| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 2/13/2030 |
| Caveat | When installed, initialized and configured as specified in Section "Life-Cycle Assurance" of the Security Policy. The tamper evident seals and opacity shields installed as indicated in Section "Physical Security" of the Security Policy. |
| Vendor | Cisco Systems, Inc. |
flowchart LR
%% Deterministic review-risk graph for Cisco Adaptive Security Appliance Cryptographic Module (FPR 3100 Series)
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Cisco Adaptive Security Appliance Cryptographic Module (FPR 3100 Series)
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Cisco Systems, Inc. Cisco Adaptive Security Appliance Cryptographic Module (FPR 3100 Series) Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2025 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Hardware | 6 |
| Table 3: Modes List and Description | 7 |
| Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation | 9 |
| Table 5: Approved Algorithms - Marvell Cavium Nitrox V | 9 |
| Table 6: Vendor-Affirmed Algorithms | 10 |
| Table 7: Security Function Implementations | 15 |
| Table 8: Entropy Certificates | 16 |
| Table 9: Entropy Sources | 16 |
| Table 10: Ports and Interfaces | 17 |
| Table 11: Authentication Methods | 19 |
| Table 12: Roles | 19 |
| Table 13: Approved Services | 36 |
| Table 14: Mechanisms and Actions Required | 38 |
| Table 15: Storage Areas | 43 |
| Table 16: SSP Input-Output Methods | 44 |
| Table 17: SSP Zeroization Methods | 44 |
| Table 18: SSP Table 1 | 51 |
| Table 19: SSP Table 2 | 58 |
| Table 20: Pre-Operational Self-Tests | 58 |
| Table 21: Conditional Self-Tests | 62 |
| Table 22: Pre-Operational Periodic Information | 63 |
| Table 23: Conditional Periodic Information | 65 |
| Table 24: Error States | 65 |
| Figure 1 FPR 3105, 3110, 3120, 3130, 3140 | 6 |
| Figure 2 Module’s front view opacity shield | 39 |
| Figure 3 Module’s back view | 39 |
| Figure 4 Module’s top view with opacity shield | 39 |
| Figure 5 Module’s bottom view with opacity shield | 40 |
| Figure 6 Module’s left view with opacity shield | 40 |
| Figure 7 Module’s right view with opacity shield | 40 |
| Figure 8 Opacity Shield Brackets | 42 |
Appliance Cryptographic Module (FPR 3100 Series) (hereinafter referred to as ASA or Module), version 9.20. The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 2 Hardware cryptographic module. The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module interfaces; roles, services, and authentication; software/firmware security; operational environment; physical security; non-invasive security; sensitive security parameter management; self-tests; life-cycle assurance; and mitigation of other attacks. The following table indicates the actual security levels for each area of the cryptographic module.
Section Title Security Level
1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 3
5 Software/Firmware security 2
6 Operational environment N/A
7 Physical security 2
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A
Overall Level 2 Table 1: Security Levels
Purpose and Use: This module is a multi-chip standalone hardware cryptographic module deployed under the Next-Generation Firewall (NGFW) with Adaptive Security Appliance (ASA). The module’s operational environment is non-modifiable. ASA delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. The ASA solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content © 2021-2025 Cisco Systems, Inc.
security and secure unified communications, HTTPS/TLSv1.2, SSHv2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B using the ASA Cryptographic Module. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics [O]: Cryptographic Boundary: The cryptographic boundary is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case, and shown in the figures below and in the Physical Security section. The FPR 3105, FPR 3110, FPR 3120, FPR 3130 and FPR 3140 all have the same exterior appearance. Where they differ is in Firewall throughput, IPS throughput, IPsec VPN throughput and number of VPN peers allowed. Figure 1 FPR 3105, 3110, 3120, 3130, 3140
Tested Module Identification
FRP FPR-3110 9.20 AMD EPYC 7272 (Zen2) & NITROX-V,
FRP FPR-3120 9.20 AMD EPYC 7282 (Zen2) & NITROX-V,
FRP FPR-3130 9.20 AMD EPYC 7352 (Zen2) & NITROX-V,
FRP FPR-3140 9.20 AMD EPYC 7452 (Zen2) & NITROX-V,
Table 2: Tested Module Identification
N/A for this module. Tested Module Identification
Modes List and Description: Mode Name Description Type Status Indicator Approved The module is always in the approved Approved Approved mode Mode of mode of operation after initial indicator: "FIPS is Operation operations are performed. currently enabled." Table 3: Modes List and Description The module has one approved mode of operation and is always in the approved mode of operation after initial operations are performed (See Section 11). The module does not claim implementation of a degraded mode of operation. Section 4 provides details on the service indicator implemented by the module.
Approved Algorithms: CiscoSSL FOM Cryptographic Implementation Algorithm CAVP Properties Reference Cert AES-CBC A4446 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-GCM A4446 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 © 2021-2025 Cisco Systems, Inc.
Algorithm CAVP Properties Reference Cert Counter DRBG A4446 Prediction Resistance - Yes SP 800-90A Mode - AES-128, AES-192, AES-256 Rev. 1 Derivation Function Enabled - Yes ECDSA KeyGen A4446 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) ECDSA SigGen A4446 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 ECDSA SigVer A4446 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) HMAC-SHA-1 A4446 Key Length - Key Length: 256-448 Increment FIPS 198-1 HMAC-SHA2-224 A4446 Key Length - Key Length: 256-448 Increment FIPS 198-1 HMAC-SHA2-256 A4446 Key Length - Key Length: 256-448 Increment FIPS 198-1 HMAC-SHA2-384 A4446 Key Length - Key Length: 256-448 Increment FIPS 198-1 HMAC-SHA2-512 A4446 Key Length - Key Length: 256-448 Increment FIPS 198-1 KAS-ECC-SSC A4446 Domain Parameter Generation Methods - P- SP 800-56A Sp800-56Ar3 256, P-384, P-521 Rev. 3 KAS-FFC-SSC A4446 Domain Parameter Generation Methods - SP 800-56A Sp800-56Ar3 ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, Rev. 3 modp-3072, modp-4096 KDF IKEv2 (CVL) A4446 Diffie-Hellman Shared Secret Length - Diffie- SP 800-135 Hellman Shared Secret Length: 2048 Rev. 1 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1 KDF SNMP A4446 Password Length - Password Length: 256, 64 SP 800-135 (CVL) Rev. 1 KDF SSH (CVL) A4446 Cipher - AES-128, AES-192, AES-256 SP 800-135 Rev. 1 RSA KeyGen A4446 Key Generation Mode - B.3.4 FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 Hash Algorithm - SHA2-256 Private Key Format - Standard RSA SigGen A4446 Signature Type - ANSI X9.31, PKCS 1.5, FIPS 186-4 (FIPS186-4) PKCSPSS Modulo - 2048, 3072, 4096 RSA SigVer A4446 Signature Type - ANSI X9.31, PKCS 1.5, FIPS 186-4 (FIPS186-4) PKCSPSS Modulo - 1024, 2048, 3072, 4096 Safe Primes Key A4446 Safe Prime Groups - modp-2048, modp-3072, SP 800-56A Generation modp-4096 Rev. 3 SHA-1 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 © 2021-2025 Cisco Systems, Inc.
Algorithm CAVP Properties Reference Cert SHA2-224 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-256 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-384 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-512 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 TLS v1.2 KDF A4446 Hash Algorithm - SHA2-256, SHA2-384, SP 800-135 RFC7627 (CVL) SHA2-512 Rev. 1 Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation Marvell Cavium Nitrox V Algorithm CAVP Properties Reference Cert AES-CBC C1026 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-GCM C1026 Direction - Decrypt, Encrypt SP 800-38D IV Generation - External Key Length - 128, 192, 256 Hash DRBG C1026 Prediction Resistance - No SP 800-90A Mode - SHA2-512 Rev. 1 HMAC-SHA-1 C1026 - FIPS 198-1 HMAC-SHA2- C1026 - FIPS 198-1 HMAC-SHA2- C1026 - FIPS 198-1 HMAC-SHA2- C1026 - FIPS 198-1 SHA-1 C1026 Message Length - Message Length: 0- FIPS 180-4
SHA2-256 C1026 Message Length - Message Length: 0- FIPS 180-4
SHA2-384 C1026 Message Length - Message Length: 0- FIPS 180-4
SHA2-512 C1026 Message Length - Message Length: 0- FIPS 180-4
Table 5: Approved Algorithms - Marvell Cavium Nitrox V Vendor-Affirmed Algorithms: Name Properties Implementation Reference CKG Key CiscoSSL FOM The cryptographic module performs Type:Asymmetric Cryptographic Cryptographic Key Generation (CKG) for Implementation asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed) and FIPS © 2021-2025 Cisco Systems, Inc.
Name Properties Implementation Reference 140-3 IG D.H. A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800-90Arev1 CTR_DRBG (A4446) or HMAC_DRBG (C1026) Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.
Name Type Description Properties Algorithms KAS-ECC- KAS-KeyGen KAS ECC Counter DRBG KeyGen keygen used in Hash DRBG (SSHv2) SSHv2 service CKG KAS-FFC- KAS-KeyGen KAS FFC Counter DRBG KeyGen keygen used in Safe Primes Key (SSHv2) SSHv2 service Generation Hash DRBG CKG KAS-ECC- KAS-KeyGen KAS ECC Counter DRBG KeyGen keygen used in Hash DRBG (TLSv1.2) TLSv1.2 service CKG KAS-FFC- KAS-KeyGen KAS FFC Counter DRBG KeyGen keygen used in Safe Primes Key (TLSv1.2) TLSv1.2 service Generation Hash DRBG CKG KAS-ECC- KAS-KeyGen KAS ECC Counter DRBG KeyGen (IKEv2) keygen used in Hash DRBG IKE v2 service CKG KAS-FFC- KAS-KeyGen KAS FFC Counter DRBG KeyGen (IKEv2) keygen used in Safe Primes Key IKE v2 service Generation © 2021-2025 Cisco Systems, Inc.
Name Type Description Properties Algorithms Hash DRBG CKG KAS-FFC KAS-Full Key Agreement Bit-strength KDF SSH (SSHv2) Scheme per Caveat:Provides KAS-FFC-SSC SP800-56Arev3 between 112 to Sp800-56Ar3 with KDF SSH. 152 bits of Domain The module’s encryption Parameter KAS (FFC) strength Generation implementation Methods:: modpis FIPS140-3 IG 2048 D.F Scenario 2 (path 2) compliant KAS-ECC KAS-Full Key Agreement Bit-strength KDF SSH (SSHv2) Scheme per Caveat:Provides KAS-ECC-SSC SP800-56Arev3 between 128 Sp800-56Ar3 with KDF SSH. and 256 bits of The module’s encryption KAS (FFC) strength implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant KAS-FFC KAS-Full Key Agreement Bit-strength TLS v1.2 KDF (TLSv1.2) Scheme per Caveat:Provides RFC7627 SP800-56Arev3 between 112 to KAS-FFC-SSC with TLS v1.2 152 bits of Sp800-56Ar3 KDF RFC7627. encryption Domain The module’s strength Parameter KAS (FFC) Generation implementation Methods:: modpis FIPS140-3 IG 2048 D.F Scenario 2 (path 2) compliant KAS-ECC KAS-Full Key Agreement Bit-strength TLS v1.2 KDF (TLSv1.2) Scheme per Caveat:Provides RFC7627 SP800-56Arev3 between 128 KAS-ECC-SSC with KDF IKEv2. and 256 bits of Sp800-56Ar3 The module’s encryption KAS (ECC) strength implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant © 2021-2025 Cisco Systems, Inc.
Name Type Description Properties Algorithms KAS-ECC KAS-Full Key Agreement Bit-strength KAS-ECC-SSC (IKEv2) Scheme per Caveat:Provides Sp800-56Ar3 SP800-56Arev3 between 112 KDF IKEv2 with KDF IKEv2. and 256 bits of The module’s encryption KAS (ECC) strength implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant KAS-FFC KAS-Full Key Agreement Bit-strength KAS-FFC-SSC (IKEv2) Scheme per Caveat:Provides Sp800-56Ar3 SP800-56Arev3 between 112 KDF IKEv2 with KDF IKEv2. and 152 bits of The module’s encryption KAS (FFC) strength implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant KTS (TLSv1.2 KTS-Wrap KTS via TLSv1.2 Bit-strength AES-CBC with AES and service by using Caveat:Provides Key Length: HMAC) AES and HMAC between 128 128, 256 and 256 bits of HMAC-SHA-1 encryption HMAC-SHA2strength 256 HMAC-SHA2SHA-1 SHA2-256 SHA2-384 KTS (TLSv1.2 KTS-Wrap KTS via TLSv1.2 Bit-strength AES-GCM with AES-GCM) service by using Caveat:Provides Key Length: AES-GCM between 128 128, 256 and 256 bits of AES-CBC encryption strength KTS (SSHv2 KTS-Wrap KTS via SSHv2 Bit-strength AES-CBC with AES and service by using Caveat:Provides Key Length: HMAC) AES and HMAC between 128 128, 256 and 256 bits of HMAC-SHA-1 encryption HMAC-SHA2strength 256 SHA-1 SHA2-256 © 2021-2025 Cisco Systems, Inc.
Name Type Description Properties Algorithms KTS (SSHv2 KTS-Wrap KTS via SSHv2 Bit-strength AES-GCM with AES-GCM) service by using Caveat:Provides Key Length: AES-GCM between 128 128, 256 and 256 bits of AES-CBC encryption strength RSA KeyGen AsymKeyPair- RSA KeyGen for RSA KeyGen (SSHv2, KeyGen SSHv2, (FIPS186-4) TLSv1.2, IKEv2) TLSv1.2, and Counter DRBG IKEv2 services Hash DRBG ECDSA KeyGen AsymKeyPair- ECDSA KeyGen ECDSA KeyGen (SSHv2, KeyGen for TLSv1.2 and (FIPS186-4) TLSv1.2 and IKEv2 services Counter DRBG IKEv2) Hash DRBG RSA SigGen DigSig-SigGen RSA SigGen for RSA SigGen (SSHv2, SSHv2, (FIPS186-4) TLSv1.2, IKEv2) TLSv1.2, and IKEv2 services ECDSA SigGen DigSig-SigGen ECDSA SigGen ECDSA SigGen (SSHv2, for TLSv1.2, and (FIPS186-4) TLSv1.2 and IKEv2 services IKEv2) RSA SigVer DigSig-SigVer RSA SigVer for RSA SigVer (SSHv2, SSHv2, (FIPS186-4) TLSv1.2, and TLSv1.2, and IKEv2) IKEv2 services ECDSA SigVer DigSig-SigVer ECDSA SigVer ECDSA SigVer (SSHv2, for TLSv1.2 and (FIPS186-4) TLSv1.2, and IKEv2 services IKEv2) Block Cipher BC-Auth Block Cipher for AES-CBC (SSHv2) BC-UnAuth SSHv2 service Key Length: 128, 256 AES-GCM Key Length: 128, 256 Block Cipher BC-Auth Block Cipher for AES-GCM (TLSv1.2) BC-UnAuth TLSv1.2 service Key Length: 128, 256 AES-CBC Key Length: 128, 256 Block Cipher BC-Auth Block Cipher for AES-CBC (IPSec/IKEv2) BC-UnAuth IPSec/IKEv2 AES-GCM service AES-CBC AES-GCM Block Cipher BC-UnAuth Block Cipher for AES-CBC (SNMPv3) SNMPv3 service KDF SNMP © 2021-2025 Cisco Systems, Inc.
Name Type Description Properties Algorithms MAC (SSHv2) MAC MAC for SSHv2 HMAC-SHA-1 service HMAC-SHA2SHA-1 SHA2-256 MAC (TLSv1.2) MAC Message HMAC-SHA-1 Authentication HMAC-SHA2for TLSv1.2 256 services HMAC-SHA2SHA-1 SHA2-256 SHA2-384 MAC MAC Message HMAC-SHA2(IPSec/IKEv2) Authentication 256 for IPSec/IKEv2 HMAC-SHA2services 384 HMAC-SHA2SHA2-256 SHA2-384 SHA2-512 HMAC-SHA2HMAC-SHA2HMAC-SHA2SHA2-256 SHA2-384 SHA2-512 HMAC-SHA-1 SHA-1 MAC (SNMPv3) MAC Message HMAC-SHA-1 Authentication SHA-1 for SNMPv3 KDF SNMP service HMAC-SHA2HMAC-SHA2SHA2-256 SHA2-384 HMAC-SHA2SHA2-224 Firmware Load MAC MAC for HMAC-SHA2Test firmware load 512 test © 2021-2025 Cisco Systems, Inc.
Name Type Description Properties Algorithms SSHv2 Keying KAS-135KDF SSHv2 session KDF SSH Materials keying materials, Development used to derive SSHv2 session keys TLS Keying KAS-135KDF TLS session TLS v1.2 KDF Materials keying materials, RFC7627 Development used to derive TLS session keys IKEv2 Keying KAS-135KDF IKEv2 session KDF IKEv2 Materials keying materials, Development used to derive IKEv2 session keys SNMPv3 Keying KAS-135KDF SNMPv3 KDF SNMP Materials session keying Development materials, used to derive SNMPv3 session keys DRBG Function DRBG DRBG Counter DRBG generation Hash DRBG Table 7: Security Function Implementations
There are some algorithm modes that were tested but not implemented by the module. Only the algorithms, modes, and key sizes that are implemented by the module are shown in this table. The module’s AES-GCM implementation conforms to Implementation Guidance C.H scenario #1 following RFC 5288 for TLS. The module is compatible with TLSv1.2 and provides support for the acceptable GCM cipher suites from SP 800-52 Rev1, Section 3.3.1. The operations of one of the two parties involved in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the module being validated. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. The keys for the client and server negotiated in the TLSv1.2 handshake process (client_write_key and server_write_key) are compared and the module aborts the session if the key values are identical. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established. The module uses RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption keys are derived. When the IV exhausts the maximum number © 2021-2025 Cisco Systems, Inc.
of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. Two keys established by IKEv2 for one security association (one key for encryption in each direction between the parties) are not identical and abort the session if they are. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established. No parts of SSH, TLS, IKE and SNMP protocols, other than the KDFs, have been tested by the CAVP and CMVP.
Cert Vendor Name Number E3 Cisco Systems, Inc. Table 8: Entropy Certificates Name Type Operational Environment Sample Entropy Conditioning Size per Component Sample Cisco Jitter Non- AMD EPYC 7272 (Zen2), 4 bits 2 bits A2810 (SHA3Entropy Physical AMD EPYC 7282 (Zen2), 256) Source AMD EPYC 7352 (Zen2), AMD EPYC 7452 (Zen2) Table 9: Entropy Sources
The module generates RSA, ECDSA, ECDH, and DH asymmetric key pairs compliant with FIPS 186-4, using a NIST SP 800-90A CTR DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).
The module provides the following key/SSP establishment services in the approved mode of operation:
shared secret computation. The shared secret computation provides between 128 and
The module supports SSHv2, TLS v1.2, SNMPv3 and IPsec/IKEv2 industrial protocols. Please refer to SSPs Table for more information.
Physical Port Logical Data That Passes Interface(s) Ethernet Port, SFP (1G) Data Input Data input into the module for all the services port, SFP+ (10G) port, defined in Approved Services Table, including and Console Port TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. Ethernet Port, SFP (1G) Data Output Data output from the module for all the services port, SFP+ (10G) port defined in Approved Services Table, including and Console Port TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. Ethernet Port, SFP (1G) Control Control Data input into the module for all the port, SFP+ (10G) port, Input services defined in Approved Services Table, Console Port and RESET including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. Ethernet Port, SFP (1G) Status Status Information output from the module. port, SFP+ (10G) port, Output Console Port and LEDs N/A Control N/A Output Power Power Provide the Power Supply to the module. Table 10: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided by the module (data input, data output, control input, control output and status output) as above.
Method Description Security Strength Strength per Minute Name Mechanism Each Attempt Password The minimum length is Password The probability The probability of eight (8) characters (94 Based that a random successfully © 2021-2025 Cisco Systems, Inc.
Method Description Security Strength Strength per Minute Name Mechanism Each Attempt possible characters). attempt will authenticating to the The configuration succeed or a module within one supports at most ten false minute is 10/(94^8), failed attempts to acceptance which is less than authenticate in a one- will occur is 1/100,000. minute period. 1/(94^8) which is less than 1/1,000,000. RSA- The modules support RSA SigVer The probability the probability of Based RSA public-key based (FIPS186-4) that a random successfully Certificate authentication (A4446) attempt will authenticating to the mechanism using a succeed is module within a one minimum of RSA 2048 1/(2^112). minute period is bits, which provides 112 Please refer to 17,000 * 60 = bits of security strength. Description 1,020,000/(2^112). The probability that a section in this Please refer to random attempt will table for more Description section in succeed is 1/(2^112) details this table for more which is less than details 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a oneminute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000. ECDSA- The modules support ECDSA The probability the probability of Based ECDSA public-key SigVer that a random successfully Certificate based authentication (FIPS186-4) attempt will authenticating to the mechanism using a (A4446) succeed is module within a one minimum of curve P- 1/(2^128) minute period is 256, which provides 128 which is less 17,000 * 60 = bits of security strength. than 1,020,000/(2^128). The probability that a 1/1,000,000. Please refer to random attempt will Please refer to Description section in succeed is 1/(2^128) Description this table for more which is less than section in this details 1/1,000,000. For © 2021-2025 Cisco Systems, Inc.
Method Description Security Strength Strength per Minute Name Mechanism Each Attempt multiple attacks during a table for more one-minute period, as details the module at its highest can support at most 17,000 new sessions per second to authenticate in a oneminute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000. Table 11: Authentication Methods The module implements identity-based authentication. The module supports Crypto Officer role and the User role. The module also allows the concurrent operators.
Name Type Operator Type Authentication Methods Crypto Officer Identity CO Password RSA-Based Certificate ECDSA-Based Certificate User Identity User Password RSA-Based Certificate ECDSA-Based Certificate Table 12: Roles Unauthenticated Users can run the self-test service by power-cycling the module by removing the power and re-applying.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Show Provide N/A Command Module's None Crypto Status Module’s used to Operationa Officer current show l Status User status Module's (return Status © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions codes and/or syslog messages) Show Provide N/A Command Module's None Crypto Version Module's to show ID and Officer name and version versioning User version information information Perform Perform N/A Command Status of None Crypto Self-Tests Self-Tests to trigger the self- Officer (Pre- Self-Test tests User operational results Unauthentic self-test ated and Conditional Self-Tests) Perform Perform Syslog Command Status of None Crypto Zeroization Zeroization message to zeroize the SSPs Officer the module zeroization - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - User Password: Z - Crypto Officer Password: Z - RADIUS Secret: Z - TACACS+ Secret: Z - Firmware Load Test Key: Z - SSH DH Private Key: Z - SSH DH Public Key: Z © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: Z - SSH ECDH Public Key: Z - SSH Peer ECDH Public Key: Z - SSH ECDH Shared Secret: Z - SSH RSA Private Key: Z - SSH RSA Public Key: Z - SSH ECDSA Private Key: Z - SSH ECDSA Public Key: Z - SSH Session Encryption Key: Z - SSH Session Authenticatio n Key: Z - TLS DH Private Key: Z - TLS DH Public Key: Z - TLS Peer DH Public © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Key: Z - TLS DH Shared Secret: Z - TLS ECDH Private Key: Z - TLS ECDH Public Key: Z - TLS Peer ECDH Public Key: Z - TLS ECDH Shared Secret: Z - TLS ECDSA Private Key: Z - TLS ECDSA Public Key: Z - TLS RSA Private Key: Z - TLS RSA Public Key: Z - TLS Master Secret: Z - TLS Session Encryption Key: Z - TLS Session Authenticatio n Key: Z - IPSec/IKE DH Private Key: Z - IPSec/IKE DH Public Key: Z - IPSec/IKE Peer DH © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Public Key: Z - IPSec/IKE DH Shared Secret: Z - IPSec/IKE ECDH Private Key: Z - IPSec/IKE ECDH Public Key: Z - IPSec/IKE Peer ECDH Public Key: Z - IPSec/IKE ECDH Shared Secret: Z - IPSec/IKE ECDSA Private Key: Z - IPSec/IKE ECDSA Public Key: Z - IPSec/IKE RSA Private Key: Z - IPSec/IKE RSA Public Key: Z - IPSec/IKE Pre-shared Secret: Z SKEYSEED: Z - IPSec/IKE Session Encryption Key: Z - IPSec/IKE Authenticatio n Key: Z - SNMPv3 © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Shared Secret: Z - SNMPv3 Encryption Key: Z - SNMPv3 Authenticatio n Key: Z Configure Sets None Command Status of None Crypto Network configurati s to the Officer on of the configure completion systems the of network network configurati on status Crypto CO Role N/A CO Status of None Crypto Officer Authenticat Authenticat the CO Officer Authenticat ion ion authenticat - Crypto ion Request ion Officer Password: W,Z User User Role N/A User role Status of None User Authenticat Authenticat authenticat the User - User ion ion ion request role Password: authenticat W,Z ion Configure Sets the None CLI Status of None Crypto Bypass Bypass Bypass the Officer Capability capability commands completion of Bypass capability configurati on Configure Configure Global Command Status of KAS-FFC Crypto SSHv2 SSHv2 Indicator s to the (SSHv2) Officer Function Function and configure completion KAS-ECC - SSH DH SSHv2 SSHv2 of the (SSHv2) Private Key: configurat SSHv2 KTS W,E ion configurati (SSHv2 - SSH DH success on with AES Public Key: status and W,E message HMAC) - SSH Peer KTS DH Public (SSHv2 Key: W,E with AES- - SSH DH GCM) Shared RSA Secret: W,E KeyGen - SSH ECDH (SSHv2, Private Key: © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions TLSv1.2, W,E IKEv2) - SSH ECDH ECDSA Public Key: KeyGen W,E (SSHv2, - SSH Peer TLSv1.2 ECDH and IKEv2) Public Key: RSA W,E SigGen - SSH ECDH (SSHv2, Shared TLSv1.2, Secret: W,E IKEv2) - SSH RSA ECDSA Private Key: SigGen W,E (SSHv2, - SSH RSA TLSv1.2 Public Key: and IKEv2) W,E RSA - SSH SigVer ECDSA (SSHv2, Private Key: TLSv1.2, W,E and IKEv2) - SSH ECDSA ECDSA SigVer Public Key: (SSHv2, W,E TLSv1.2, - SSH and IKEv2) Session Block Encryption Cipher Key: W,E (SSHv2) - SSH MAC Session (SSHv2) Authenticatio KAS-ECC- n Key: W,E KeyGen - DRBG (SSHv2) Entropy KAS-FFC- Input: W,E KeyGen - DRBG (SSHv2) Seed: W,E DRBG - DRBG Function Internal SSHv2 State V Keying value: W,E Materials - DRBG Key: Developm W,E ent Configure Configure Global Command Status of KAS-FFC Crypto HTTPS HTTPS Indicator s to the (TLSv1.2) Officer over over and configure completion KAS-ECC - TLS DH HTTPS TLSv1.2 of TLSv1.2 (TLSv1.2) Private Key: © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions TLSv1.2 TLSv1.2 over configurati KTS W,E Function Function TLSv1.2 on (TLSv1.2 - TLS DH configurat with AES Public Key: ion and W,E success HMAC) - TLS Peer status KTS DH Public message (TLSv1.2 Key: W,E with AES- - TLS DH GCM) Shared RSA Secret: W,E KeyGen - TLS ECDH (SSHv2, Private Key: TLSv1.2, W,E IKEv2) - TLS ECDH ECDSA Public Key: KeyGen W,E (SSHv2, - TLS Peer TLSv1.2 ECDH and IKEv2) Public Key: RSA W,E SigGen - TLS ECDH (SSHv2, Shared TLSv1.2, Secret: W,E IKEv2) - TLS ECDSA ECDSA SigGen Private Key: (SSHv2, W,E TLSv1.2 - TLS and IKEv2) ECDSA RSA Public Key: SigVer W,E (SSHv2, - TLS RSA TLSv1.2, Private Key: and IKEv2) W,E ECDSA - TLS RSA SigVer Public Key: (SSHv2, W,E TLSv1.2, - TLS Master and IKEv2) Secret: W,E Block - TLS Cipher Session (TLSv1.2) Encryption MAC Key: W,E (TLSv1.2) - TLS KAS-ECC- Session KeyGen Authenticatio (TLSv1.2) n Key: W,E KAS-FFC- - DRBG KeyGen Entropy © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions (TLSv1.2) Input: W,E TLS - DRBG Keying Seed: W,E Materials - DRBG Developm Internal ent State V DRBG value: W,E Function - DRBG Key: W,E Configure Configure Global Command Status of KAS-ECC Crypto IPsec/IKEv IPSec/IKEv Indicator s to the (IKEv2) Officer
2 Function 2 Function with configure completion KAS-FFC - IPSec/IKE
IPsec/IKE IPsec/IKEv of (IKEv2) DH Private v2 2 IPsec/IKEv RSA Key: W,E configurat 2 KeyGen - IPSec/IKE ion configurati (SSHv2, DH Public success on TLSv1.2, Key: W,E status IKEv2) - IPSec/IKE message ECDSA Peer DH KeyGen Public Key: (SSHv2, W,E TLSv1.2 - IPSec/IKE and IKEv2) DH Shared RSA Secret: W,E SigGen - IPSec/IKE (SSHv2, ECDH TLSv1.2, Private Key: IKEv2) W,E ECDSA - IPSec/IKE SigGen ECDH (SSHv2, Public Key: TLSv1.2 W,E and IKEv2) - IPSec/IKE RSA Peer ECDH SigVer Public Key: (SSHv2, W,E TLSv1.2, - IPSec/IKE and IKEv2) ECDH ECDSA Shared SigVer Secret: W,E (SSHv2, - IPSec/IKE TLSv1.2, ECDSA and IKEv2) Private Key: Block W,E Cipher - IPSec/IKE (IPSec/IKE ECDSA v2) Public Key: MAC W,E (IPSec/IKE - IPSec/IKE © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions v2) RSA Private KAS-ECC- Key: W,E KeyGen - IPSec/IKE (IKEv2) RSA Public KAS-FFC- Key: W,E KeyGen - IPSec/IKE (IKEv2) Pre-shared IKEv2 Secret: W,E Keying Materials SKEYSEED: Developm W,E ent - IPSec/IKE DRBG Session Function Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E Run Execute Global Initiate Status of KAS-FFC Crypto SSHv2 SSHv2 Indicator SSHv2 SSHv2 (SSHv2) Officer Function Function and tunnel tunnel KAS-ECC - SSH DH successfu establishm establishm (SSHv2) Private Key: l SSHv2 ent ent KTS W,E log (SSHv2 - SSH DH message with AES Public Key: and W,E HMAC) - SSH Peer KTS DH Public (SSHv2 Key: W,E with AES- - SSH DH GCM) Shared RSA Secret: W,E KeyGen - SSH ECDH (SSHv2, Private Key: TLSv1.2, W,E IKEv2) - SSH ECDH ECDSA Public Key: KeyGen W,E © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions (SSHv2, - SSH Peer TLSv1.2 ECDH and IKEv2) Public Key: RSA W,E SigGen - SSH ECDH (SSHv2, Shared TLSv1.2, Secret: W,E IKEv2) - SSH RSA ECDSA Private Key: SigGen W,E (SSHv2, - SSH RSA TLSv1.2 Public Key: and IKEv2) W,E RSA - SSH SigVer ECDSA (SSHv2, Private Key: TLSv1.2, W,E and IKEv2) - SSH ECDSA ECDSA SigVer Public Key: (SSHv2, W,E TLSv1.2, - SSH and IKEv2) Session Block Encryption Cipher Key: W,E (SSHv2) - SSH MAC Session (SSHv2) Authenticatio KAS-ECC- n Key: W,E KeyGen - DRBG (SSHv2) Entropy KAS-FFC- Input: W,E KeyGen - DRBG (SSHv2) Seed: W,E DRBG - DRBG Function Internal SSHv2 State V Keying value: W,E Materials - DRBG Key: Developm W,E ent User - SSH DH Private Key: W,E - SSH DH Public Key: W,E - SSH Peer DH Public © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH Private Key: W,E - SSH ECDH Public Key: W,E - SSH Peer ECDH Public Key: W,E - SSH ECDH Shared Secret: W,E - SSH RSA Private Key: W,E - SSH RSA Public Key: W,E - SSH ECDSA Private Key: W,E - SSH ECDSA Public Key: W,E - SSH Session Encryption Key: W,E - SSH Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions - DRBG Key: W,E Run Execute Global Initiate Status of KAS-FFC Crypto HTTPS HTTPS Indicator TLSv1.2 TLSv1.2 (TLSv1.2) Officer over over and tunnel tunnel KAS-ECC - TLS DH TLSv1.2 TLSv1.2 successfu establishm establishm (TLSv1.2) Private Key: Function function l HTTPS ent request ent KTS W,E over (TLSv1.2 - TLS DH TLSv1.2 with AES Public Key: log and W,E message HMAC) - TLS Peer KTS DH Public (TLSv1.2 Key: W,E with AES- - TLS DH GCM) Shared RSA Secret: W,E KeyGen - TLS ECDH (SSHv2, Private Key: TLSv1.2, W,E IKEv2) - TLS ECDH ECDSA Public Key: KeyGen W,E (SSHv2, - TLS Peer TLSv1.2 ECDH and IKEv2) Public Key: RSA W,E SigGen - TLS ECDH (SSHv2, Shared TLSv1.2, Secret: W,E IKEv2) - TLS ECDSA ECDSA SigGen Private Key: (SSHv2, W,E TLSv1.2 - TLS and IKEv2) ECDSA RSA Public Key: SigVer W,E (SSHv2, - TLS RSA TLSv1.2, Private Key: and IKEv2) W,E ECDSA - TLS RSA SigVer Public Key: (SSHv2, W,E TLSv1.2, - TLS Master and IKEv2) Secret: W,E Block - TLS Cipher Session (TLSv1.2) Encryption MAC Key: W,E © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions (TLSv1.2) - TLS KAS-ECC- Session KeyGen Authenticatio (SSHv2) n Key: W,E KAS-FFC- - DRBG KeyGen Entropy (SSHv2) Input: W,E DRBG - DRBG Function Seed: W,E SSHv2 - DRBG Keying Internal Materials State V Developm value: W,E ent - DRBG Key: W,E User - TLS DH Private Key: W,E - TLS DH Public Key: W,E - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key: W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions - TLS RSA Private Key: W,E - TLS RSA Public Key: W,E - TLS Master Secret: W,E - TLS Session Encryption Key: W,E - TLS Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E Run Execute Global Initiate Status of KAS-ECC Crypto IPSec/IKEv IPsec/IKEv Indicator IPsec/IKEv IPSec/IKE (IKEv2) Officer
2 Function 2 Function and 2 tunnel v2 tunnel KAS-FFC - IPSec/IKE
succesful establishm establishm (IKEv2) DH Private IPsec/IKE ent request ent RSA Key: W,E v2 log KeyGen - IPSec/IKE message (SSHv2, DH Public TLSv1.2, Key: W,E IKEv2) - IPSec/IKE ECDSA Peer DH KeyGen Public Key: (SSHv2, W,E TLSv1.2 - IPSec/IKE and IKEv2) DH Shared RSA Secret: W,E SigGen - IPSec/IKE (SSHv2, ECDH TLSv1.2, Private Key: IKEv2) W,E ECDSA - IPSec/IKE SigGen ECDH (SSHv2, Public Key: © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions TLSv1.2 W,E and IKEv2) - IPSec/IKE RSA Peer ECDH SigVer Public Key: (SSHv2, W,E TLSv1.2, - IPSec/IKE and IKEv2) ECDH ECDSA Shared SigVer Secret: W,E (SSHv2, - IPSec/IKE TLSv1.2, ECDSA and IKEv2) Private Key: Block W,E Cipher - IPSec/IKE (IPSec/IKE ECDSA v2) Public Key: MAC W,E (IPSec/IKE - IPSec/IKE v2) RSA Private KAS-ECC- Key: W,E KeyGen - IPSec/IKE (IKEv2) RSA Public KAS-FFC- Key: W,E KeyGen - IPSec/IKE (IKEv2) Pre-shared IKEv2 Secret: W,E Keying Materials SKEYSEED: Developm W,E ent - IPSec/IKE DRBG Session Function Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E User - IPSec/IKE © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: W,E - IPSec/IKE ECDH Private Key: W,E - IPSec/IKE ECDH Public Key: W,E - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKE ECDH Shared Secret: W,E - IPSec/IKE ECDSA Private Key: W,E - IPSec/IKE ECDSA Public Key: W,E - IPSec/IKE RSA Private Key: W,E - IPSec/IKE RSA Public Key: W,E - IPSec/IKE Pre-shared Secret: W,E SKEYSEED: W,E - IPSec/IKE © 2021-2025 Cisco Systems, Inc.
Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Session Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E Configure Configure Global Command Status of Block Crypto SNMPv3 SNMPv3 Indicator s to the Cipher Officer Function Function and configure completion (SNMPv3) - SNMPv3 SNMPv3 SNMPv3 of MAC Shared configurat SNMPv3 (SNMPv3) Secret: W,E ion configurati SNMPv3 - SNMPv3 success on Keying Encryption status Materials Key: W,E message Developm - SNMPv3 ent Authenticatio n Key: W,E Run Execute Global Initiate Status of Block Crypto SNMPv3 SNMPv3 Indicator SNMPv3 SNMPv3 Cipher Officer Function Function and tunnel tunnel (SNMPv3) User successfu establishm establishm MAC l SNMPv3 ent request ent (SNMPv3) log SNMPv3 message Keying Materials Developm ent Firmware Execute Global Command Outcome Firmware Crypto Load Test the indicator s to load of the Load Test Officer Firmware and new Firmware - Firmware Load Test successfu firmware Load Test Load Test l image Key: R Firmware Loading status message Table 13: Approved Services © 2021-2025 Cisco Systems, Inc.
The module also supports the firmware load test by using HMAC-SHA2-512 (HMAC Cert. #A4446) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails. Any firmware loaded into the module that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation.
The module implements Bypass service. The operator shall assume Crypto Officer role and configure the Bypass capability. The module will conduct two independent internal actions activate the capability to prevent the inadvertent bypass of plaintext data due to a single error. To verify the module is in bypass state, the Crypto Officer needs to issue commands “show access-list” and “show ipsec sa” to verify the module is in bypass state.
The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.
The module supports unauthenticated service. The unauthenticated User/Operators can trigger the self-test service by power-cycling the module.
The module is provided in the form of binary executable code. To ensure firmware security, the module is protected by RSA 2048 bits with SHA2-512 (RSA Cert. #A4446) algorithm. A Firmware Integrity Test Key (non-SSP) was preloaded to the module’s binary at the factory and used for firmware integrity test only at the pre-operational self-test. The module uses the RSA © 2021-2025 Cisco Systems, Inc.
2048 bits modulus public key to verify the digital signature. If the firmware integrity test fails, the
module would enter to an Error state with all crypto functionality inhibited.
Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the firmware integrity test on-demand.
Type of Operational Environment: Limited
Mechanism Inspection Inspection Guidance Frequency Tamper labels (9) with Part Recommend 30 Visible inspection of platform for number: AIR-AP-FIPSKIT= Days residual evidence of tampering Opacity shield (1) with Part Recommend 30 Visible inspection of platform for number: FPR3K-FIPS-KIT= Days evidence of tampering, removal or access Table 14: Mechanisms and Actions Required The module utilizes a production-grade enclosure and removable cover along with tamper evidence labels as the physical security mechanisms. Appling Tamper Evidence Labels Step 1: Turn off and unplug the module. Step 2: Clean the chassis of any grease, dirt, oil or any other material other than the surface coating from manufacture before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Step 3: Apply a label to cover the module as shown in the figures below. The tamper evident labels are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the module will damage the tamper evident labels or the material of the security appliance cover. Because the tamper evident labels have non-repeated serial numbers, they may be inspected for damage and compared against the applied serial numbers to verify that the security appliance has not been tampered with. Tamper evident labels can also be inspected for signs of tampering, which include the following: curled corners, rips, and slices. The word “FIPS” may appear if the label was peeled back. © 2021-2025 Cisco Systems, Inc.
Number: Nine (9) Placement: Figure 2 Module’s front view opacity shield TEL 1 Figure 3 Module’s back view TEL 7 TEL 8 TEL 6 TEL 2 TEL 4 TEL 5 TEL 1 TEL 3 Figure 4 Module’s top view with opacity shield © 2021-2025 Cisco Systems, Inc.
TEL 8 TEL 9 TEL 7 TEL 6 Figure 5 Module’s bottom view with opacity shield TEL 3 Figure 6 Module’s left view with opacity shield TEL 2 Figure 7 Module’s right view with opacity shield Surface Preparation: Clean the chassis of any grease, dirt, or oil before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Operator Responsible for Securing Unused Seals: Must be stored in a secure location under controlled access
3105, 3110, 3120, 3130, 3140 Opacity Shield FPR3K-FIPS-KIT= © 2021-2025 Cisco Systems, Inc.
Step 1: Attach the Slide Rail Locking Bracket, #2 in diagram to the Side of the Chassis using the countersink screws #3 in diagram. Step 2: Attach the Cable Management Bracket (#1) to the Slide Rail Locking Bracket (#2) using the countersink screws (#3) Step 3: Route the Cables through the Cable Management Brackets Step 4: Attach the FIPS Opacity Shield (#1) to the Cable Management Brackets (#3) using the countersink screws (#2) © 2021-2025 Cisco Systems, Inc.
Figure 8 Opacity Shield Brackets
Storage Description Persistence Area Type Name DRAM Volatile Memory Dynamic Flash Non-Volatile Memory Static Table 15: Storage Areas
Name From To Format Distributio Entry SFI or Type n Type Type Algorith m Password/Secre External Module Encrypte Automated Electroni KTS t Input via TLS (Outside d c (TLSv1.2 encrypted by of the with AESGCM Module's GCM) Boundary ) Password/Secre External Module Encrypte Automated Electroni KTS t Input via TLS (Outside d c (TLSv1.2 encrypted by of the with AES AES and HMAC Module's and Boundary HMAC) ) Peer Public Key External Module Plaintext Automated Electroni Input (Outside c of the Module's Boundary ) Module Public Module External Plaintext Automated Electroni Key Output (Outside c of the Module's Boundary ) Password/Secre External Module Encrypte Automated Electroni KTS t Input via (Outside d c (SSHv2 SSHv2 of the with AESencrypted by Module's GCM) GCM Boundary ) Password/Secre External Module Encrypte Automated Electroni KTS t Input via (Outside d c (SSHv2 SSHv2 of the with AES encrypted by Module's and AES and HMAC Boundary HMAC) ) © 2021-2025 Cisco Systems, Inc.
Table 16: SSP Input-Output Methods
Zeroization Description Rationale Operator Method Initiation Zeroization CO issues the zeroization command will erase all 'configure Command zeroization SSPs stored in the DRAM or in the factory-default' service Flash of the module. Table 17: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement.
Name Description Size - Type - Generat Establishe Used By Strength Category ed By d By DRBG Used to 384 bits - Entropy DRBG Entropy seed the at least Input - CSP Function Input DRBG 256 bits DRBG Used in 256 bits - DRBG DRBG Seed DRBG 256 bits Seed - CSP Function Generation DRBG Used in 256 bits - DRBG DRBG Internal DRBG 256 bits Internal Function State V Generation State V value value - CSP DRBG Key Used in 256 bits - DRBG Key DRBG DRBG 256 bits - CSP Function Generation User User 8-30 Authenticati Password authenticati Characte on Data on rs - 8-30 CSP Characte rs Crypto Crypto 8-30 Authenticati Officer Officer Characte on Data Password authenticati rs - 8-30 CSP on Characte rs RADIUS RADIUS 16 Authenticati Secret Server Characte on Data Authenticati rs - 16 CSP on Characte rs © 2021-2025 Cisco Systems, Inc.
Name Description Size - Type - Generat Establishe Used By Strength Category ed By d By TACACS+ TACACS+ 16 Authenticati Secret Authenticati Characte on Data on rs - 16 CSP Characte rs Firmware Used for 112 bits - Public Key - Firmware Load Test Firmware 112 bits CSP Load Test Key Load Test SSH DH Used to MODP- Private Key KAS- KAS-FFC Private Key derive the 2048, - CSP FFC- (SSHv2) SSH DH MODP- KeyGen Shared 3072, (SSHv2) Secret MODP-
112-152 bits SSH DH Used to MODP- Public Key - KAS-FFC- KAS-FFC Public Key derive SSH 2048, PSP KeyGen (SSHv2) DH Shared MODP- (SSHv2) Secret 3072, MODP-
112-152 bits SSH Peer Used to MODP- Public Key - KAS-FFC DH Public derive SSH 2048, PSP (SSHv2) Key DH Shared MODPSecret 3072, MODP-
112-152 bits SSH DH Used to MODP- Shared KAS-FFC KAS-FFC Shared derive SSH 2048, Secret - (SSHv2) (SSHv2) Secret Session MODP- CSP Encryption 3072, Keys, SSH MODPSession 4096 Authenticati 112-152 on Keys bits SSH ECDH Used to Curves: Private Key KAS- KAS-ECC Private Key derive the 256, 384, - CSP ECC- (SSHv2) SSH ECDH 521 bits - KeyGen Shared 128 to (SSHv2) Secret 256 bits SSH ECDH Used to Curves: Public Key - KAS-ECC- KAS-ECC Public Key derive SSH 256, 384, PSP KeyGen (SSHv2) ECDHE 521 bits - (SSHv2) © 2021-2025 Cisco Systems, Inc.
Name Description Size - Type - Generat Establishe Used By Strength Category ed By d By Shared 128-256 Secret bits SSH Peer Used to Curves: Public Key - KAS-ECC ECDH derive SSH 256, 384, PSP (SSHv2) Public Key DH Shared 521 bits Secret 128 to
SSH ECDH Used to Curves: Shared KAS-ECC KAS-ECC Shared derive SSH 256, 384, Secret - (SSHv2) (SSHv2) Secret Session 521 bits - CSP Encryption 128 to Keys, SSH 256 bits Session Authenticati on Keys SSH RSA Used for Modulus Private Key RSA RSA SigVer Private Key SSH 2048 and - CSP KeyGen (SSHv2, session 3072 bits (SSHv2, TLSv1.2, authenticati - 112- TLSv1.2, and IKEv2) on 128 bits IKEv2) SSH RSA Used for Modulus Public Key - RSA RSA SigVer Public Key SSH 2048 and PSP KeyGen (SSHv2, sessions 3072 bits (SSHv2, TLSv1.2, aiuthenticati - 112- TLSv1.2, and IKEv2) on 128 bits IKEv2) SSH Used for Curves: Private Key ECDSA ECDSA ECDSA SSH 256, 384, - CSP KeyGen SigGen Private Key session 521 bits - (SSHv2, (SSHv2, authenticati 128 to TLSv1.2 TLSv1.2 on 256 bits and and IKEv2) IKEv2) SSH Used for Curves: Public Key - ECDSA ECDSA ECDSA SSH 256, 384, PSP KeyGen SigVer Public Key sessions 521 bits - (SSHv2, (SSHv2, aiuthenticati 128 to TLSv1.2 TLSv1.2, on 256 bits and IKEv2) and IKEv2) SSH Used for 128-256 Session SSHv2 Block Session SSH bits - Key - CSP Keying Cipher Encryption Session 128-256 Materials (SSHv2) Key confidentialit bits Developme y protection nt SSH Used for At least Session SSHv2 MAC Session SSH 160 bits - Key - CSP Keying (SSHv2) Authenticati Session At least Materials on Key integrity 160 bits Developme protection nt TLS DH Used to Modulus: Private Key KAS- KAS-FFC Private Key Derive TLS 2048, - CSP FFC- (TLSv1.2) © 2021-2025 Cisco Systems, Inc.
Name Description Size - Type - Generat Establishe Used By Strength Category ed By d By DH Shared 3072, KeyGen Secret 4096 bits (TLSv1.2 - 128- )
TLS DH Used to Modulus: Public Key - KAS-FFC- KAS-FFC Public Key Derive TS 2048, PSP KeyGen (TLSv1.2) DH Shared 3072, or (TLSv1.2) Secret 4096 bits - 128-
TLS Peer Used to Modulus: Public Key - KAS-FFC DH Public derive IKE 2048, PSP (TLSv1.2) Key DH Shared 3072, or Secret 4096 bits - 128-
TLS DH Used to Modulus Shared KAS-FFC KAS-FFC Shared Derive TLS 2048, Secret - (TLSv1.2) (TLSv1.2) Secret Session 3072, or CSP Encryption 4096 Key and 128-152 TLS bits Session Authenticati on Key TLS ECDH Used to Curves Private Key KAS- KAS-ECC Private Key Derive TLS P-256, P- - CSP ECC- (TLSv1.2) ECDH 384, and KeyGen Shared P-521 - (TLSv1.2 Secret 128-256 ) bits TLS ECDH Used to Curves Public Key - KAS-ECC- KAS-ECC Public Key Derive TS P-256, P- PSP KeyGen (TLSv1.2) ECDH 384, and (TLSv1.2) Shared P-521 Secret 128-256 bits TLS Peer Used to Curves: Public Key - KAS-ECC ECDH derive IKE P-256, P- PSP (TLSv1.2) Public Key ECDH 384, PShared 521 Secret 128-256 bits TLS ECDH Used to Curves Shared KAS-ECC KAS-ECC Shared Derive TLS p-256, P- Secret - (TLSv1.2) (TLSv1.2) Secret Session 384, P- CSP Encryption 521 Key and © 2021-2025 Cisco Systems, Inc.
Name Description Size - Type - Generat Establishe Used By Strength Category ed By d By TLS 128-256 Session bits Authenticati on Key TLS Used to Curves Private Key ECDSA ECDSA ECDSA support CO P-256, P- - CSP KeyGen SigGen Private Key and Admin 384, P- (SSHv2, (SSHv2, HTTPS 521 - TLSv1.2 TLSv1.2 interfaces 128-256 and and IKEv2) bits IKEv2) TLS Used to Curves Public Key - ECDSA ECDSA ECDSA support CO P-256, P- PSP KeyGen SigVer Public Key and User 384, P- (SSHv2, (SSHv2, HTTPS 521 - TLSv1.2 TLSv1.2, Interfaces 128-256 and IKEv2) and IKEv2) bits TLS RSA Used to Modulus Private Key RSA RSA SigVer Private Key support CO 2048 and - CSP KeyGen (SSHv2, and Admin 3072 bits (SSHv2, TLSv1.2, HTTPS - 112- TLSv1.2, and IKEv2) Interfaces 128 bits IKEv2) TLS RSA Used to Modulus Public Key - RSA RSA SigVer Public Key support CO 2048 and PSP KeyGen (SSHv2, and User 3072 bits (SSHv2, TLSv1.2, HTTPS - 112- TLSv1.2, and IKEv2) interfaces 128 bits IKEv2) TLS Master Used to At least Master TLS TLS Keying Secret protect 112 bits - Secret - Keying Materials HTTPS At least CSP Materials Developme Session. 112 bits Developme nt Pre-master nt secret TLS Used to 128-256 Session TLS Block Session protect bits - Key - CSP Keying Cipher Encryption HTTPS 128-256 Materials (TLSv1.2) Key Session. bits Developme TLS Master nt secret TLS Used to at least Session TLS MAC Session protect 112 bits - Key - CSP Keying (TLSv1.2) Authenticati HTTPS at least Materials on Key Session. 112 bits Developme TLS master nt secret IPSec/IKE Used to MODP- Private Key KAS- KAS-FFC DH Private derive 2048, - CSP FFC- (IKEv2) Key IPSec/IKE MODP- KeyGen 3072, (IKEv2) © 2021-2025 Cisco Systems, Inc.
Name Description Size - Type - Generat Establishe Used By Strength Category ed By d By DH Shared MODPSecret 4096 112-152 bits IPSec/IKE Used to MODP- Public Key - KAS-FFC- KAS-FFC DH Public derive 2048, PSP KeyGen (IKEv2) Key IPSec/IKE MODP- (IKEv2) DH Shared 3072, Secret MODP-
112-152 bits IPSec/IKE Used to MODP- Public Key - KAS-FFC Peer DH derive 2048, PSP (IKEv2) Public Key IPSec/IKE MODPDH Shared 3072, Secret MODP-
112-152 bits IPSec/IKE Used to MODP- Shared KAS-FFC KAS-FFC DH Shared derive 2048, Secret - (IKEv2) (IKEv2) Secret IPSec/IKE MODP- CSP Session 3072, Encryption MODPKeys, 4096 IPSec/IKE 112-152 Authenticati bits on Keys IPSec/IKE Used to Curves Private Key KAS- KAS-ECC ECDH derive P-256, P- - CSP ECC- (IKEv2) Private Key IPSec/IKE 384, P- KeyGen ECDH 521 - (IKEv2) Shared 128-256 Secrets bits IPSec/IKE Used to Curves Public Key - KAS-ECC- KAS-ECC ECDH derive P-256, P- PSP KeyGen (IKEv2) Public Key IPSec/IKE 384, P- (IKEv2) ECDH 521 Shared 128-256 Secrets bits IPSec/IKE Used to Curves Public Key - KAS-ECC Peer ECDH derive P-256, P- PSP (IKEv2) Public Key IPSec/IKE 384, PECDH 521 Shared 128-256 Secrets bits © 2021-2025 Cisco Systems, Inc.
Name Description Size - Type - Generat Establishe Used By Strength Category ed By d By IPSec/IKE Used to Curves Shared KAS-ECC KAS-ECC ECDH derive P-256, P- Secret - (IKEv2) (IKEv2) Shared IPSec/IKE 384, P- CSP Secret ECDH 521 Shared 128-256 Secrets bits IPSec/IKE Used for Curves Private Key ECDSA ECDSA ECDSA IPSec/IKE P-256, P- - CSP KeyGen SigGen Private Key peer 384, P- (SSHv2, (SSHv2, authenticati 521 - TLSv1.2 TLSv1.2 on 128-256 and and IKEv2) bits IKEv2) IPSec/IKE Used for Curves Public Key - ECDSA ECDSA ECDSA IPSec/IKE P-256, P- PSP KeyGen SigVer Public Key peer 384, P- (SSHv2, (SSHv2, authenticati 521 - TLSv1.2 TLSv1.2, on 128-256 and IKEv2) and IKEv2) bits IPSec/IKE Used for Modulus Private Key RSA RSA RSA Private IPSec/IKE 2048 or - CSP KeyGen SigGen Key peer 3072 - (SSHv2, (SSHv2, authenticati 112 or TLSv1.2, TLSv1.2, on 128 bits IKEv2) IKEv2) IPSec/IKE Used for Modulus Public Key - RSA RSA SigVer RSA Public IPSec/IKE 2048 or PSP KeyGen (SSHv2, Key peer 3072 - (SSHv2, TLSv1.2, authenticati 112 or TLSv1.2, and IKEv2) on 128 bits IKEv2) IPSec/IKE Used for 16-32 shared IKEv2 Pre-shared IPSec/IKE bytes secret - Keying Secret peer character CSP Materials authenticati s - 16-32 Developme on bytes nt character s SKEYSEED Keying 160 bits - Keying IKEv2 IKEv2 material 160 bits Material - Keying Keying used to CSP Materials Materials derive the Developme Developme IPSec/IKE nt nt Session Encryption Key and IPSec/IKE Authenticati on Key IPSec/IKE Used to 128-256 Session IKEv2 Block Session secure bits - Key - CSP Keying Cipher © 2021-2025 Cisco Systems, Inc.
Name Description Size - Type - Generat Establishe Used By Strength Category ed By d By Encryption IPSec/IKEv 128-256 Materials (IPSec/IKEv Key 2 session bits Developme 2) confidentialit nt y IPSec/IKE Used to at least Session IKEv2 MAC Authenticati secure 160 bits - Key - CSP Keying (IPSec/IKEv on Key IPSec/IKEv at least Materials 2)
2 session 160 bits Developme
integrity nt SNMPv3 Used for 8-32 Authenticati IKEv2 Shared SNMPv3 character on Secret - Keying Secret user s - N/A CSP Materials authenticati Developme on nt SNMPv3 Used to 128 bits - Encryption SNMPv3 Block Encryption protect 128 bits Key - CSP Keying Cipher Key SNMPv3 Materials (SNMPv3) traffic Developme confidentialit nt y SNMPv3 Used to At least Authenticati SNMPv3 MAC Authenticati secure 112 bits - on Key - Keying (SNMPv3) on Key SNMPv3 At least CSP Materials traffic 112 bits Developme integrity nt Table 18: SSP Table 1 Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n DRBG DRAM:Plainte Until Zeroizatio DRBG Entropy xt Reboot n Seed:Used With Input Command DRBG Internal State V value:Used With DRBG Key:Used With DRBG Seed DRAM:Plainte Until Zeroizatio DRBG Entropy xt Reboot n Input:Used With Command DRBG Internal State V value:Used With DRBG Key:Used With DRBG DRAM:Plainte Until Zeroizatio DRBG Entropy Internal xt Reboot n Input:Used With State V Command DRBG value Seed:Used With © 2021-2025 Cisco Systems, Inc.
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n DRBG Key:Used With DRBG Key DRAM:Plainte Until Zeroizatio DRBG Entropy xt Reboot n Input:Used With Command DRBG Seed:Used With DRBG Internal State V value:Used With User Password/Sec Flash:Encrypt Zeroizatio Password ret Input via ed n TLS encrypted Command by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC Crypto Password/Sec Flash:Encrypt Zeroizatio Officer ret Input via ed n Password TLS encrypted Command by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by © 2021-2025 Cisco Systems, Inc.
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n AES and HMAC RADIUS Password/Sec Flash:Plaintex Zeroizatio Secret ret Input via t n TLS encrypted Command by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC TACACS+ Password/Sec Flash:Plaintex Zeroizatio Secret ret Input via t n TLS encrypted Command by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC Firmware Flash:Plaintex N/A Load Test t Key SSH DH DRAM:Plainte While SSH Zeroizatio SSH DH Public Private Key xt tunnel is n Key:Paired With on Command SSH Peer DH © 2021-2025 Cisco Systems, Inc.
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n Public Key:Used With SSH DH Module Public DRAM:Plainte While SSH Zeroizatio SSH DH Private Public Key Key Output xt tunnel is n Key:Paired With on Command SSH Peer Peer Public DRAM:Plainte While SSH Zeroizatio SSH DH Private DH Public Key Input xt tunnel is n Key:Used With Key on Command SSH DH DRAM:Plainte While SSH Zeroizatio SSH DH Private Shared xt tunnel is n Key:Derived From Secret on Command SSH DH Public Key:Derived From SSH ECDH DRAM:Plainte While SSH Zeroizatio SSH ECDH Private Key xt tunnel is n Public Key:Paired on Command With SSH Peer ECDH Public Key:Used With SSH ECDH Module Public DRAM:Plainte While SSH Zeroizatio SSH ECDH Public Key Key Output xt tunnel is n Private on Command Key:Paired With SSH Peer Peer Public DRAM:Plainte While SSH Zeroizatio SSH ECDH ECDH Key Input xt tunnel is n Private Key:Used Public Key on Command With SSH ECDH DRAM:Plainte While SSH Zeroizatio SSH ECDH Shared xt tunnel is n Private Secret on Command Key:Derived From SSH ECDH Public Key:Derived From SSH RSA Flash:Plaintex Zeroizatio SSH RSA Public Private Key t n Key:Paired With Command SSH Peer RSA Public Key:Used With SSH RSA Module Public Flash:Plaintex Zeroizatio SSH RSA Private Public Key Key Output t n Key:Paired With Command SSH Flash:Plaintex Zeroizatio SSH ECDSA ECDSA t n Public Key:Paired Private Key Command With SSH Module Public Flash:Plaintex Zeroizatio SSH ECDSA ECDSA Key Output t n Private Public Key Command Key:Paired With SSH DRAM:Plainte While SSH Zeroizatio SSH Session Session xt tunnel is n Authentication Encryption on Command Key:Used With Key © 2021-2025 Cisco Systems, Inc.
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n SSH DRAM:Plainte While SSH Zeroizatio SSH Session Session xt tunnel is n Encryption Authenticati on Command Key:Used With on Key TLS DH DRAM:Plainte While TLS Zeroizatio TLS DH Public Private Key xt tunnel is n Key:Paired With on Command TLS Peer DH Public Key:Used With TLS DH Module Public DRAM:Plainte While TLS Zeroizatio TLS DH Private Public Key Key Output xt tunnel is n Key:Paired With on Command TLS Peer Peer Public DRAM:Plainte while TLS Zeroizatio TLS DH Private DH Public Key Input xt tunnel is n Key:Used With Key on Command TLS DH DRAM:Plainte While TLS Zeroizatio TLS ECDH Shared xt tunnel is n Private Secret on Command Key:Derived From TLS Peer ECDH Public Key:Derived From TLS ECDH DRAM:Plainte While TLS Zeroizatio TLS ECDH Public Private Key xt tunnel is n Key:Paired With on Command TLS Peer ECDH Public Key:Used With TLS ECDH Module Public DRAM:Plainte While TLS Zeroizatio TLS ECDH Public Key Key Output xt tunnel is n Private on Command Key:Paired With TLS Peer Peer Public DRAM:Plainte while TLS Zeroizatio TLS ECDH ECDH Key Input xt tunnel is n Private Key:Used Public Key on Command With TLS ECDH DRAM:Plainte While TLS Zeroizatio TLS ECDH Shared xt tunnel is n Private Secret on Command Key:Derived From TLS Peer ECDH Public Key:Derived From TLS ECDSA Flash:Plaintex Zeroizatio TLS ECDSA Private Key t n Public Key:Paired Command With TLS ECDSA Module Public Flash:Plaintex Zeroizatio TLS ECDSA Public Key Key Output t n Private Command Key:Paired With TLS RSA Flash:Plaintex Zeroizatio TLS RSA Public Private Key t n Key:Paired With Command © 2021-2025 Cisco Systems, Inc.
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n TLS RSA Module Public Flash:Plaintex Zeroizatio TLS RSA Private Public Key Key Output t n Key:Paired With Command TLS Master DRAM:Plainte While TLS Zeroizatio TLS ECDH Secret xt tunnel is n Shared on Command Secret:Derived From TLS DRAM:Plainte While TLS Zeroizatio TLS Session Session xt tunnel is n Authentication Encryption on Command Key:Used With Key TLS DRAM:Plainte While TLS Zeroizatio TLS Session Session xt tunnel is n Encryption Authenticati on Command Key:Used With on Key IPSec/IKE DRAM:Plainte While Zeroizatio IPSec/IKE DH DH Private xt IPSec/IKE n Public Key:Paired Key v2 tunnel Command With is on IPSec/IKE Peer DH Public Key:Used With IPSec/IKE Module Public DRAM:Plainte While Zeroizatio IPSec/IKE DH DH Public Key Output xt IPSec/IKE n Private Key v2 tunnel Command Key:Paired With is on IPSec/IKE Peer Public DRAM:Plainte while Zeroizatio IPSec/IKE DH Peer DH Key Input xt IPSec/IKE n Private Key:Used Public Key tunnel is Command With on IPSec/IKE DRAM:Plainte While Zeroizatio SKEYSEED:Used DH Shared xt IPSec/IKE n With Secret v2 tunnel Command is on IPSec/IKE DRAM:Plainte While Zeroizatio IPSec/IKE ECDH ECDH xt IPSec/IKE n Public Key:Paired Private Key v2 tunnel Command With is on IPSec/IKE Peer ECDH Public Key:Used With IPSec/IKE Module Public DRAM:Plainte While Zeroizatio IPSec/IKE ECDH ECDH Key Output xt IPSec/IKE n Private Public Key v2 tunnel Command Key:Paired With is on IPSec/IKE Peer Public DRAM:Plainte While Zeroizatio IPSec/IKE ECDH Peer ECDH Key Input xt IPSec/IKE n Private Key:Used Public Key v2 tunnel Command With is on © 2021-2025 Cisco Systems, Inc.
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n IPSec/IKE DRAM:Plainte While Zeroizatio SKEYSEED:Used ECDH xt IPSec/IKE n With Shared v2 tunnel Command Secret is on IPSec/IKE Flash:Plaintex Zeroizatio IPSec/IKE ECDSA t n ECDSA Public Private Key Command Key:Paired With IPSec/IKE Module Public Flash:Plaintex Zeroizatio IPSec/IKE ECDSA Key Output t n ECDSA Private Public Key Command Key:Paired With IPSec/IKE Flash:Plaintex Zeroizatio IPSec/IKE RSA RSA Private t n Public Key:Paired Key Command With IPSec/IKE Module Public Flash:Plaintex Zeroizatio IPSec/IKE RSA RSA Public Key Output t n Private Key Command Key:Paired With IPSec/IKE DRAM:Plainte While Zeroizatio SKEYSEED:Deriv Pre-shared xt IPSec/IKE n ed to Secret v2 tunnel Command is on SKEYSEED DRAM:Plainte While Zeroizatio IPSec/IKE DH xt IPSec/IKE n Shared v2 tunnel Command Secret:Derived is on From IPSec/IKE ECDH Shared Secret:Derived From IPSec/IKE Preshared Secret:Derived From IPSec/IKE DRAM:Plainte While Zeroizatio IPSec/IKE DH Session xt IPSec/IKE n Shared Encryption v2 tunnel Command Secret:Derived Key is on From IPSec/IKE ECDH Shared Secret:Derived From IPSec/IKE DRAM:Plainte While Zeroizatio IPSec/IKE DH Authenticati xt IPSec/IKE n Shared on Key v2 tunnel Command Secret:Derived is on From IPSec/IKE ECDH Shared Secret:Derived From © 2021-2025 Cisco Systems, Inc.
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n SNMPv3 Password/Sec DRAM:Plainte While Zeroizatio SNMPv3 Shared ret Input via xt SNMPv3 n Encryption Secret TLS encrypted tunnel is Command Key:Derive To by GCM on SNMPv3 Password/Sec Authentication ret Input via Key:Derive To TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC SNMPv3 DRAM:Plainte While Zeroizatio SNMPv3 Shared Encryption xt SNMPv3 n Secret:Derived Key tunnel is Command From on SNMPv3 DRAM:Plainte While Zeroizatio SNMPv3 Shared Authenticati xt SNMPv3 n Secret:Derived on Key tunnel is Command From on SNMPv3 Encryption Key:Used With Table 19: SSP Table 2
Algorithm or Test Test Properties Test Test Type Indicator Details Method RSA SigVer RSA SigVer 2048 KAT SW/FW Module is in RSA (FIPS186-4) bits with SHA2-512 Integrity normal state SigVer (A4446) Pre-Operational N/A N/A Bypass Module is in N/A Bypass Test normal state Table 20: Pre-Operational Self-Tests © 2021-2025 Cisco Systems, Inc.
The module performs the following self-tests, including the pre-operational self-tests and Conditional self-tests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.
Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type AES-CBC 256 bits KAT CAST Module is Encrypt Power Up (A4446) in normal state AES-CBC 256 bits KAT CAST Module is Decrypt Power Up (A4446) in normal state AES-GCM 256 bits KAT CAST Module is Authenticated Power Up (A4446) in normal Encrypt state AES-GCM 256 bits KAT CAST Module is Authenticated Power Up (A4446) in normal Decrypt state Counter AES-128 KAT CAST Module is Instantiate Power Up DRBG in normal KAT (A4446) state Counter AES-128 KAT CAST Module is Generate Power Up DRBG in normal KAT (A4446) state Counter AES-128 KAT CAST Module is Reseed KAT Power Up DRBG in normal (A4446) state ECDSA P-256 curve KAT CAST Module is ECDSA Power Up SigGen with SHA2- in normal SigGen KAT (FIPS186-4) 256 state (A4446) ECDSA P-256 curve KAT CAST Module is ECDSA Power Up SigVer with SHA2- in normal SigVer KAT (FIPS186-4) 256 state (A4446) HMAC- SHA-1 KAT CAST Module is HMAC-SHA-1 Power Up SHA-1 in normal (A4446) state © 2021-2025 Cisco Systems, Inc.
Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type HMAC- SHA2-256 KAT CAST Module is HMAC-SHA2- Power Up SHA2-256 in normal 256 (A4446) state HMAC- SHA2-384 KAT CAST Module is HMAC-SHA2- Power Up SHA2-384 in normal 384 (A4446) state HMAC- SHA2-512 KAT CAST Module is HMAC-SHA2- Power Up SHA2-512 in normal 512 (A4446) state KAS-ECC- P-256 KAT CAST Module is Primitive Z Power Up SSC Curve in normal KAT Sp800- state 56Ar3 (A4446) KAS-FFC- MODP- KAT CAST Module is Primitive Z Power Up SSC 2048 in normal KAT Sp800- state 56Ar3 (A4446) RSA 2048 bit KAT CAST Module is RSA SigGen Power Up SigGen modulus in normal KAT (FIPS186-4) with SHA2- state (A4446) 256 RSA SigVer 2048 bit KAT CAST Module is RSA SigVer Power Up (FIPS186-4) modulus in normal KAT (A4446) with SHA2- state KDF IKEv2 N/A KAT CAST Module is N/A Power Up (A4446) in normal state KDF SNMP N/A KAT CAST Module is N/A Power Up (A4446) in normal state KDF SSH N/A KAT CAST Module is N/A Power Up (A4446) in normal state TLS v1.2 N/A KAT CAST Module is N/A Power Up KDF in normal RFC7627 state (A4446) SHA-1 Message KAT CAST Module is N/A Power Up (A4446) Length: 0- in normal
Increment 8 AES-CBC 128 bits KAT CAST Module is Encrypt KAT Power Up (C1026) in normal state © 2021-2025 Cisco Systems, Inc.
Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type AES-CBC 128 bits KAT CAST Module is Decrypt KAT Power Up (C1026) in normal state AES-GCM 128 bits KAT CAST Module is Encrypt KAT Power Up (C1026) in normal state AES-GCM 128 bits KAT CAST Module is Decrypt KAT Power Up (C1026) in normal state Hash SHA2-512 KAT CAST Module is Instantiate Power Up DRBG in normal KAT (C1026) state Hash SHA2-512 KAT CAST Module is Generate Power Up DRBG in normal KAT (C1026) state Hash SHA2-512 KAT CAST Module is Reseed KAT Power Up DRBG in normal (C1026) state HMAC- SHA-1 KAT CAST Module is HMAC-SHA-1 Power Up SHA-1 in normal (C1026) state HMAC- SHA2-256 KAT CAST Module is HMAC-SHA2- Power Up SHA2-256 in normal 256 (C1026) state HMAC- SHA2-384 KAT CAST Module is HMAC-SHA2- Power Up SHA2-384 in normal 384 (C1026) state HMAC- SHA2-512 KAT CAST Module is HMAC-SHA2- Power Up SHA2-512 in normal 512 (C1026) state SHA-1 Message KAT CAST Module is SHA-1 Power Up (C1026) Length: 0- in normal
Increment 8 ECDSA Curve P- PCT PCT Module is ECDSA Performs all KeyGen 256 with in normal required pair(FIPS186-4) SHA2-256 state wise (A4446) consistency tests on the newly generated key pairs before the first operational use. RSA 2048 bit PCT PCT Module is RSA Performs all KeyGen Modulus in normal required pairstate wise © 2021-2025 Cisco Systems, Inc.
Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type (FIPS186-4) consistency (A4446) tests on the newly generated key pairs before the first operational use. KAS-ECC- Curve P- PCT PCT Module is N/A Performs all SSC 256 with in normal required pairSp800- SHA2-256 state wise 56Ar3 consistency (A4446) tests on the newly generated key pairs before the first operational use. KAS-FFC- MODP- PCT PCT Module is N/A Performs all SSC 2048 in normal required pairSp800- state wise 56Ar3 consistency (A4446) tests on the newly generated key pairs before the first operational use. HMAC- HMAC- KAT SW/FW Module is N/A When firmware SHA2-512 SHA2-512 Load in normal has been (A4446) state uploaded to the module Conditional N/A N/A Bypass Module is N/A Performs Bypass in normal conditional state bypass test before first operational use of bypass service Table 21: Conditional Self-Tests The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests. © 2021-2025 Cisco Systems, Inc.
Algorithm or Test Method Test Type Period Periodic Test Method RSA SigVer KAT SW/FW Integrity Recommend 60 Reboot (FIPS186-4) Days (A4446) Pre-Operational N/A Bypass Recommend 60 Reboot Bypass Test Days Table 22: Pre-Operational Periodic Information Algorithm or Test Method Test Type Period Periodic Test Method AES-CBC KAT CAST Recommend 60 Reboot (A4446) Days AES-CBC KAT CAST Recommend 60 Reboot (A4446) Days AES-GCM KAT CAST Recommend 60 Reboot (A4446) Days AES-GCM KAT CAST Recommend 60 Reboot (A4446) Days Counter DRBG KAT CAST Recommend 60 Reboot (A4446) Days Counter DRBG KAT CAST Recommend 60 Reboot (A4446) Days Counter DRBG KAT CAST Recommend 60 Reboot (A4446) Days ECDSA SigGen KAT CAST Recommend 60 Reboot (FIPS186-4) Days (A4446) ECDSA SigVer KAT CAST Recommend 60 Reboot (FIPS186-4) Days (A4446) HMAC-SHA-1 KAT CAST Recommend 60 Reboot (A4446) Days HMAC-SHA2- KAT CAST Recommend 60 Reboot
256 (A4446) Days
HMAC-SHA2- KAT CAST Recommend 60 Reboot
384 (A4446) Days
HMAC-SHA2- KAT CAST Recommend 60 Reboot
512 (A4446) Days
KAS-ECC-SSC KAT CAST Recommend 60 Reboot Sp800-56Ar3 Days (A4446) KAS-FFC-SSC KAT CAST Recommend 60 Reboot Sp800-56Ar3 Days (A4446) © 2021-2025 Cisco Systems, Inc.
Algorithm or Test Method Test Type Period Periodic Test Method RSA SigGen KAT CAST Recommend 60 Reboot (FIPS186-4) Days (A4446) RSA SigVer KAT CAST Recommend 60 Reboot (FIPS186-4) Days (A4446) KDF IKEv2 KAT CAST Recommend 60 Reboot (A4446) Days KDF SNMP KAT CAST Recommend 60 Reboot (A4446) Days KDF SSH KAT CAST Recommend 60 Reboot (A4446) Days TLS v1.2 KDF KAT CAST Recommend 60 Reboot RFC7627 Days (A4446) SHA-1 (A4446) KAT CAST Recommend 60 Reboot Days AES-CBC KAT CAST Recommend 60 Reboot (C1026) Days AES-CBC KAT CAST Recommend 60 Reboot (C1026) Days AES-GCM KAT CAST Recommend 60 Reboot (C1026) Days AES-GCM KAT CAST Recommend 60 Reboot (C1026) Days Hash DRBG KAT CAST Recommend 60 Reboot (C1026) Days Hash DRBG KAT CAST Recommend 60 Reboot (C1026) Days Hash DRBG KAT CAST Recommend 60 Reboot (C1026) Days HMAC-SHA-1 KAT CAST Recommend 60 Reboot (C1026) Days HMAC-SHA2- KAT CAST Recommend 60 Reboot
256 (C1026) Days
HMAC-SHA2- KAT CAST Recommend 60 Reboot
384 (C1026) Days
HMAC-SHA2- KAT CAST Recommend 60 Reboot
512 (C1026) Days
SHA-1 (C1026) KAT CAST Recommend 60 Reboot Days ECDSA KeyGen PCT PCT Recommend 60 Reboot (FIPS186-4) Days (A4446) RSA KeyGen PCT PCT Recommend 60 Reboot (FIPS186-4) Days (A4446) © 2021-2025 Cisco Systems, Inc.
Algorithm or Test Method Test Type Period Periodic Test Method KAS-ECC-SSC PCT PCT Recommend 60 Reboot Sp800-56Ar3 Days (A4446) KAS-FFC-SSC PCT PCT Recommend 60 Reboot Sp800-56Ar3 Days (A4446) HMAC-SHA2- KAT SW/FW Load N/A N/A
Conditional N/A Bypass N/A N/A Bypass Table 23: Conditional Periodic Information
Name Description Conditions Recovery Indicator Method Error If self-test tests fail, the module is Self-test Reboot the System State put into an error state failure module Halt Table 24: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs.
The validated module firmware was installed onto the respective test platforms listed in Table 2 above. The Crypto Officer must configure and enforce the following initialization steps: Step 1: The Crypto Officer must install opacity shields as described in section 7 above. Step 2: The Crypto Officer must apply tamper evidence labels as described in section 7 above. Step 3: The Crypto Officer must securely store any unused tamper evidence labels. Note: Each module has a Type A USB 2.0 port, but it is considered to be disabled once the Crypto Officer has applied the TEL #9. Step 4: Crypto Officer performs the following configurations: © 2021-2025 Cisco Systems, Inc.
ciscoasa# configure terminal Note, the Crypto Officer needs to connect the platform to cisco.com to obtain the license for ASA from Cisco. ciscoasa(config)# license smart register idtoken [token data] ciscoasa(config)#license smart ciscoasa(config-smart-lic)# show license all Smart Licensing Status ====================== Smart Licensing is ENABLED -ORciscoasa(config-smart-lic)# show license summary Smart Licensing is ENABLED Registration: Step 5: Enable “Approved Mode” to allow the module to startup the cryptographic module, such as run power-on self-tests and bypass test by using the following command: ciscoasa(config)# fips enable Note: Startup operational mode will not take effect until you save configuration and reboot the device Rebooting the device will force new self-test Step 6: Crypto Officer can verify the version installed and running ciscoasa(config)# show version Step 7: Crypto Officer will need to configure ASA ciscoasa> en ciscoasa# conf t ciscoasa(config)# Step 8: Assign users a Privilege Level of 1. Step 9: Configure IP address for unit and all distant endpoints. Step 10: Define RADIUS and TACACS+ shared secret keys that are at least 8 characters long and secure traffic between the security module and the RADIUS/TACACS+ server via secure (IPSec, TLS) tunnel. Note: Perform this step only if RADIUS/TACAS+ is configured, otherwise skip over and proceed to next step. Step 11: Configure the security module so that any remote connections via Telnet are secured through IPSec. Step 12: Configure the security module so that only approved algorithms are used for IPsec tunnels. Step 13: Configure the security module so that error messages can only be viewed by Crypto Officer. © 2021-2025 Cisco Systems, Inc.
Step 14: Disable the TFTP server. Step 15: Disable HTTP for performing system management in approved mode of operation. HTTPS with TLS should always be used for Web-based management. Step 16: Ensure that installed digital certificates are signed using approved algorithms.
No specific Administrator guidance.
No specific Non-Administrator guidance.
N/A for this module. © 2021-2025 Cisco Systems, Inc.