All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Panorama Virtual Appliance 10.1

Certificate#4805StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorPalo Alto Networks, Inc.
High review priority  ·  no TCB surface named  ·  last validated 16 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/22/2029
CaveatWhen installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
VendorPalo Alto Networks, Inc.

Approved Algorithms (30)

AlgorithmACVP Cert
AES-CBCA2244
AES-CFB128A2244
AES-CTRA2244
AES-GCMA2244
Conditioning Component AES-CBC-MAC SP800-90BA1791
Counter DRBGA2244
ECDSA KeyGen (FIPS186-4)A2244
ECDSA KeyVer (FIPS186-4)A2244
ECDSA SigGen (FIPS186-4)A2244
ECDSA SigVer (FIPS186-4)A2244
HMAC-SHA-1A2244
HMAC-SHA2-224A2244
HMAC-SHA2-256A2244
HMAC-SHA2-384A2244
HMAC-SHA2-512A2244
KAS-ECC-SSC Sp800-56Ar3A2244
KAS-FFC-SSC Sp800-56Ar3A2244
KDF SNMPA2244
KDF SSHA2244
KDF TLSA2244
RSA KeyGen (FIPS186-4)A2244
RSA SigGen (FIPS186-4)A2244
RSA SigVer (FIPS186-4)A2244
Safe Primes Key GenerationA2244
Safe Primes Key VerificationA2244
SHA-1A2244
SHA2-224A2244
SHA2-256A2244
SHA2-384A2244
SHA2-512A2244

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication3
Software/Firmware Security1
Operational Environment1
Physical SecurityN/A
Non-Invasive SecurityN/A
Self-Tests1
Life-Cycle Assurance3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Panorama Virtual Appliance 10.1
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Panorama Software Update</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Zeroize<br/>Self-Test<br/>Show Status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Panorama Virtual Appliance 10.1
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Panorama Software Update</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Zeroize<br/>Self-Test<br/>Show Status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Panorama Virtual Appliance 10.1 Version: 1.2 Revision Date: February 13, 2025 Palo Alto Networks, Inc.​ www.paloaltonetworks.com​ © 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. ​

Page 2
Table of Contents
#SectionPage
1General​3
2Cryptographic Module Specification​3
3Cryptographic Module Interfaces​10
4Roles, Services, and Authentication​11
5Software/Firmware Security​17
6Operational Environment​18
7Physical Security​18
8Non-Invasive Security​18
9Sensitive Security Parameters Management​18
10Self-Tests​21
11Life-cycle Assurance​23
12Mitigation of Other Attacks​25
13References​25
14Definitions and Acronyms​25
1General1
2Cryptographic Module Specification1
3Cryptographic Module Interfaces1
4Roles, Services, and Authentication3
5Software/Firmware Security1
6Operational Environment1
9Security Parameter Management1
10Self-Tests1
11Life-Cycle Assurance3
Page 3
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication3
55Software/Firmware Security1
66Operational Environment1
77Physical SecurityN/A
88Non-Invasive SecurityN/A
99Security Parameter Management1
1010Self-Tests1
1111Life-Cycle Assurance3
1212Mitigation of Other AttacksN/A
Overall LevelOverall Level1
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1VMware ESXi v7.0Dell PowerEdge R740Intel Gold 6248N/A1
2KVM on Ubuntu 20.04Dell PowerEdge R740Intel Gold 6248N/A2
3Hyper-V 2019 on Microsoft Hyper-V Server 2019Dell PowerEdge R740Intel Gold 6248N/A3

1.​ The Panorama Virtual Appliance 10.1 from Palo Alto Networks Inc., hereafter referred to as “Panorama VM” or the “cryptographic module” are multi-chip standalone cryptographic modules designed to fulfill FIPS 140-3 level 1 requirements. The Panorama VM provides a centralized monitoring and management of multiple Palo Alto Networks next-generation (NG) firewalls and Wildfire appliances. For purposes of this validation, the exact software version of the module tested was 10.1.5. The cryptographic module meets Table 1 - Security Levels 2.​ N/A N/A N/A The tested operational environments are highlighted in Table 2. Table 2

Page 4
Module configuration
NameOperating SystemHardware Platform#
1Amazon Web Services (AWS)x86 Architecture (Note: Specific processor/hardware is dependent on Instance/Machine Type selected for operation system)1
2Microsoft Azure2
3Google Cloud Platform (GCP)3

Table 3

Page 5

Non-Compliant State Failure to follow the directions in the Approved Mode of Operation above or rules noted in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Selecting Panorama, Management-Only, and Log Collector System Modes The Panorama VM supports multiple configurations that provide varying services. The Cryptographic Officer can initialize the module into different System Mode. The module supports the following System Modes:

Page 6
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Conditioning Component AES-CBC-MAC SP 800-90BA1791AES-CBC-MAC128 bitsVetted conditioning component for ESV Cert. #E129
AES-CBC [SP 800-38A]A2244CBC128, 192 and 256 bitsEncryption Decryption
AES-CFB128 [SP 800-38A]A2244CFB128128 bitsEncryption Decryption
AES-CTR [SP 800-38A]A2244CTR128, 192 and 256 bitsEncryption Decryption
AES-GCM [SP 800-38D]A2244GCM**128 and 256 bitsEncryption Decryption
Counter DRBG [SP 800-90Arev1]A2244Counter DRBGAES 256 bits with Derivation Function EnabledRandom Bit Generator
ECDSA KeyGen (FIPS 186-4)A2244ECDSA KeyGen (FIPS 186-4)P-256, P-384, P-521Key Generation
ECDSA KeyVer (FIPS 186-4)A2244ECDSA KeyVer (FIPS 186-4)P-256, P-384, P-521Public Key Validation
ECDSA SigGen (FIPS 186-4)A2244ECDSA SigGen (FIPS 186-4)P-256, P-384, P-521 with SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature Generation
ECDSA SigVer (FIPS 186-4)A2244ECDSA SigVer (FIPS 186-4)P-256, P-384, P-521 with SHA-1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature Verification
HMAC-SHA-1 [FIPS 198-1]A2244HMACHMAC-SHA-1 with λ=160Authentication for protocols
HMAC-SHA2-224 [FIPS 198-1]A2244HMACHMAC-SHA2-224 with λ=224Authentication for protocols
HMAC-SHA2-256 [FIPS 198-1]A2244HMACHMAC-SHA2-256 with λ=256Authentication for protocols
HMAC-SHA2-384 [FIPS 198-1]A2244HMACHMAC-SHA2-384 with λ=384Authentication for protocols
HMAC-SHA2-512 [FIPS 198-1]A2244HMACHMAC-SHA2-512 with λ=512Authentication for protocols
KAS-ECC-SSC Sp800-56Ar3A2244KASEphemeral Unified Model: P-256/P-384/P-521Key Exchange
KAS-FFC-SSC SP 800-56Ar3A2244KASdhEphem: MODP-2048Key Exchange
KDF SNMP [SP 800-135rev1] (CVL)A2244SNMPv3 KDFEngine ID: 80001F88043030303030343935323630SNMPv3
KDF SSH [SP 800-135rev1] (CVL)A2244SSHv2 KDFSHA-1, SHA2-256, SHA2-512SSH
KDF TLSA2244TLS 1.0/1.1 KDF, TLS1.2 KDFTLS v1.0/1.1 TLS v1.2 Hash Algorithm: SHA2-256, SHA2-384TLS
RSA KeyGen (FIPS 186-4)A2244RSA KeyGen (FIPS 186-4)2048, 3072, and 4096 bitsKey Pair Generation
RSA SigGen (FIPS 186-4)A2244RSA SigGen (FIPS 186-4)(ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, and 4096-bit with hashes SHA2-256/384/512Signature Generation
RSA SigVer (FIPS 186-4)A2244RSA SigVer (FIPS 186-4)(ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1 and SHA2-224+++/256/384/512 (Signature Verification) +++ This Hash algorithm is not supported for ANSI X9.31Signature Verification
SHA-1 [FIPS 180-4]A2244SHASHA-1Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-224 [FIPS 180-4]A2244SHA2SHA-224Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-256 [FIPS 180-4]A2244SHA2SHA-256Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-384 [FIPS 180-4]A2244SHA2SHA-384Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-512 [FIPS 180-4]A2244SHA2SHA-512Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
Safe Primes Key Generation [RFC 3526]A2244Safe Primes Key GenerationMODP-2048Safe Primes Key Generation
Safe Primes Key Verification [RFC 3526]A2244Safe Primes Key VerificationMODP-2048Safe Primes Key Verification
KTS [SP 800-38F]AES Cert. #A2244 and HMAC Cert. #A2244SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys providing 128, 192, or 256 bits of encryption strengthKey Wrapping. AES-CBC or AES-CTR with HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-384, or HMAC-SHA2-512
KTS [SP 800-38F]AES-GCM Cert. #A2244SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128 and 256-bit keys providing 128 or 256 bits of encryption strengthKey Wrapping. AES-GCM.
SP 800-90BESV Cert. #E129ESVPalo Alto Networks DRNG RDSEED Entropy SourceEntropy

Table 4

Page 7

D.G. D.G. © 2025 Panorama VM 10.1 Security Policy 7

Page 8
Sensitive security parameter
NameStrengthSecurity FunctionSP 800-56 Arev3. KAS-ECC per IG D.F Scenario 2 path (2).Key Exchange with protocol KDF
CKG (SP 800-133rev2)Cryptographic Key Generation; SP 800-133rev2 and IG D.I (asymmetric seeds).Vendor AffirmedSection 5.1, Section 5.2Key Generation Note:The seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG

5.2 ** The module is compliant to IG C.H: GCM is used in the context of TLS and SSH:

Page 9
Approved algorithm
NameUse FunctionUse / Function
MD5Only allowed as the PRF in TLSv1.1 per IG 2.4.AOnly allowed as the PRF in TLSv1.0 and v1.1 per IG 2.4.AMessage digest used in TLSv1.0 / v1.1
KDF onlyKDF only

The module is compliant to IG C.F: The module utilizes approved modulus sizes 2048, 3072, and 4096 bits for RSA signatures. This functionality has been CAVP tested as noted above. The minimum number of Miller Rabin tests for each modulus size is implemented according to Table C.2 of FIPS 186-4. For modulus size 4096 the module implements the largest number of Miller-Rabin tests shown in Table C.2. RSA SigVer is CAVP tested for all three supported modulus sizes as noted above. The module does not perform FIPS 186-2 SigVer. All supported modulus sizes are CAVP testable and tested as noted above. The module does not implement RSA key transport in the approved mode. The module does not have any algorithms that fall under: -​ Non-Approved Algorithms Allowed in the Approved Mode of Operation -​ Non-Approved Algorithms Not Allowed in the Approved Mode of Operation The cryptographic module supports the following non-Approved algorithms that are allowed for use in the Approved mode of operation: Table 5A - Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed Table 6 - Supported Protocols in the Approved Mode Supported Protocols* TLS v1.1, v1.2 SSHv2 SNMPv3 *Note: No parts of these protocols, other than the approved cryptographic algorithms and the KDFs, have been tested or reviewed by the CAVP and CMVP. Cryptographic Boundary The Panorama Virtual Appliance is a software cryptographic module and requires an underlying general purpose computer (GPC) environment. The module consists of a GPC (multi-chip standalone embodiment) with the cryptographic boundary defined below. The cryptographic boundary (CB) includes all of the software components of the module, which is included in the file name in Section 11 (Panorama_pc-10.1.5) and also the configuration file that resides on the virtual machine’s virtual disk. The physical perimeter (PP) is defined by the enclosure around the host GPC on which it runs. Figure 1 depicts the boundary and illustrates the hardware components of a GPC. © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 9

Page 10
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
PowerPowerPowerPower supplies
Console, GPC I/OConsole, GPC I/OStatus OutputSelf-test status output
EthernetEthernetData input, control input, control output, data output, status outputHTTPS, TLS, SNMP, and SSH traffic data.

Figure 1

Page 11
Service
NameRolesInputOutput
Show VersionCOQuery module for versionModule provides version
Access web portalCO, UserConnect to web portal from TLS client.Confirmation of service via Configuration Logs
Access CLICO, UserConnect to SSH server from SSH clientConfirmation of service via Configuration Logs
System ProvisioningCOConfiguring and managing system configurations (e.g., IP address, system time, etc.) via CLI or WebUIConfirmation of service via Configuration Logs
Panorama Software UpdateCOLoading new imageMessage output noting version updated successfully via System Logs
Panorama Manager SetupCOConfiguring and managing Manager configurations (e.g., HTTPS, NTP, etc.) via CLI or WebUIConfirmation of service via Configuration Logs
Manage Panorama Administrative AccessCOConfiguring and managing Administrative configurations (e.g., creating user accounts, setting authentication method, etc.) via CLI or WebUIConfirmation of service via Configuration Logs
Configure High AvailabilityCOConfiguring and managing High Availability (HA) configuration via CLI or WebUIConfirmation of service via Configuration Logs
Panorama Certificate ManagementCOConfiguring and managing certificates via CLI or WebUIConfirmation of service via Configuration Logs
Panorama Log SettingCOConfiguring and managing log settings via CLI or WebUIConfirmation of service via Configuration Logs
Panorama Server ProfilesCOConfiguring and managing Server configurations (e.g. SNMP, etc.) via CLI or WebUIConfirmation of service via Configuration Logs
Setup Managed Devices and DeploymentCOConfiguring and managing Managed Devices configurations (e.g., Versions, Licenses, etc.) via CLI or WebUIConfirmation of service via Configuration Logs
Configure Managed Log CollectorsCOConfiguring and managing Managed Log Collectors configurations via CLI or WebUIConfirmation of service via Configuration Logs
ZeroizeCO, UnauthenticatedZeroize from CLIZeroization Indicator
Self-TestCO, User, UnauthenticatedRun self-test via CLI or WebUIOutput results via System Logs
Show StatusCO, UserShow status via CLI or WebUIFIPS-CC Mode Indicator
System AuditCO, UserView system audit records via CLI or WebUIAudit records via System Logs
Monitor System Status and LogsCO, UserView system status records via CLI or WebUISystem status via System Logs
Panorama Log Collector SetupCOConfiguring and managing Log Collectors configurations via CLI or WebUIConfirmation of service via Configuration Logs.

4.​ Roles, Services, and Authentication Roles and Services While in the Approved mode of operation, all CO and User services are accessed via SSH or TLS sessions. Approved and allowed algorithms, relevant CSPs and public keys related to these protocols are accessed to support the following services. CSP access by services is further described in the following tables. Table 8

Page 12
Approved algorithm
NameUse Function
Authentication StrengthAuthentication MethodRole
Password-based Minimum length is eight1 (8) characters (95 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(958) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(958), which is less than 1/100,000. The module’s configuration supports at most ten failed attempts to authenticate in a one-minute period. Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521.Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication)CO
UserMemorized Secret (Unique Username/password) and/orUser

​ Assumption of Roles The module supports distinct operator roles. The cryptographic module in Panorama or Management-Only mode enforces the separation of roles using unique authentication credentials associated with operator accounts. The Log Collector mode The module does not provide a maintenance role or bypass capability. Table 9 - Roles and Authentication In FIPS-CC Mode, the module checks and enforces the minimum password length of eight (8) as specified in SP 800-63B. Passwords are securely stored hashed with salt value, with very restricted access control, and rate limiting mechanism for authentication attempts. © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 12

Page 13
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show VersionQuery the module to display the versionCON/AN/AN/AVersion displayed via System Logs / CLI / UI
Access web portalConnect to module’s web portal to invoke services. (Panorama or Management-Only Mode)CO, UserCA CertificatesRSA SigVer (186-4)G/R/E/WSystem Logs
RSA SigVer (186-4)RSA Public KeysRSA SigVer (186-4)G/R/E/W
ECDSA SigVer (186-4)ECDSA Public KeysECDSA SigVer (186-4)G/R/E/W
KASTLS Pre-Master SecretKASG/E/ZKDF TLS (CVL), MD5 (No security claimed)
TLS Master SecretTLS Master SecretG/E/Z
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationTLS DHE/ECDHE Private ComponentsG/E/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/Z
KTSTLS HMAC KeysKTSG/E/ZHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384
AES-CBCTLS Encryption KeysG/E/ZAES-CBC
KTSTLS Encryption KeysKTSG/E/ZAES-GCM
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/E
Access CLIConnect to module’s CLI via SSHCO, UserSSH Session Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA-1 HMAC-SHA2-256
AES-CBC AES-CTRSSH Session Encryption KeysG/E/ZAES-CBC AES-CTR
KTSKTSG/E/ZAES-GCM
KASSSH DHE/ECDHE Private ComponentsKASG/E/ZKDF SSH (CVL)
KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsG/E/R/W/ZKAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation Safe Primes Key Verification
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/ESystem Logs
System ProvisioningPerform panorama licensing, diagnostics, debug functions, manage Panorama support information and switch between Panorama Management-only, and Logger modes. (Panorama or Management-Only Mode)CON/AN/AN/ASystem and Configuration logs
Panorama Software UpdateDownload and install software updatesCOPublic Key for Software Content Load TestRSA SigVer (FIPS 186-4)W/ESystem and Configuration logs
Panorama Manager SetupPresents configuration options for management interfaces and communication for peer services (e.g., SNMP, RADIUS). Import, Export, Save, Load, revert and validate Panorama configurations and state role (Panorama or Management-Only Mode)CORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/ESystem and Configuration logs
CKG ECDSA KeyGen ( FIPS 186-4) ECDSA SigGen (FIPS 186-4)ECDSA Private KeysCKG ECDSA KeyGen ( FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/E
RSA SigVer (FIPS 186-4)RSA Public KeysRSA SigVer (FIPS 186-4)G/R/E/W
ECDSA SigVer (FIPS 186-4)ECDSA Public KeysECDSA SigVer (FIPS 186-4)G/R/E/W
KDF SNMP (CVL)SNMPv3 Authentication SecretKDF SNMP (CVL)W/E
SNMPv3 Privacy SecretSNMPv3 Privacy SecretW/E
HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512Authentication KeyHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512G/E/Z
AES-CFB128Session KeyAES-CFB128G/E/Z
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)CA CertificatesRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/W
KASTLS Pre-Master SecretKASG/E/ZKDF TLS (CVL), MD5 (No security claimed)
TLS Master SecretTLS Master SecretG/E/Z
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationTLS DHE/ECDHE Private ComponentsG/E/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
KTSTLS HMAC KeysKTSG/E/ZHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384
AES-CBCTLS Encryption KeysG/E/ZAES-CBC
KTSTLS Encryption KeysKTSG/E/ZAES-GCM
KTSSSH Session Authentication KeysKTSG/E/ZHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512
AES-CBC, AES-CTRSSH Session Encryption KeysG/E/ZAES-CBC, AES-CTR
KTSKTSAES-GCM
KASSSH DHE/ECDHE Private ComponentsKASG/E/ZKDF SSH (CVL)
SSH DHE/ECDHE Public ComponentsSSH DHE/ECDHE Public ComponentsG/E/R/W/Z
N/ACOProtocol SecretsN/AW/E
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/ESystem Logs
Manage Panorama Administrative AccessDefine access control methods via admin profiles, configure administrators and password profiles Configure local user database, authentication profiles, sequence of methods and access domainsCOCO, User PasswordN/AG/E/WSystem and Configuration logs
RSA SigVer (FIPS 186-4)SSH Client Public KeyRSA SigVer (FIPS 186-4)W/E
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)SSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/W
Configure High AvailabilityConfigure High Availability communication settings (Panorama or Management-Only Mode)CORSA Public KeyRSA SigVer (FIPS 186-4)G/R/E/WConfiguration Logs
ECDSA SigVer (FIPS 186-4)ECDSA Public KeyECDSA SigVer (FIPS 186-4)G/R/E/W
Panorama Certificate ManagementManage RSA/ECDSA certificates and private keys, certificate profiles, revocation status, and usage; show status.CORSA Private Keys ECDSA Private KeysECDSA SigGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/R/W/EConfiguration Logs
ECDSA SigVer (FIPS 186-4) RSA SigVer (FIPS 186-4)RSA Public Keys ECDSA Public KeysECDSA SigVer (FIPS 186-4) RSA SigVer (FIPS 186-4)G/R/W/EConfiguration Logs
Counter DRBG, ESVDRBG SeedCounter DRBG, ESVG/ESystem Logs
Panorama Log SettingConfigure log forwarding (Panorama or Management-Only Mode)CON/AN/AN/AConfiguration Logs
Panorama Server ProfilesConfigure communication parameters and information for peer servers (Panorama or Management-Only Mode)COSNMPv3 Authentication SecretKDF SNMP (CVL)W/ESystem Logs
SNMPv3 Privacy SecretSNMPv3 Privacy SecretW/E
HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512Authentication KeyHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512G/E/Z
AES-CFB128Session KeyAES-CFB128G/E/Z
Setup Managed Devices and DeploymentSet-up and define managed devices, device groups for firewallsCON/AN/AN/AConfiguration Logs

Single-Factor Cryptographic Software (certificate common name / public The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 10/(2112), which is less than 1/100,000. The module supports at most 10 failed attempts and locks out afterwards. Definition of CSPs Modes of Access The following table defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Note: Unless otherwise specified, all services are available in all system modes. If there is a service that is specific to a certain system mode, it is noted in the Description column. Table 10

Page 14

G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E N/A N/A N/A W/E G/W/E G/W/E G/R/E/W W/E G/E/Z G/E/Z G/R/E/W G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z Palo Alto Networks, Inc. W/E © 2025 G/R/E/W G/E/R/W/Z G/E/Z Panorama VM 10.1 Security Policy 14

Page 15

G/E/Z G/E/Z G/E/Z G/E/R/W/Z N/A W/E G/E N/A G/E/W W/E G/R/E/W G/R/E/W G/R/E/W G/R/W/E G/R/W/E G/E N/A © 2025 Palo Alto Networks, Inc. N/A N/A W/E W/E N/A N/A G/E/Z G/E/Z N/A Panorama VM 10.1 Security Policy 15

Page 16
Configure device deployment applications and licenses View current deployment information on the managed firewalls. It also allows you to manage software/firmware versions and schedule updates on the managed firewalls and managed log collectors. (Panorama or Management-Only Mode)
Configure Managed Log CollectorsSetup and manage other Log Collector management, communication and storage settings View current deployment information on the managed Log Collectors. It also allows you to manage software/firmware versions and schedule updates on managed log collectors. (Panorama or Management-Only Mode)N/ACO, User PasswordCOG/E/WSystem and Configuration logs
ZeroizeOverwrite all CSPsN/AAll keys and SSPsCO, Unauth enticate dZZeroization Indicator
Self-TestRun power up self-tests on demand by power cycling the module.N/ASoftware Integrity Verification KeyCO, User, Unauth enticate dESystem Logs
Show StatusView status of the moduleN/AN/ACO, UserN/AFIPS-CC Mode Indicator
System AuditAllows review of limited configuration and system status via SNMPv3, logs, dashboard, show status, and configuration screens. CO Only: Provides configuration commit capability. (Panorama or Management-Only Mode)N/AN/ACO, UserN/ASystem Logs
Monitor System Status and LogsReview system status via the panorama system CLI, dashboard and logs; show status. (Panorama or Management-Only Mode)N/AN/ACO, UserN/ASystem Logs
Panorama Log Collector SetupPresents configuration options for management interfaces and communication for peer services Import, Export, Save, Load, revert and validate Panorama configurations and state (Log Collector mode)CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)RSA Private KeysCOG/W/ESystem and Configuration logs
CKG ECDSA KeyGen ( FIPS 186-4) ECDSA SigGen (FIPS 186-4)ECDSA Private KeysG/W/E
RSA SigVer (FIPS 186-4)RSA Public KeysG/R/E/W
ECDSA SigVer (FIPS 186-4)ECDSA Public KeysG/R/E/W
TLS Pre-Master SecretG/E/Z

N/A G/E/W N/A d Z E N/A d N/A N/A N/A N/A N/A N/A N/A N/A N/A G/W/E G/W/E G/R/E/W G/R/E/W © 2025 Palo Alto Networks, Inc. KAS KDF TLS (CVL), G/E/Z Panorama VM 10.1 Security Policy 16

Page 17
Approved algorithm
NameUse Function
MD5 (No security claimed)MD5 (No security claimed)TLS Master SecretG/E/Z
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationTLS DHE/ECDHE Private ComponentsG/E/Z
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
KTSHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384TLS HMAC KeysG/E/Z
AES-CBCAES-CBCTLS Encryption KeysG/E/Z
KTSAES-GCMTLS Encryption KeysG/E/Z
KTSHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512SSH Session Authentication KeysG/E/Z
AES-CBC, AES-CTRAES-CBC, AES-CTRSSH Session Encryption KeysG/E/Z
KTSAES-GCM
KASKDF SSH (CVL)SSH DHE/ECDHE Private ComponentsG/E/Z
Counter DRBG, ESVDRBG SeedG/E

G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E Note: Configuration/System Logs for Approved services above will indicate FIPS-CC mode is enabled and that the service succeeded. 5.​ Software/Firmware Security The module performs the Software Integrity test by using HMAC-SHA-256 (HMAC Cert. #A2244) during the Pre-Operational Self-Test. In addition, the module also conducts a software load test by using RSA 2048 with SHA-256 (Cert. #A2244) for the new validated software to be uploaded into the module via the Panorama Software Update service. The Software Integrity Verification key and Public key for Software Content Load Test used for the Software Integrity and Software Load test, respectively, are generated externally and delivered as part of the module software image. The pre-operational self-tests can be initiated by power cycling the module. When this is performed, the module automatically runs the cryptographic algorithm self-tests in addition to the pre-operational software integrity test. Any software loaded into this module that is not shown on the module certificate is out of scope of this validation, and requires a separate FIPS 140-3 validation. 6.​ Operational Environment The module is a modifiable operational environment as per FIPS 140-3 Level 1 specifications. The hypervisor environment provides an isolated operating environment and is the single operator of the virtual machine. © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 17

Page 18
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportKey/SSP/Name/Type
ECDSA/RSA Public key - Used to trust a root CA intermediate CA and leaf /end entity certificates (RSA 2048, 3072, and 4096 bits) (ECDSA P-256, P-384, and P-521)112 - 256 bitsRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2244DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedCA Certificates
RSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication112 - 150 bitsRSA SigVer (FIPS 186-4) Cert. #A2244DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeRSA Public Keys
RSA Private keys for generation of signatures, authentication or key establishment. (RSA 2048, 3072, or 4096-bit)112 - 150 bitsRSA SigGen (FIPS 186-4) Cert. #A2244DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedRSA Private Keys
ECDSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (ECDSA P-256, P-384, or P-521)128 - 256 bitsECDSA SigVer (FIPS 186-4) Cert. #A2244DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeECDSA Public Keys
ECDSA Private key for generation of signatures and authentication (P-256, P-384, or P-521)128 - 256 bitsECDSA SigGen (FIPS 186-4) Cert. #A2244DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedECDSA Private Keys
KAS-FFC or KAS-ECC Ephemeral values used in key agreement (KAS-FFC MODP-2048, KAS-ECC P-256, P-384, P-521)112 - 256 bitsKAS-ECC-SSC KAS-FFC-SSC Cert. #A2244DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ATLS DHE/ECDHE Private Components
KAS-FFC or KAS-ECC Ephemeral values used in key agreement (KAS-FFC MODP-2048, KAS-ECC P-256, P-384, P-521)112 - 256 bitsKAS-ECC-SSC KAS-FFC-SSC Cert. #A2244DRBG, SP 800-56A Rev. 3N/AN/AZeroize at session terminationPlaintext - TLS handshakeTLS DHE/ECDHE Public Components
Secret value used to derive the TLS Master Secret along with client and server random nonces112 bits minimumKDF TLS (CVL) Cert. #A2244, MD5 (No Security Claimed)KAS-ECC-SSC or KAS-FFC-SSC , SP 800-56A Rev. 3N/ARAM – plaintextZeroize at session terminationN/ATLS Pre-Master Secret
Secret value used to derive the TLS session keys384 bitsKDF TLS (CVL) Cert. #A2244, MD5 (No Security Claimed)KDF TLS (CVL)N/ARAM – plaintextZeroize at session terminationN/ATLS Master Secret
AES (128 or 256 bit) keys used in TLS connections (GCM; CBC)128 or 256 bitsAES-CBC or AES-GCM Cert. #A2244KDF TLS (CVL)TLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS Encryption Keys
HMAC keys used in TLS connections (SHA-1, 256, 384) (160, 256, 384 bits)256 bitsHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384 Cert. #A2244KDF TLS (CVL)TLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS HMAC Keys
KAS-FFC or KAS-ECC public component (KAS-FFC MODP-2048, KAS-ECC P-256, KAS-ECC P-384, KAS-ECC P-521)112 - 256 bitsKAS-ECC-SSC KAS-FFC-SSC Cert. #A2244DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ASSH DHE/ECDHE Private Components
KAS-FFC or KAS-ECC public component (KAS-FFC Group 14, KAS-ECC P-256, KAS-ECC P-384, KAS-ECC P-521)112 - 256 bitsKAS-ECC-SSC KAS-FFC-SSC Cert. #A2244DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationPlaintext SSH handshakeSSH DHE/ECDHE Public Components
SSH Host Public Key (RSA 2048, RSA 3072,112 - 256 bitsRSA SigVer (FIPS 186-4)DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceN/ASSH Host Public Key
RSA 4096, ECDSA P-256, P-384, or P-521)ECDSA SigVer (FIPS 186-4) Cert. #A2244
Public RSA key used to authenticate client. (RSA 2048, 3072, and 4096 bits)112 - 150 bitsRSA SigVer (FIPS 186-4) Cert. #A2244N/AN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedSSH Client Public Key
Used in all SSH connections to the security module’s command line interface. (128, 192, or 256 bits: CBC or CTR) (128 or 256 bits: GCM)128 - 256 bitsAES-CBC, AES-CTR, or AES-GCM Cert. #A2244KDF SSH (CVL)SSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Encryption Keys
Authentication keys used in all SSH connections to the security module’s command line interface (HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512) (160, 256, 512 bits)160 - 256 bitsHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 Cert. #A2244KDF SSH (CVL)SSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Authentication Keys
Used to check the integrity of all software code. (HMAC-SHA-256 and ECDSA P-256) (Note: This is not considered an SSP)128 bitsHMAC-SHA2-256, ECDSA SigVer (FIPS 186-4) Cert. #A2244Factory preloadN/AHDD - plaintextN/AImport only, TLS or SSH Session Key EncryptedSoftware integrity verification key
Used to authenticate software and content to be installed on the module (RSA 2048 with SHA-256)112 bitsRSA SigVer (FIPS 186-4) Cert. #A2244Factory preloadN/AHDD - plaintextN/AImport only, TLS or SSH Session Key EncryptedPublic key for software content load test
Authentication string with a minimum length of eight (8) characters.N/ASHA2-256 Cert. #A2244ExternalN/AHDD - a password hash (SHA2-256)Zeroize ServiceTLS or SSH Session Key EncryptedCO, User Password
Secrets used by RADIUS (8 characters minimum)N/AN/AExternalN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedProtocol Secrets
Entropy input string coming from the entropy source Input length = 384 bits194 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2244Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/AEntropy Input String
DRBG seed coming from the entropy source Seed length = 384 bits194 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2244Entropy as per SP 800-90BN/ARAM - PlaintextPower cycleN/ADRBG Seed
AES 256 CTR DRBG state Key used in the generation of a random values256 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2244Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG Key
AES 256 CTR DRBG state V used in the generation of a random values128 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2244Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG V
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP (CVL) Cert. #A2244N/AN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedSNMPv3 Authentication Secret
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP (CVL) Cert. #A2244N/AN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedSNMPv3 Privacy Secret
HMAC–SHA-1/224/256 /384/512 Authentication protocol key (160 bits)160 - 256 bitsHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 Cert. #A2244KDF SNMP (CVL)N/AHDD/RAM - PlaintextZeroize ServiceN/ASNMPv3 Authentication Key
Privacy protocol encryption key (AES 128/192/256 CFB128)128 - 256 bitsAES-CFB128 Cert. #A2244KDF SNMP (CVL)N/AHDD/RAM - PlaintextZeroize ServiceN/ASNMPv3 Session Key

The tested operating environments isolate virtual systems into separate isolated process spaces. Each process space is logically separated from all other processes by the operating environments software and hardware. The module functions entirely within the process space of the isolated system as managed by the single operational environment. This implicitly meets the FIPS 140-3 requirement that only one (1) entity at a time can use the cryptographic module. 7.​ Physical Security 8.​ Non-Invasive Security The module is a software only module; FIPS 140-3 physical security requirements are not applicable. There are currently no defined Approved non-invasive attack mitigation test metrics in SP 800-140F. 9.​ Sensitive Security Parameters Management The following table details all the sensitive security parameters utilized by the module. “TLS or SSH Session Key Encrypted” corresponds to the following KTS entries listed in the Approved Algorithms table:

Page 19

N/A N/A N/A N/A N/A N/A N/A © 2025 Palo Alto Networks, Inc. N/A N/A N/A N/A N/A N/A N/A N/A Panorama VM 10.1 Security Policy 19

Page 20

N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2025 N/A Palo Alto Networks, Inc. N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Panorama VM 10.1 Security Policy 20

Page 21
Approved algorithm
NameKey Size
DetailsMinimum number of bits of entropyEntropy Source
ESV Cert. #E129 The entropy source provides at least 0.506 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy194 bitsPalo Alto Networks DRNG RDSEED Entropy Source

N/A N/A N/A N/A N/A N/A N/A Note: SSPs are implicitly zeroized when power is lost, or explicitly zeroized by the zeroize service. In the case of implicit zeroization, the SSPs are implicitly overwritten with random values due to their ephemeral memory being reset upon power loss. For the zeroization service and zeroization at session termination, the SSP's memory location is overwritten with random values. The module utilizes the following entropy source, which is internal to the physical perimeter of the host GPC. Table 12 - Non-Deterministic Random Number Generation Specification 10.​ Self-Tests The cryptographic module performs the following tests below. The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module. The pre-operational and conditional self-tests are performed automatically and do not require any additional operator action. Pre-operational Self-Tests Pre-operational Software Integrity Test

Page 22
Page 23
Cause of ErrorError State Indicator
Conditional Cryptographic Algorithm Self-Test or Software Integrity Test FailureFIPS-CC mode failure. <Algorithm test> failed.
Conditional Pairwise Consistency or Critical Functions Test FailureSystem log prints an error message.
Conditional Software Load Test FailureSystem prints Invalid image message.

Table 13 - Errors and Indicators 11.​ Life-cycle Assurance The vendor provided life-cycle assurance documentation describes configuration management, design, finite state model, development, testing, delivery & operation, end of life procedures, and guidance. For details regarding the approved mode of operation, see “Approved Mode of Operation''. For details regarding secure installation, initialization, startup, and operation of the module, see below. Installation Instructions The module can be retrieved by downloading Panorama_pc-10.1.5 from the support site: https://support.paloaltonetworks.com/Support/Index, and a checksum (SHA-256) is available to ensure the module is correct: Panorama_pc-10.1.5: 018fd6b322d1d65023751496ac3f9a7c4890fdd523f9d5a9145c752447b492cb Alternatively, the module version can be obtained by running the following commands via CLI (as an authorized administrator): 1.​ request system software check 2.​ request system software download version 10.1.5 3.​ request system software install version 10.1.5 4.​ request restart system Palo Alto Network provides an Administrator Guide for additional information noted in the “References” section of this Security Policy. The module design corresponds to the module security rules. Module Enforced Security Rules When FIPS-CC mode is enabled, the module runs all the required items noted in Section 10 Self-Tests. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-3 Level 1 module. 1.​ The cryptographic module shall provide distinct operator roles. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 2.​ The cryptographic module shall clear previous authentications on power cycle. © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 23

Page 24

3.​ The module shall support the generation of key material with the approved DRBG. The entropy provided must be greater than or equal to the strength of the key being generated. 4.​ Data output shall be inhibited during power-up self-tests and error states. 5.​ Processes performing key generation and zeroization processes shall be logically isolated from the logical data output paths. 6.​ The module does not output intermediate key generation values. 7.​ Status information output from the module shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 8.​ There are no restrictions on which keys or CSPs are zeroized by the zeroization service. 9.​ The module maintains separation between concurrent operators. 10.​ The module does not support a maintenance interface or role. 11.​ The module does not have any external input/output devices used for entry/output of data. 12.​ The module does not enter or output plaintext CSPs. Vendor Imposed Security Rules In FIPS-CC mode, the following rules shall apply: 1.​ The operator should not enable TLSv1.0 or use RSA for key wrapping; it is disabled by default. a.​ Checked via CLI using “show shared” command 2.​ When FIPS-CC mode is enabled, the operator shall not install plugins. a.​ Checked via CLI using “show plugins installed” 3.​ When FIPS-CC mode is enabled, the operator shall not use TACACS+. RADIUS may be used but must be protected by TLS protocol. a.​ Checked via CLI using “show deviceconfig” command Failure to follow these Security Rules will cause the module to operate in a non-compliant state. Key to Entity The cryptographic module associates all keys (secret, private, or public) stored within, entered into or output from the module with authenticated operators of the module. Keys stored within the module are only made available to authenticated operators via TLS or SSH. Keys are only input or output from the module by the authenticated operator via a SSH or TLS protected communication. Any attempt to intervene in the key to entity relationship would require defeating the module TLS or SSH encryption and authentication/integrity mechanism. 12.​ Mitigation of Other Attacks This module is not designed to mitigate other attacks outside the scope of FIPS 140-3. 13.​ References [FIPS 140-3] FIPS Publication 140-3 Security Requirements for Cryptographic Modules [AGD] Panorama Administrator’s Guide Version 10.1: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/panorama/10-1/panorama-admin/panorama-admin.p df © 2025 Palo Alto Networks, Inc. Panorama VM 10.1 Security Policy 24

Page 25

14.​ Definitions and Acronyms AES

Referenced URLs