |
| Show Status | View status of the module | N/A | N/A | CO, User | N/A | FIPS-CC Mode Indicator |
| System Audit | Allows review of limited configuration and system status via SNMPv3, logs, dashboard, show status, and configuration screens. CO Only: Provides configuration commit capability. (Panorama or Management-Only Mode) | N/A | N/A | CO, User | N/A | System Logs |
| Monitor System Status and Logs | Review system status via the panorama system CLI, dashboard and logs; show status. (Panorama or Management-Only Mode) | N/A | N/A | CO, User | N/A | System Logs |
| Panorama Log Collector Setup | Presents configuration options for management interfaces and communication for peer services Import, Export, Save, Load, revert and validate Panorama configurations and state (Log Collector mode) | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | RSA Private Keys | CO | G/W/E | System and Configuration logs |
| CKG ECDSA KeyGen ( FIPS 186-4) ECDSA SigGen (FIPS 186-4) | ECDSA Private Keys | G/W/E | ||||
| RSA SigVer (FIPS 186-4) | RSA Public Keys | G/R/E/W | ||||
| ECDSA SigVer (FIPS 186-4) | ECDSA Public Keys | G/R/E/W | ||||
| TLS Pre-Master Secret | G/E/Z |
N/A G/E/W N/A d Z E N/A d N/A N/A N/A N/A N/A N/A N/A N/A N/A G/W/E G/W/E G/R/E/W G/R/E/W © 2025 Palo Alto Networks, Inc. KAS KDF TLS (CVL), G/E/Z Panorama VM 10.1 Security Policy 16
| Name | Use Function | ||
|---|---|---|---|
| MD5 (No security claimed) | MD5 (No security claimed) | TLS Master Secret | G/E/Z |
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | TLS DHE/ECDHE Private Components | G/E/Z |
| TLS DHE/ECDHE Public Components | TLS DHE/ECDHE Public Components | G/E/R/W/Z | |
| KTS | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384 | TLS HMAC Keys | G/E/Z |
| AES-CBC | AES-CBC | TLS Encryption Keys | G/E/Z |
| KTS | AES-GCM | TLS Encryption Keys | G/E/Z |
| KTS | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | SSH Session Authentication Keys | G/E/Z |
| AES-CBC, AES-CTR | AES-CBC, AES-CTR | SSH Session Encryption Keys | G/E/Z |
| KTS | AES-GCM | ||
| KAS | KDF SSH (CVL) | SSH DHE/ECDHE Private Components | G/E/Z |
| Counter DRBG, ESV | DRBG Seed | G/E |
G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E Note: Configuration/System Logs for Approved services above will indicate FIPS-CC mode is enabled and that the service succeeded. 5. Software/Firmware Security The module performs the Software Integrity test by using HMAC-SHA-256 (HMAC Cert. #A2244) during the Pre-Operational Self-Test. In addition, the module also conducts a software load test by using RSA 2048 with SHA-256 (Cert. #A2244) for the new validated software to be uploaded into the module via the Panorama Software Update service. The Software Integrity Verification key and Public key for Software Content Load Test used for the Software Integrity and Software Load test, respectively, are generated externally and delivered as part of the module software image. The pre-operational self-tests can be initiated by power cycling the module. When this is performed, the module automatically runs the cryptographic algorithm self-tests in addition to the pre-operational software integrity test. Any software loaded into this module that is not shown on the module certificate is out of scope of this validation, and requires a separate FIPS 140-3 validation. 6. Operational Environment The module is a modifiable operational environment as per FIPS 140-3 Level 1 specifications. The hypervisor environment provides an isolated operating environment and is the single operator of the virtual machine. © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 17
| Name | Strength | Security Function | Generation | Establishment | Storage | Zeroization | Import Export | Key/SSP/Name/Type |
|---|---|---|---|---|---|---|---|---|
| ECDSA/RSA Public key - Used to trust a root CA intermediate CA and leaf /end entity certificates (RSA 2048, 3072, and 4096 bits) (ECDSA P-256, P-384, and P-521) | 112 - 256 bits | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2244 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | CA Certificates |
| RSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication | 112 - 150 bits | RSA SigVer (FIPS 186-4) Cert. #A2244 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted or Plaintext TLS handshake | RSA Public Keys |
| RSA Private keys for generation of signatures, authentication or key establishment. (RSA 2048, 3072, or 4096-bit) | 112 - 150 bits | RSA SigGen (FIPS 186-4) Cert. #A2244 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | RSA Private Keys |
| ECDSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (ECDSA P-256, P-384, or P-521) | 128 - 256 bits | ECDSA SigVer (FIPS 186-4) Cert. #A2244 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted or Plaintext TLS handshake | ECDSA Public Keys |
| ECDSA Private key for generation of signatures and authentication (P-256, P-384, or P-521) | 128 - 256 bits | ECDSA SigGen (FIPS 186-4) Cert. #A2244 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | ECDSA Private Keys |
| KAS-FFC or KAS-ECC Ephemeral values used in key agreement (KAS-FFC MODP-2048, KAS-ECC P-256, P-384, P-521) | 112 - 256 bits | KAS-ECC-SSC KAS-FFC-SSC Cert. #A2244 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | N/A | TLS DHE/ECDHE Private Components |
| KAS-FFC or KAS-ECC Ephemeral values used in key agreement (KAS-FFC MODP-2048, KAS-ECC P-256, P-384, P-521) | 112 - 256 bits | KAS-ECC-SSC KAS-FFC-SSC Cert. #A2244 | DRBG, SP 800-56A Rev. 3 | N/A | N/A | Zeroize at session termination | Plaintext - TLS handshake | TLS DHE/ECDHE Public Components |
| Secret value used to derive the TLS Master Secret along with client and server random nonces | 112 bits minimum | KDF TLS (CVL) Cert. #A2244, MD5 (No Security Claimed) | KAS-ECC-SSC or KAS-FFC-SSC , SP 800-56A Rev. 3 | N/A | RAM – plaintext | Zeroize at session termination | N/A | TLS Pre-Master Secret |
| Secret value used to derive the TLS session keys | 384 bits | KDF TLS (CVL) Cert. #A2244, MD5 (No Security Claimed) | KDF TLS (CVL) | N/A | RAM – plaintext | Zeroize at session termination | N/A | TLS Master Secret |
| AES (128 or 256 bit) keys used in TLS connections (GCM; CBC) | 128 or 256 bits | AES-CBC or AES-GCM Cert. #A2244 | KDF TLS (CVL) | TLS, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | TLS Encryption Keys |
| HMAC keys used in TLS connections (SHA-1, 256, 384) (160, 256, 384 bits) | 256 bits | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384 Cert. #A2244 | KDF TLS (CVL) | TLS, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | TLS HMAC Keys |
| KAS-FFC or KAS-ECC public component (KAS-FFC MODP-2048, KAS-ECC P-256, KAS-ECC P-384, KAS-ECC P-521) | 112 - 256 bits | KAS-ECC-SSC KAS-FFC-SSC Cert. #A2244 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | N/A | SSH DHE/ECDHE Private Components |
| KAS-FFC or KAS-ECC public component (KAS-FFC Group 14, KAS-ECC P-256, KAS-ECC P-384, KAS-ECC P-521) | 112 - 256 bits | KAS-ECC-SSC KAS-FFC-SSC Cert. #A2244 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | Plaintext SSH handshake | SSH DHE/ECDHE Public Components |
| SSH Host Public Key (RSA 2048, RSA 3072, | 112 - 256 bits | RSA SigVer (FIPS 186-4) | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | N/A | SSH Host Public Key |
| RSA 4096, ECDSA P-256, P-384, or P-521) | ECDSA SigVer (FIPS 186-4) Cert. #A2244 | |||||||
| Public RSA key used to authenticate client. (RSA 2048, 3072, and 4096 bits) | 112 - 150 bits | RSA SigVer (FIPS 186-4) Cert. #A2244 | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted | SSH Client Public Key |
| Used in all SSH connections to the security module’s command line interface. (128, 192, or 256 bits: CBC or CTR) (128 or 256 bits: GCM) | 128 - 256 bits | AES-CBC, AES-CTR, or AES-GCM Cert. #A2244 | KDF SSH (CVL) | SSH, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | SSH Session Encryption Keys |
| Authentication keys used in all SSH connections to the security module’s command line interface (HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512) (160, 256, 512 bits) | 160 - 256 bits | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 Cert. #A2244 | KDF SSH (CVL) | SSH, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | SSH Session Authentication Keys |
| Used to check the integrity of all software code. (HMAC-SHA-256 and ECDSA P-256) (Note: This is not considered an SSP) | 128 bits | HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4) Cert. #A2244 | Factory preload | N/A | HDD - plaintext | N/A | Import only, TLS or SSH Session Key Encrypted | Software integrity verification key |
| Used to authenticate software and content to be installed on the module (RSA 2048 with SHA-256) | 112 bits | RSA SigVer (FIPS 186-4) Cert. #A2244 | Factory preload | N/A | HDD - plaintext | N/A | Import only, TLS or SSH Session Key Encrypted | Public key for software content load test |
| Authentication string with a minimum length of eight (8) characters. | N/A | SHA2-256 Cert. #A2244 | External | N/A | HDD - a password hash (SHA2-256) | Zeroize Service | TLS or SSH Session Key Encrypted | CO, User Password |
| Secrets used by RADIUS (8 characters minimum) | N/A | N/A | External | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted | Protocol Secrets |
| Entropy input string coming from the entropy source Input length = 384 bits | 194 bits | CKG (vendor affirmed), Counter DRBG Cert. #A2244 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | Entropy Input String |
| DRBG seed coming from the entropy source Seed length = 384 bits | 194 bits | CKG (vendor affirmed), Counter DRBG Cert. #A2244 | Entropy as per SP 800-90B | N/A | RAM - Plaintext | Power cycle | N/A | DRBG Seed |
| AES 256 CTR DRBG state Key used in the generation of a random values | 256 bits | CKG (vendor affirmed), Counter DRBG Cert. #A2244 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | DRBG Key |
| AES 256 CTR DRBG state V used in the generation of a random values | 128 bits | CKG (vendor affirmed), Counter DRBG Cert. #A2244 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | DRBG V |
| Used to support SNMPv3 services (Minimum 8 characters) | N/A | KDF SNMP (CVL) Cert. #A2244 | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted | SNMPv3 Authentication Secret |
| Used to support SNMPv3 services (Minimum 8 characters) | N/A | KDF SNMP (CVL) Cert. #A2244 | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted | SNMPv3 Privacy Secret |
| HMAC–SHA-1/224/256 /384/512 Authentication protocol key (160 bits) | 160 - 256 bits | HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 Cert. #A2244 | KDF SNMP (CVL) | N/A | HDD/RAM - Plaintext | Zeroize Service | N/A | SNMPv3 Authentication Key |
| Privacy protocol encryption key (AES 128/192/256 CFB128) | 128 - 256 bits | AES-CFB128 Cert. #A2244 | KDF SNMP (CVL) | N/A | HDD/RAM - Plaintext | Zeroize Service | N/A | SNMPv3 Session Key |
The tested operating environments isolate virtual systems into separate isolated process spaces. Each process space is logically separated from all other processes by the operating environments software and hardware. The module functions entirely within the process space of the isolated system as managed by the single operational environment. This implicitly meets the FIPS 140-3 requirement that only one (1) entity at a time can use the cryptographic module. 7. Physical Security 8. Non-Invasive Security The module is a software only module; FIPS 140-3 physical security requirements are not applicable. There are currently no defined Approved non-invasive attack mitigation test metrics in SP 800-140F. 9. Sensitive Security Parameters Management The following table details all the sensitive security parameters utilized by the module. “TLS or SSH Session Key Encrypted” corresponds to the following KTS entries listed in the Approved Algorithms table:
N/A N/A N/A N/A N/A N/A N/A © 2025 Palo Alto Networks, Inc. N/A N/A N/A N/A N/A N/A N/A N/A Panorama VM 10.1 Security Policy 19
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2025 N/A Palo Alto Networks, Inc. N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Panorama VM 10.1 Security Policy 20
| Name | Key Size | |
|---|---|---|
| Details | Minimum number of bits of entropy | Entropy Source |
| ESV Cert. #E129 The entropy source provides at least 0.506 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy | 194 bits | Palo Alto Networks DRNG RDSEED Entropy Source |
N/A N/A N/A N/A N/A N/A N/A Note: SSPs are implicitly zeroized when power is lost, or explicitly zeroized by the zeroize service. In the case of implicit zeroization, the SSPs are implicitly overwritten with random values due to their ephemeral memory being reset upon power loss. For the zeroization service and zeroization at session termination, the SSP's memory location is overwritten with random values. The module utilizes the following entropy source, which is internal to the physical perimeter of the host GPC. Table 12 - Non-Deterministic Random Number Generation Specification 10. Self-Tests The cryptographic module performs the following tests below. The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module. The pre-operational and conditional self-tests are performed automatically and do not require any additional operator action. Pre-operational Self-Tests Pre-operational Software Integrity Test
| Cause of Error | Error State Indicator |
|---|---|
| Conditional Cryptographic Algorithm Self-Test or Software Integrity Test Failure | FIPS-CC mode failure. <Algorithm test> failed. |
| Conditional Pairwise Consistency or Critical Functions Test Failure | System log prints an error message. |
| Conditional Software Load Test Failure | System prints Invalid image message. |
Table 13 - Errors and Indicators 11. Life-cycle Assurance The vendor provided life-cycle assurance documentation describes configuration management, design, finite state model, development, testing, delivery & operation, end of life procedures, and guidance. For details regarding the approved mode of operation, see “Approved Mode of Operation''. For details regarding secure installation, initialization, startup, and operation of the module, see below. Installation Instructions The module can be retrieved by downloading Panorama_pc-10.1.5 from the support site: https://support.paloaltonetworks.com/Support/Index, and a checksum (SHA-256) is available to ensure the module is correct: Panorama_pc-10.1.5: 018fd6b322d1d65023751496ac3f9a7c4890fdd523f9d5a9145c752447b492cb Alternatively, the module version can be obtained by running the following commands via CLI (as an authorized administrator): 1. request system software check 2. request system software download version 10.1.5 3. request system software install version 10.1.5 4. request restart system Palo Alto Network provides an Administrator Guide for additional information noted in the “References” section of this Security Policy. The module design corresponds to the module security rules. Module Enforced Security Rules When FIPS-CC mode is enabled, the module runs all the required items noted in Section 10 Self-Tests. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-3 Level 1 module. 1. The cryptographic module shall provide distinct operator roles. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 2. The cryptographic module shall clear previous authentications on power cycle. © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 23
3. The module shall support the generation of key material with the approved DRBG. The entropy provided must be greater than or equal to the strength of the key being generated. 4. Data output shall be inhibited during power-up self-tests and error states. 5. Processes performing key generation and zeroization processes shall be logically isolated from the logical data output paths. 6. The module does not output intermediate key generation values. 7. Status information output from the module shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 8. There are no restrictions on which keys or CSPs are zeroized by the zeroization service. 9. The module maintains separation between concurrent operators. 10. The module does not support a maintenance interface or role. 11. The module does not have any external input/output devices used for entry/output of data. 12. The module does not enter or output plaintext CSPs. Vendor Imposed Security Rules In FIPS-CC mode, the following rules shall apply: 1. The operator should not enable TLSv1.0 or use RSA for key wrapping; it is disabled by default. a. Checked via CLI using “show shared” command 2. When FIPS-CC mode is enabled, the operator shall not install plugins. a. Checked via CLI using “show plugins installed” 3. When FIPS-CC mode is enabled, the operator shall not use TACACS+. RADIUS may be used but must be protected by TLS protocol. a. Checked via CLI using “show deviceconfig” command Failure to follow these Security Rules will cause the module to operate in a non-compliant state. Key to Entity The cryptographic module associates all keys (secret, private, or public) stored within, entered into or output from the module with authenticated operators of the module. Keys stored within the module are only made available to authenticated operators via TLS or SSH. Keys are only input or output from the module by the authenticated operator via a SSH or TLS protected communication. Any attempt to intervene in the key to entity relationship would require defeating the module TLS or SSH encryption and authentication/integrity mechanism. 12. Mitigation of Other Attacks This module is not designed to mitigate other attacks outside the scope of FIPS 140-3. 13. References [FIPS 140-3] FIPS Publication 140-3 Security Requirements for Cryptographic Modules [AGD] Panorama Administrator’s Guide Version 10.1: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/panorama/10-1/panorama-admin/panorama-admin.p df © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 24
14. Definitions and Acronyms AES