All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series)

Certificate#4979StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCisco Systems, Inc.
High review priority  ·  no TCB surface named  ·  last validated 17 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date2/27/2030
CaveatWhen installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy
VendorCisco Systems, Inc.

Approved Algorithms (29)

AlgorithmACVP Cert
AES-CBCA4446
AES-GCMA4446
Counter DRBGA4446
ECDSA KeyGen (FIPS186-4)A4446
ECDSA SigGen (FIPS186-4)A4446
ECDSA SigVer (FIPS186-4)A4446
HMAC-SHA-1A4446
HMAC-SHA2-224A4446
HMAC-SHA2-256A4446
HMAC-SHA2-384A4446
HMAC-SHA2-512A4446
KAS-ECC-SSC Sp800-56Ar3A4446
KAS-FFC-SSC Sp800-56Ar3A4446
KDF IKEv2 (CVL)A4446
KDF SNMP (CVL)A4446
KDF SSH (CVL)A4446
RSA KeyGen (FIPS186-4)A4446
RSA SigGen (FIPS186-4)A4446
RSA SigVer (FIPS186-4)A4446
SHA-1A4446
SHA2-224A4446
SHA2-256A4446
SHA2-384A4446
SHA2-512A4446
TLS v1.2 KDF RFC7627 (CVL)A4446
Hash DRBGC1026
HMAC-SHA2- 256C1026
HMAC-SHA2- 384C1026
HMAC-SHA2- 512C1026

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Physical Security7
Non-Invasive SecurityN/A
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series)
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Load Test<br/>Perform Zeroization</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Block Cipher (SSHv2)<br/>Block Cipher (TLSv1.2)<br/>Block Cipher (IPSec/IKEv2)</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series)
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Load Test<br/>Perform Zeroization</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Block Cipher (SSHv2)<br/>Block Cipher (TLSv1.2)<br/>Block Cipher (IPSec/IKEv2)</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Cisco Systems, Inc. Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series) Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2025 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 2
Table of Contents
#SectionPage
1General5
1.1Overview5
1.2Security Levels5
2Cryptographic Module Specification5
2.1Description5
2.2Tested and Vendor Affirmed Module Version and Identification6
2.3Excluded Components7
2.4Modes of Operation7
2.5Algorithms7
2.6Security Function Implementations10
2.7Algorithm Specific Information15
2.8RBG and Entropy16
2.9Key Generation16
2.10Key Establishment16
2.11Industry Protocols17
3Cryptographic Module Interfaces17
3.1Ports and Interfaces17
4Roles, Services, and Authentication17
4.1Authentication Methods17
4.2Roles19
4.3Approved Services19
4.4Non-Approved Services36
4.5External Software/Firmware Loaded37
4.6Cryptographic Output Actions and Status37
4.7Additional Information37
5Software/Firmware Security37
5.1Integrity Techniques37
5.2Initiate on Demand37
6Operational Environment38
6.1Operational Environment Type and Requirements38
7Physical Security38
7.1Mechanisms and Actions Required38
7.2User Placed Tamper Seals38
7.3Filler Panels40
8Non-Invasive Security42
9Sensitive Security Parameters Management42
9.1Storage Areas42
9.2SSP Input-Output Methods43
9.3SSP Zeroization Methods44
9.4SSPs44
10Self-Tests58
10.1Pre-Operational Self-Tests58
10.2Conditional Self-Tests59
10.3Periodic Self-Test Information62
10.4Error States64
11Life-Cycle Assurance65
11.1Installation, Initialization, and Startup Procedures65
11.2Administrator Guidance66
11.3Non-Administrator Guidance66
12Mitigation of Other Attacks66
Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware7
Table 3: Modes List and Description7
Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation9
Table 5: Approved Algorithms - Marvell Cavium Nitrox V9
Table 6: Vendor-Affirmed Algorithms10
Table 7: Security Function Implementations15
Table 8: Entropy Certificates16
Table 9: Entropy Sources16
Table 10: Ports and Interfaces17
Table 11: Authentication Methods19
Table 12: Roles19
Table 13: Approved Services36
Table 14: Mechanisms and Actions Required38
Table 15: Storage Areas43
Table 16: SSP Input-Output Methods44
Table 17: SSP Zeroization Methods44
Table 18: SSP Table 151
Table 19: SSP Table 258
Table 20: Pre-Operational Self-Tests58
Table 21: Conditional Self-Tests62
Table 22: Pre-Operational Periodic Information62
Table 23: Conditional Periodic Information64
Table 24: Error States65
Figure 1 FPR 3105, 3110, 3120, 3130, 31406
Figure 2 Module’s front view opacity shield39
Figure 3 Module’s back view39
Figure 4 Module’s top view with opacity shield39
Figure 5 Module’s bottom view with opacity shield40
Figure 6 Module’s left view with opacity shield40
Figure 7 Module’s right view with opacity shield40
Figure 8 Opacity Shield Brackets42
Page 5
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic module specification2
33Cryptographic module interfaces2
44Roles, services, and authentication3
55Software/Firmware security2
66Operational environmentN/A
77Physical security2
88Non-invasive securityN/A
99Sensitive security parameter management2
1010Self-tests2
1111Life-cycle assurance2
1212Mitigation of other attacksN/A
Overall LevelOverall Level2
1.1 Overview

Defense Cryptographic Module (FPR 3100 Series) (hereinafter referred to as FTD or Module), version 7.4. The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 2 hardware cryptographic module. The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic table indicates the actual security levels for each area of the cryptographic module.

1.2 Security Levels
2.1 Description

Purpose and Use: This module is a multi-chip standalone hardware cryptographic module which houses Firepower solutions with underlying operating system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FX-OS throughout this document). The Module is operated in FTD delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. The FTD solution offers the combination of the industry's most deployed stateful firewall with a comprehensive © 2021-2025 Cisco Systems, Inc.

Page 6
Module configuration
NameModelHardware VersionFirmware VersionProcessor
FRP 3105FRP 3105FPR-31057.4AMD EPYC 7272 (Zen2) & NITROX-V, Marvell Semiconductor, NITROX
FRP 3110FRP 3110FPR-31107.4AMD EPYC 7272 (Zen2) & NITROX-V, Marvell Semiconductor, NITROX
FRP 3120FRP 3120FPR-31207.4AMD EPYC 7282 (Zen2) & NITROX-V, Marvell Semiconductor, NITROX
FRP 3130FRP 3130FPR-31307.4AMD EPYC 7352 (Zen2) & NITROX-V, Marvell Semiconductor, NITROX
FRP 3140FRP 3140FPR-31407.4AMD EPYC 7452 (Zen2) & NITROX-V, Marvell Semiconductor, NITROXC

range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications, HTTPS/TLSv1.2, SSHv2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic boundary is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case, and shown in the figures below and in the Physical Security section. The FPR 3105, FPR 3110, FPR 3120, FPR 3130 and FPR 3140 all have the same exterior appearance. Where they differ is in Firewall throughput, IPS throughput, IPsec VPN throughput and number of VPN peers allowed. Tested Operational Environment’s Physical Perimeter (TOEPP):

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 7
Service
NameDescriptionIndicatorType
Approved Mode of OperationThe module is always in the approved mode of operation after initial operations are performed.Approved mode indicator: "FIPS is currently enabled."Approved
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA4446Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA4446Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA4446Prediction Resistance - Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A4446Curve - P-256, P-384, P-521FIPS 186-4
ECDSA SigGen (FIPS186-4)A4446Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4446Curve - P-256, P-384, P-521FIPS 186-4
HMAC-SHA-1A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2-224A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2-256A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2-384A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2-512A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4446Domain Parameter Generation Methods - P- 256, P-384, P-521SP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A4446Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp-4096SP 800-56A Rev. 3
KDF IKEv2 (CVL)A4446Diffie-Hellman Shared Secret Length - Diffie- Hellman Shared Secret Length: 2048 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1SP 800-135 Rev. 1
KDF SNMP (CVL)A4446Password Length - Password Length: 256, 64SP 800-135 Rev. 1
KDF SSH (CVL)A4446Cipher - AES-128, AES-192, AES-256SP 800-135 Rev. 1
RSA KeyGen (FIPS186-4)A4446Key Generation Mode - B.3.4 Modulo - 2048, 3072, 4096 Hash Algorithm - SHA2-256 Private Key Format - StandardFIPS 186-4
RSA SigGen (FIPS186-4)A4446Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096FIPS 186-4
RSA SigVer (FIPS186-4)A4446Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS Modulo - 1024, 2048, 3072, 4096FIPS 186-4
Safe Primes Key GenerationA4446Safe Prime Groups - modp-2048, modp-3072, modp-4096SP 800-56A Rev. 3
SHA-1A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-224A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-256A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-384A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-512A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4446Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
AES-CBCC1026Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMC1026Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
Hash DRBGC1026Prediction Resistance - No Mode - SHA2-512SP 800-90A Rev. 1
HMAC-SHA-1C1026FIPS 198-1
HMAC-SHA2- 256C1026FIPS 198-1
HMAC-SHA2- 384C1026FIPS 198-1
HMAC-SHA2- 512C1026FIPS 198-1
SHA-1C1026Message Length - Message Length: 0- 51200 Increment 8FIPS 180-4
SHA2-256C1026Message Length - Message Length: 0- 51200 Increment 8FIPS 180-4
SHA2-384C1026Message Length - Message Length: 0- 102400 Increment 8FIPS 180-4
SHA2-512C1026Message Length - Message Length: 0- 102400 Increment 8FIPS 180-4

Table 2: Tested Module Identification

2.3 Excluded Components

N/A for this module. Modes List and Description: Table 3: Modes List and Description operation after initial operations are performed (See Section 11). The module does not claim implementation of a degraded mode of operation. Section 4 provides details on the service

2.5 Algorithms

Approved Algorithms: CiscoSSL FOM Cryptographic Implementation © 2021-2025 Cisco Systems, Inc.

Page 9

Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation Marvell Cavium Nitrox V HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 Table 5: Approved Algorithms - Marvell Cavium Nitrox V Vendor-Affirmed Algorithms: © 2021-2025 Cisco Systems, Inc.

Page 10
Service
NameDescriptionApproved FunctionsTypeProperties
CKGKey Type:AsymmetricCiscoSSL FOM Cryptographic ImplementationThe cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed) and FIPS 140-3 IG D.H. A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800-90Arev1 CTR_DRBG (A4446) or HMAC_DRBG (C1026)
KAS-ECC- KeyGen (SSHv2)KAS ECC keygen used in SSHv2 serviceCounter DRBG Hash DRBG CKGKAS-KeyGen
KAS-FFC- KeyGen (SSHv2)KAS FFC keygen used in SSHv2 serviceCounter DRBG Safe Primes Key Generation Hash DRBG CKGKAS-KeyGen
KAS-ECC- KeyGen (TLSv1.2)KAS ECC keygen used in TLSv1.2 serviceCounter DRBG Hash DRBG CKGKAS-KeyGen
KAS-FFC- KeyGen (TLSv1.2)KAS FFC keygen used in TLSv1.2 serviceCounter DRBG Safe Primes Key Generation Hash DRBG CKGKAS-KeyGen
Service
NameDescriptionApproved FunctionsTypeProperties
CKGKey Type:AsymmetricCiscoSSL FOM Cryptographic ImplementationThe cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed) and FIPS 140-3 IG D.H. A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800-90Arev1 CTR_DRBG (A4446) or HMAC_DRBG (C1026)
KAS-ECC- KeyGen (SSHv2)KAS ECC keygen used in SSHv2 serviceCounter DRBG Hash DRBG CKGKAS-KeyGen
KAS-FFC- KeyGen (SSHv2)KAS FFC keygen used in SSHv2 serviceCounter DRBG Safe Primes Key Generation Hash DRBG CKGKAS-KeyGen
KAS-ECC- KeyGen (TLSv1.2)KAS ECC keygen used in TLSv1.2 serviceCounter DRBG Hash DRBG CKGKAS-KeyGen
KAS-FFC- KeyGen (TLSv1.2)KAS FFC keygen used in TLSv1.2 serviceCounter DRBG Safe Primes Key Generation Hash DRBG CKGKAS-KeyGen

Non-Approved, Allowed Algorithms: Non-Approved, Allowed Algorithms with No Security Claimed: Non-Approved, Not Allowed Algorithms:

2.6 Security Function Implementations

KAS-ECCKeyGen KAS-FFCKeyGen KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc.

Page 11
Service
NameDescriptionApproved FunctionsTypeProperties
KAS-ECC- KeyGen (IKEv2)KAS ECC keygen used in IKE v2 serviceCounter DRBG Hash DRBG CKGKAS-KeyGen
KAS-FFC- KeyGen (IKEv2)KAS FFC keygen used in IKE v2 serviceCounter DRBG Safe Primes Key Generation Hash DRBG CKGKAS-KeyGen
KAS-FFC (SSHv2)Key Agreement Scheme per SP800-56Arev3 with KDF SSH. The module’s KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliantKDF SSH KAS-FFC-SSC Sp800-56Ar3 Domain Parameter Generation Methods:: modp- 2048KAS-FullBit-strength Caveat:Provides between 112 to 152 bits of encryption strength
KAS-ECC (SSHv2)Key Agreement Scheme per SP800-56Arev3 with KDF SSH. The module’s KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliantKDF SSH KAS-ECC-SSC Sp800-56Ar3KAS-FullBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
KAS-FFC (TLSv1.2)Key Agreement Scheme per SP800-56Arev3 with TLS v1.2 KDF RFC7627. The module’s KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliantTLS v1.2 KDF RFC7627 KAS-FFC-SSC Sp800-56Ar3 Domain Parameter Generation Methods:: ffdhe2048KAS-FullBit-strength Caveat:Provides between 112 to 152 bits of encryption strength
KAS-ECC (TLSv1.2)Key Agreement Scheme per SP800-56Arev3 with KDF IKEv2. The module’s KAS (ECC) implementationTLS v1.2 KDF RFC7627 KAS-ECC-SSC Sp800-56Ar3KAS-FullBit-strength Caveat:Provides between 128 and 256 bits of encryption strength

Methods:: modp2048 © 2021-2025 Cisco Systems, Inc.

Page 12
Service
NameDescriptionRole AccessApproved FunctionsType
KAS-ECC (IKEv2)Bit-strength Caveat:Provides between 112 and 256 bits of encryption strengthKey Agreement Scheme per SP800-56Arev3 with KDF IKEv2. The module’s KAS (ECC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliantKAS-ECC-SSC Sp800-56Ar3 KDF IKEv2KAS-Full
KAS-FFC (IKEv2)Bit-strength Caveat:Provides between 112 and 152 bits of encryption strengthKey Agreement Scheme per SP800-56Arev3 with KDF IKEv2. The module’s KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliantKAS-FFC-SSC Sp800-56Ar3 KDF IKEv2KAS-Full
KTS (TLSv1.2 with AES and HMAC)Bit-strength Caveat:Provides between 128 and 256 bits of encryption strengthKTS via TLSv1.2 service by using AES and HMACAES-CBC Key Length: 128, 256 HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 SHA-1 SHA2-256 SHA2-384KTS-Wrap
KTS (TLSv1.2 with AES-GCM)Bit-strength Caveat:Provides between 128 and 256 bits of encryption strengthKTS via TLSv1.2 service by using AES-GCMAES-GCM Key Length: 128, 256 AES-CBCKTS-Wrap
KTS (SSHv2 with AES and HMAC)Bit-strength Caveat:Provides between 128 and 256 bits of encryption strengthKTS via SSHv2 service by using AES and HMACAES-CBC Key Length: 128, 256 HMAC-SHA-1 HMAC-SHA2- 256KTS-Wrap
KTS (SSHv2 with AES-GCM)Bit-strength Caveat:Provides between 128 and 256 bits of encryption strengthKTS via SSHv2 service by using AES-GCMAES-GCM Key Length: 128, 256 AES-CBCKTS-Wrap
RSA KeyGen (SSHv2, TLSv1.2, IKEv2)RSA KeyGen for SSHv2, TLSv1.2, and IKEv2 servicesRSA KeyGen (FIPS186-4) Counter DRBG Hash DRBGAsymKeyPair- KeyGen
ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)ECDSA KeyGen for TLSv1.2 and IKEv2 servicesECDSA KeyGen (FIPS186-4) Counter DRBG Hash DRBGAsymKeyPair- KeyGen
RSA SigGen (SSHv2, TLSv1.2, IKEv2)RSA SigGen for SSHv2, TLSv1.2, and IKEv2 servicesRSA SigGen (FIPS186-4)DigSig-SigGen
ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2)ECDSA SigGen for TLSv1.2, and IKEv2 servicesECDSA SigGen (FIPS186-4)DigSig-SigGen
RSA SigVer (SSHv2, TLSv1.2, and IKEv2)RSA SigVer for SSHv2, TLSv1.2, and IKEv2 servicesRSA SigVer (FIPS186-4)DigSig-SigVer
ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2)ECDSA SigVer for TLSv1.2 and IKEv2 servicesECDSA SigVer (FIPS186-4)DigSig-SigVer
Block Cipher (SSHv2)Block Cipher for SSHv2 serviceAES-CBC Key Length: 128, 256 AES-GCM Key Length: 128, 256BC-Auth BC-UnAuth
Block Cipher (TLSv1.2)Block Cipher for TLSv1.2 serviceAES-GCM Key Length: 128, 256 AES-CBC Key Length: 128, 256BC-Auth BC-UnAuth
Block Cipher (IPSec/IKEv2)Block Cipher for IPSec/IKEv2 serviceAES-CBC AES-GCM AES-CBC AES-GCMBC-Auth BC-UnAuth

HMAC-SHA2256 HMAC-SHA2384 © 2021-2025 Cisco Systems, Inc. HMAC-SHA2256

Page 13

AsymKeyPairKeyGen AsymKeyPairKeyGen © 2021-2025 Cisco Systems, Inc.

Page 14
Service
NameDescriptionApproved FunctionsType
Block Cipher (SNMPv3)Block Cipher for SNMPv3 serviceAES-CBC KDF SNMPBC-UnAuth
MAC (SSHv2)MAC for SSHv2 serviceHMAC-SHA-1 HMAC-SHA2- 256 SHA-1 SHA2-256MAC
MAC (TLSv1.2)Message Authentication for TLSv1.2 servicesHMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 SHA-1 SHA2-256 SHA2-384MAC
MAC (IPSec/IKEv2)Message Authentication for IPSec/IKEv2 servicesHMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 SHA2-256 SHA2-384 SHA2-512 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 SHA2-256 SHA2-384 SHA2-512 HMAC-SHA-1 SHA-1MAC
MAC (SNMPv3)Message Authentication for SNMPv3 serviceHMAC-SHA-1 SHA-1 KDF SNMP HMAC-SHA2- 256 HMAC-SHA2- 384 SHA2-256 SHA2-384 HMAC-SHA2- 224 SHA2-224MAC
Firmware Load TestMAC for firmware load testHMAC-SHA2- 512MAC
SSHv2 Keying Materials DevelopmentSSHv2 session keying materials, used to derive SSHv2 session keysKDF SSHKAS-135KDF
TLS Keying Materials DevelopmentTLS session keying materials, used to derive TLS session keysTLS v1.2 KDF RFC7627KAS-135KDF
IKEv2 Keying Materials DevelopmentIKEv2 session keying materials, used to derive IKEv2 session keysKDF IKEv2KAS-135KDF
SNMPv3 Keying Materials DevelopmentSNMPv3 session keying materials, used to derive SNMPv3 session keysKDF SNMPKAS-135KDF
DRBG FunctionDRBG generationCounter DRBG Hash DRBGDRBG

© 2021-2025 Cisco Systems, Inc. HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2224

Page 15

HMAC-SHA2512 Table 7: Security Function Implementations

2.7 Algorithm Specific Information

There are some algorithm modes that were tested but not implemented by the module. Only the algorithms, modes, and key sizes that are implemented by the module are shown in this table. The module’s AES-GCM implementation conforms to Implementation Guidance C.H scenario #1 following RFC 5288 for TLS. The module is compatible with TLSv1.2 and provides support for the acceptable GCM cipher suites from SP 800-52 Rev1, Section 3.3.1. The operations of one of the two parties involved in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the module being validated. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. The keys for the client and server negotiated in the TLSv1.2 handshake process (client_write_key and server_write_key) are compared and the module aborts the session if the key values are identical. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established. © 2021-2025 Cisco Systems, Inc.

Page 16
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Cisco Jitter Entropy SourceNon- Physical4 bitsAMD EPYC 7272 (Zen2), AMD EPYC 7282 (Zen2), AMD EPYC 7352 (Zen2), AMD EPYC 7452 (Zen2)2 bitsA2810 (SHA3- 256)
CertVendor Name
Number
E3Cisco Systems, Inc.

The module uses RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption keys are derived. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. Two keys established by IKEv2 for one security association (one key for encryption in each direction between the parties) are not identical and abort the session if they are. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.

2.8 RBG and Entropy

Table 8: Entropy Certificates NonPhysical A2810 (SHA3256) Table 9: Entropy Sources

2.9 Key Generation

The module generates RSA, ECDSA, ECDH, and DH asymmetric key pairs compliant with FIPS 186-4, using a NIST SP 800-90A CTR DRBG or NIST SP 800-90A Hash DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).

2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation:

152 bits of encryption strength.
Page 17
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Ethernet Port, SFP (1G) port, SFP+ (10G) port, and Console PortEthernet Port, SFP (1G) port, SFP+ (10G) port, and Console PortData InputData input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP (1G) port, SFP+ (10G) port and Console PortEthernet Port, SFP (1G) port, SFP+ (10G) port and Console PortData OutputData output from the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and RESETEthernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and RESETControl InputControl Data input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and LEDsEthernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and LEDsStatus OutputStatus Information output from the module.
N/AN/AControl OutputN/A
PowerPowerPowerProvide the Power Supply to the module.

shared secret computation. The shared secret computation provides between 128 and

256 bits of encryption strength.
2.11 Industry Protocols

The module supports SSHv2, TLS v1.2, SNMPv3 and IPsec/IKEv2 industrial protocols. Please refer to the Security Function Implementations Table for more information. No parts of SSH, TLS, IKE and SNMP protocols, other than the KDFs, have been tested by the CAVP and CMVP.

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

N/A N/A Table 10: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided The module’s data output interface will be disabled when performing pre-operational self-tests, loading new firmware, zeroizing keys, or when in an error state.

4 Roles, Services, and Authentication
4.1 Authentication Methods
Page 18
Sensitive security parameter
NameDescriptionStrengthStrength per Minute
PasswordThe minimum length is eight (8) characters (94 possible characters). The configuration supports at most ten failed attempts to authenticate in a one- minute period.The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000.Password BasedThe probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000.
RSA- Based CertificateThe modules support RSA public-key based authentication mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000.The probability that a random attempt will succeed is 1/(2^112). Please refer to Description section in this table for more detailsRSA SigVer (FIPS186-4) (A4446)the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112). Please refer to Description section in this table for more details
ECDSA- Based CertificateThe modules support ECDSA public-key based authentication mechanism using a minimum of curve P- 256, which provides 128 bits of security strength. The probability that a random attempt will succeed is 1/(2^128)The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. Please refer to DescriptionECDSA SigVer (FIPS186-4) (A4446)the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128). Please refer to Description section in

RSABased ECDSABased © 2021-2025 Cisco Systems, Inc.

Page 19
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCOIdentityPassword RSA-Based Certificate ECDSA-Based Certificate
UserUserIdentityPassword RSA-Based Certificate ECDSA-Based Certificate
Show StatusProvide Module’s currentCrypto Officer UserNoneN/ACommand used to showModule's Operationa l Status
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCOIdentityPassword RSA-Based Certificate ECDSA-Based Certificate
UserUserIdentityPassword RSA-Based Certificate ECDSA-Based Certificate
Show StatusProvide Module’s currentCrypto Officer UserNoneN/ACommand used to showModule's Operationa l Status
MethodDescriptionSecurity MechanismStrengthStrength per Minute
NameEach Attempt
which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000.section in this table for more detailsthis table for more details

and the User role. The module also allows the concurrent operators.

4.2 Roles

Table 12: Roles Unauthenticated Users can run the self-test service by power-cycling the module by removing the power and re-applying.

4.3 Approved Services
Page 20
Service
NameRole AccessCsps AccessedApproved FunctionsIndicatorInputOutput
Show VersionProvide Module's name and version informationCrypto Officer UserNoneN/ACommand to show versionModule's ID and versioning information
Perform Self-TestsPerform Self-Tests (Pre- operational self-test and Conditional Self-Tests)Crypto Officer User Unauthentic atedNoneN/ACommand to trigger Self-TestStatus of the self- tests results
Perform ZeroizationPerform ZeroizationCrypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - User Password: Z - Crypto Officer Password: Z - RADIUS Secret: Z - TACACS+ Secret: Z - Firmware Load Test Key: Z - SSH DH Private Key: Z - SSH DHNoneSyslog messageCommand to zeroize the moduleStatus of the SSPs zeroization

n (Preoperational N/A N/A the selftests Z Z © 2021-2025 Cisco Systems, Inc.

Page 21
Service
NameDescriptioSecurity
nnFunctions
nnFunctions
nnFunctions
Page 24
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure NetworkSets configurati on of the systemsCrypto OfficerNoneNoneCommand s to configure the networkStatus of the completion of network configurati on status
Crypto Officer Authenticat ionCO Role Authenticat ionCrypto Officer - Crypto Officer Password: W,ZNoneN/ACO Authenticat ion RequestStatus of the CO authenticat ion
User Authenticat ionUser Role Authenticat ionUser - User Password: W,ZNoneN/AUser role authenticat ion requestStatus of the User role authenticat ion
Configure SSHv2 FunctionConfigure SSHv2 FunctionCrypto Officer - SSH DH Private Key: W,E - SSH DH Public Key: W,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH Private Key: W,E - SSH ECDH Public Key: W,E - SSH PeerKAS-FFC (SSHv2) KAS-ECC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2,Global Indicator and SSHv2 configurat ion success status messageCommand s to configure SSHv2Status of the completion of the SSHv2 configurati on
TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) DRBG Function SSHv2 Keying Materials Developm entECDH Public Key: W,E - SSH ECDH Shared Secret: W,E - SSH RSA Private Key: W,E - SSH RSA Public Key: W,E - SSH ECDSA Private Key: W,E - SSH ECDSA Public Key: W,E - SSH Session Encryption Key: W,E - SSH Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,ETLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) DRBG Function SSHv2 Keying Materials Developm ent
Configure HTTPS over TLSv1.2 FunctionConfigure HTTPS over TLSv1.2 FunctionCrypto Officer - TLS DH Private Key: W,E - TLS DH Public Key: W,E - TLS PeerKAS-FFC (TLSv1.2) KAS-ECC (TLSv1.2) KTS (TLSv1.2 with AES and HMAC)Global Indicator and HTTPS over TLSv1.2 configurat ion successCommand s to configure TLSv1.2Status of the completion of TLSv1.2 configurati on

n N/A N/A with AESGCM) © 2021-2025 Cisco Systems, Inc. W,Z W,Z W,E W,E W,E W,E

Page 25

n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E W,E

Page 26
Service
NameCsps AccessedIndicatorDescriptioSecurity
nnFunctions
status messageDH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key: W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E - TLS RSA Private Key: W,E - TLS RSA Public Key: W,E - TLS Master Secret: W,E - TLS Session Encryption Key: W,E - TLS Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internalstatus messageKTS (TLSv1.2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2) KAS-ECC- KeyGen (TLSv1.2) KAS-FFC- KeyGen (TLSv1.2) TLS Keying Materials Developm

n with AESGCM) KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E

Page 27
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure IPsec/IKEv 2 FunctionConfigure IPSec/IKEv 2 FunctionCrypto Officer - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: W,E - IPSec/IKE ECDH Private Key: W,E - IPSec/IKE ECDH Public Key: W,E - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKE ECDH Shared Secret: W,E - IPSec/IKE ECDSA Private Key: W,E - IPSec/IKE ECDSA Public Key: W,E - IPSec/IKE RSA Private Key: W,E - IPSec/IKE RSA Public Key: W,EKAS-ECC (IKEv2) KAS-FFC (IKEv2) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE v2) MAC (IPSec/IKE v2) KAS-ECC- KeyGen (IKEv2) KAS-FFC-Global Indicator with IPsec/IKE v2 configurat ion success status messageCommand s to configure IPsec/IKEv 2Status of the completion of IPsec/IKEv 2 configurati on
KeyGen (IKEv2) IKEv2 Keying Materials Developm ent DRBG Function- IPSec/IKE Pre-shared Secret: W,E - SKEYSEED: W,E - IPSec/IKE Session Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,EKeyGen (IKEv2) IKEv2 Keying Materials Developm ent DRBG Function
Run SSHv2 FunctionExecute SSHv2 FunctionCrypto Officer - SSH DH Private Key: W,E - SSH DH Public Key: W,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH Private Key: W,E - SSH ECDH Public Key: W,E - SSH Peer ECDH Public Key: W,E - SSH ECDHKAS-FFC (SSHv2) KAS-ECC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGenGlobal Indicator and successfu l SSHv2 log messageInitiate SSHv2 tunnel establishm entStatus of SSHv2 tunnel establishm ent

n KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E

Page 28

n with AESGCM) © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E

Page 29
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
(SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) DRBG Function SSHv2 Keying Materials Developm entShared Secret: W,E - SSH RSA Private Key: W,E - SSH RSA Public Key: W,E - SSH ECDSA Private Key: W,E - SSH ECDSA Public Key: W,E - SSH Session Encryption Key: W,E - SSH Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E User - SSH DH Private Key: W,E - SSH DH Public Key: W,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH(SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) DRBG Function SSHv2 Keying Materials Developm ent

n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E

Page 30
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run HTTPS overExecute HTTPS overCrypto Officer - TLS DH Private Key:KAS-FFC (TLSv1.2) KAS-ECC (TLSv1.2)Global Indicator and successfuInitiate TLSv1.2 tunnelStatus of TLSv1.2 tunnel
TLSv1.2 FunctionTLSv1.2 functionW,E - TLS DH Public Key: W,E - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key: W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E - TLS RSA Private Key: W,E - TLS RSA Public Key: W,E - TLS Master Secret: W,E - TLS Session Encryption Key: W,E - TLS Session Authenticatio n Key: W,E - DRBG EntropyKTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGenl HTTPS over TLSv1.2 log messageestablishm ent requestestablishm ent
Page 31

n with AESGCM) KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E W,E W,E

Page 32
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
(SSHv2) DRBG Function SSHv2 Keying Materials Developm entInput: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E User - TLS DH Private Key: W,E - TLS DH Public Key: W,E - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key: W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E - TLS RSA Private Key: W,E - TLS RSA Public Key: W,E(SSHv2) DRBG Function SSHv2 Keying Materials Developm ent
Page 33
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run IPSec/IKEv 2 FunctionExecute IPsec/IKEv 2 FunctionCrypto Officer - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: W,E - IPSec/IKE ECDH Private Key: W,E - IPSec/IKE ECDH Public Key: W,E - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKEKAS-ECC (IKEv2) KAS-FFC (IKEv2) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2,Global Indicator and succesful IPsec/IKE v2 log messageInitiate IPsec/IKEv 2 tunnel establishm ent requestStatus of IPSec/IKE v2 tunnel establishm ent
Page 34
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE v2) MAC (IPSec/IKE v2) KAS-ECC- KeyGen (IKEv2) KAS-FFC- KeyGen (IKEv2) IKEv2 Keying Materials Developm ent DRBG FunctionECDH Shared Secret: W,E - IPSec/IKE ECDSA Private Key: W,E - IPSec/IKE ECDSA Public Key: W,E - IPSec/IKE RSA Private Key: W,E - IPSec/IKE RSA Public Key: W,E - IPSec/IKE Pre-shared Secret: W,E - SKEYSEED: W,E - IPSec/IKE Session Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E User - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKEand IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE v2) MAC (IPSec/IKE v2) KAS-ECC- KeyGen (IKEv2) KAS-FFC- KeyGen (IKEv2) IKEv2 Keying Materials Developm ent DRBG Function

n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E

Page 35
Service
NameDescriptioSecurity
nnFunctions
Page 36
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure SNMPv3 FunctionConfigure SNMPv3 FunctionCrypto Officer - SNMPv3 Shared Secret: W,E - SNMPv3 Encryption Key: W,E - SNMPv3 Authenticatio n Key: W,EBlock Cipher (SNMPv3) MAC (SNMPv3) SNMPv3 Keying Materials Developm entGlobal Indicator and SNMPv3 configurat ion success status messageCommand s to configure SNMPv3Status of the completion of SNMPv3 configurati on
Run SNMPv3 FunctionExecute SNMPv3 FunctionCrypto Officer UserBlock Cipher (SNMPv3) MAC (SNMPv3) SNMPv3 Keying Materials Developm entGlobal Indicator and successfu l SNMPv3 log messageInitiate SNMPv3 tunnel establishm ent requestStatus of SNMPv3 tunnel establishm ent
Firmware Load TestExecute the Firmware Load TestCrypto Officer - Firmware Load Test Key: RFirmware Load TestGlobal indicator and successfu l Firmware Loading status messageCommand s to load new firmware imageOutcome of the Firmware Load Test
4.4 Non-Approved Services

N/A for this module. © 2021-2025 Cisco Systems, Inc. W,E

Page 37
4.5 External Software/Firmware Loaded

The module supports the firmware load test by using HMAC-SHA2-512 (HMAC Cert. #A4446) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails.

4.6 Cryptographic Output Actions and Status

The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.

4.7 Additional Information

The module supports unauthenticated service. The unauthenticated User/Operators can trigger the self-test service by power-cycling the module, and is able to observe the module’s LEDs status.

5 Software/Firmware Security
5.1 Integrity Techniques

The module is provided in the form of binary executable code. To ensure firmware security, the module is protected by RSA 2048 bits with SHA2-512 (RSA Cert. #A4446) algorithm. A Firmware Integrity Test Key (non-SSP) was preloaded to the module’s binary at the factory and used for firmware integrity test only at the pre-operational self-test. The module uses the RSA

2048 bits modulus public key to verify the digital signature. If the firmware integrity test fails, the

module would enter to an Error state with all crypto functionality inhibited.

5.2 Initiate on Demand

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the firmware integrity test on-demand. © 2021-2025 Cisco Systems, Inc.

Page 38
MechanismInspectionInspection Guidance
Frequency
Tamper labels (9) with Part number: AIR-AP-FIPSKIT=Recommend 30 DaysVisible inspection of platform for residual evidence of tampering
Opacity shield (1) with Part number: FPR3K-FIPS-KIT=Recommend 30 DaysVisible inspection of platform for evidence of tampering, removal or access
6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited

7 Physical Security
7.1 Mechanisms and Actions Required

Table 14: Mechanisms and Actions Required Step 1: Turn off and unplug the module. Step 2: Clean the chassis of any grease, dirt, oil or any other material other than the surface coating from manufacture before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Step 3: Apply a label to cover the module as shown in the figures below. The tamper evident labels are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the module will damage the tamper evident labels or the material of the security appliance cover. Because the tamper evident labels have non-repeated serial numbers, they may be inspected for damage and compared against the applied serial numbers to verify that the security appliance has not been tampered with. Tamper evident labels can also be inspected for signs of tampering, which include the following: curled corners, rips, and slices. The word “FIPS” may appear if the label was peeled back.

7.2 User Placed Tamper Seals

Number: Nine (9) Placement: © 2021-2025 Cisco Systems, Inc.

Page 39

Figure 2 Module’s front view opacity shield TEL 1 Figure 3 Module’s back view TEL 7 TEL 6 TEL 8 TEL 2 TEL 4 TEL 5 TEL 1 TEL 3 Figure 4 Module’s top view with opacity shield © 2021-2025 Cisco Systems, Inc.

Page 40

TEL 8 TEL 9 TEL 7 TEL 6 Figure 5 Module’s bottom view with opacity shield TEL 3 Figure 6 Module’s left view with opacity shield TEL 2 Figure 7 Module’s right view with opacity shield Surface Preparation: Clean the chassis of any grease, dirt, or oil before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Operator Responsible for Securing Unused Seals: Any unused TELs must be securely stored, accounted for, and maintained by the CO in a protected location.

7.3 Filler Panels

3105, 3110, 3120, 3130, 3140 Opacity Shield FPR3K-FIPS-KIT= Step 1: Attach the Slide Rail Locking Bracket, #2 in diagram to the Side of the Chassis using the countersink screws #3 in diagram. © 2021-2025 Cisco Systems, Inc.

Page 41

Step 2: Attach the Cable Management Bracket (#1) to the Slide Rail Locking Bracket (#2) using the countersink screws (#3) Step 3: Route the Cables through the Cable Management Brackets Step 4: Attach the FIPS Opacity Shield (#1) to the Cable Management Brackets (#3) using the countersink screws (#2) © 2021-2025 Cisco Systems, Inc.

Page 42

Figure 8 Opacity Shield Brackets

8 Non-Invasive Security
9 Sensitive Security Parameters Management
9.1 Storage Areas
Page 43
Sensitive security parameter
NameTypeDescription
DRAMDynamicVolatile Memory
FlashStaticNon-Volatile Memory
Service
NameApproved FunctionsTypeFromToDistributio n TypeEntry Type
Peer Public Key InputPlaintextExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Module Public Key OutputPlaintextModuleExternal (Outside of the Module's Boundary )AutomatedElectroni c
Password/Secre t Input via SSHv2 encrypted by GCMKTS (SSHv2 with AES- GCM)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via SSHv2 encrypted by AES and HMACKTS (SSHv2 with AES and HMAC)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via TLS encrypted by GCMKTS (TLSv1.2 with AES- GCM)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via TLS encrypted by AES and HMACKTS (TLSv1.2 with AES and HMAC)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
9.2 SSP Input-Output Methods

) c ) c d c with AESGCM) d c d c with AESGCM) d c ) ) ) ) © 2021-2025 Cisco Systems, Inc. m

Page 44
Sensitive security parameter
NameTypeDescriptionStrengthUse
DRBG Entropy InputEntropy Input - CSPUsed to seed the DRBG384 bits - at least 256 bitsDRBG Function
DRBG SeedDRBG Seed - CSPUsed in DRBG Generation256 bits - 256 bitsDRBG Function
DRBG Internal State V valueDRBG Internal State V value - CSPUsed in DRBG Generation256 bits - 256 bitsDRBG Function
DRBG KeyDRBG Key - CSPUsed in DRBG Generation256 bits - 256 bitsDRBG Function
User PasswordAuthenticati on Data - CSPUser authenticati on8-30 Characte rs - 8-30 Characte rs
Crypto Officer PasswordAuthenticati on Data - CSPCrypto Officer authenticati on8-30 Characte rs - 8-30 Characte rs
RADIUS SecretAuthenticati on Data - CSPRADIUS Server Authenticati on16 Characte rs - 16 Characte rs
ZeroizationDescriptionRationaleOperator
MethodInitiation
Zeroization CommandCO issues zeroization servicethe zeroization command will erase all SSPs stored in the DRAM or in the Flash of the module.'configure factory-default'

Table 16: SSP Input-Output Methods

9.3 SSP Zeroization Methods

Table 17: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement. © 2021-2025 Cisco Systems, Inc.

Page 45
Sensitive security parameter
NameTypeDescriptionStrengthUse
TACACS+ SecretAuthenticati on Data - CSPTACACS+ Authenticati on16 Characte rs - 16 Characte rs
Firmware Load Test KeyPublic Key - CSPUsed for Firmware Load Test112 bits - 112 bitsFirmware Load Test
SSH DH Private KeyPrivate Key - CSPUsed to derive the SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC (SSHv2)KAS- FFC- KeyGen (SSHv2)
SSH DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC (SSHv2)KAS-FFC- KeyGen (SSHv2)
SSH Peer DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC (SSHv2)
SSH DH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC (SSHv2)KAS-FFC (SSHv2)
SSH ECDH Private KeyPrivate Key - CSPUsed to derive the SSH ECDH Shared SecretCurves: 256, 384, 521 bits - 128 to 256 bitsKAS-ECC (SSHv2)KAS- ECC- KeyGen (SSHv2)
SSH ECDH Public KeyPublic Key - PSPUsed to derive SSH ECDHECurves: 256, 384, 521 bits -KAS-ECC (SSHv2)KAS-ECC- KeyGen (SSHv2)
Shared SecretShared Secret128-256 bits
SSH Peer ECDH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretCurves: 256, 384, 521 bits - 128 to 256 bitsKAS-ECC (SSHv2)
SSH ECDH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysCurves: 256, 384, 521 bits - 128 to 256 bitsKAS-ECC (SSHv2)KAS-ECC (SSHv2)
SSH RSA Private KeyPrivate Key - CSPUsed for SSH session authenticati onModulus 2048 and 3072 bits - 112- 128 bitsRSA SigVer (SSHv2, TLSv1.2, and IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH RSA Public KeyPublic Key - PSPUsed for SSH sessions aiuthenticati onModulus 2048 and 3072 bits - 112- 128 bitsRSA SigVer (SSHv2, TLSv1.2, and IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH ECDSA Private KeyPrivate Key - CSPUsed for SSH session authenticati onCurves: 256, 384, 521 bits - 128 to 256 bitsECDSA SigGen (SSHv2, TLSv1.2 and IKEv2)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
SSH ECDSA Public KeyPublic Key - PSPUsed for SSH sessions aiuthenticati onCurves: 256, 384, 521 bits - 128 to 256 bitsECDSA SigVer (SSHv2, TLSv1.2, and IKEv2)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
SSH Session Encryption KeySession Key - CSPUsed for SSH Session confidentialit y protection128-256 bits - 128-256 bitsBlock Cipher (SSHv2)SSHv2 Keying Materials Developme nt
SSH Session Authenticati on KeySession Key - CSPUsed for SSH Session integrity protectionAt least 160 bits - At least 160 bitsMAC (SSHv2)SSHv2 Keying Materials Developme nt
TLS DH Private KeyPrivate Key - CSPUsed to Derive TLSModulus: 2048,KAS-FFC (TLSv1.2)KAS- FFC-
DH Shared SecretDH Shared Secret3072, 4096 bits - 128- 152 bitsKeyGen (TLSv1.2 )
TLS DH Public KeyPublic Key - PSPUsed to Derive TS DH Shared SecretModulus: 2048, 3072, or 4096 bits - 128- 152 bitsKAS-FFC (TLSv1.2)KAS-FFC- KeyGen (TLSv1.2)
TLS Peer DH Public KeyPublic Key - PSPUsed to derive IKE DH Shared SecretModulus: 2048, 3072, or 4096 bits - 128- 152 bitsKAS-FFC (TLSv1.2)
TLS DH Shared SecretShared Secret - CSPUsed to Derive TLS Session Encryption Key and TLS Session Authenticati on KeyModulus 2048, 3072, or 4096 - 128-152 bitsKAS-FFC (TLSv1.2)KAS-FFC (TLSv1.2)
TLS ECDH Private KeyPrivate Key - CSPUsed to Derive TLS ECDH Shared SecretCurves P-256, P- 384, and P-521 - 128-256 bitsKAS-ECC (TLSv1.2)KAS- ECC- KeyGen (TLSv1.2 )
TLS ECDH Public KeyPublic Key - PSPUsed to Derive TS ECDH Shared SecretCurves P-256, P- 384, and P-521 - 128-256 bitsKAS-ECC (TLSv1.2)KAS-ECC- KeyGen (TLSv1.2)
TLS Peer ECDH Public KeyPublic Key - PSPUsed to derive IKE ECDH Shared SecretCurves: P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC (TLSv1.2)
TLS ECDH Shared SecretShared Secret - CSPUsed to Derive TLS Session Encryption Key andCurves p-256, P- 384, P- 521 -KAS-ECC (TLSv1.2)KAS-ECC (TLSv1.2)
TLS Session Authenticati on KeyTLS Session Authenticati on Key128-256 bits
TLS ECDSA Private KeyPrivate Key - CSPUsed to support CO and Admin HTTPS interfacesCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigGen (SSHv2, TLSv1.2 and IKEv2)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
TLS ECDSA Public KeyPublic Key - PSPUsed to support CO and User HTTPS InterfacesCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigVer (SSHv2, TLSv1.2, and IKEv2)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
TLS RSA Private KeyPrivate Key - CSPUsed to support CO and Admin HTTPS InterfacesModulus 2048 and 3072 bits - 112- 128 bitsRSA SigVer (SSHv2, TLSv1.2, and IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS RSA Public KeyPublic Key - PSPUsed to support CO and User HTTPS interfacesModulus 2048 and 3072 bits - 112- 128 bitsRSA SigVer (SSHv2, TLSv1.2, and IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS Master SecretMaster Secret - CSPUsed to protect HTTPS Session. Pre-master secretAt least 112 bits - At least 112 bitsTLS Keying Materials Developme ntTLS Keying Materials Developme nt
TLS Session Encryption KeySession Key - CSPUsed to protect HTTPS Session. TLS Master secret128-256 bits - 128-256 bitsBlock Cipher (TLSv1.2)TLS Keying Materials Developme nt
TLS Session Authenticati on KeySession Key - CSPUsed to protect HTTPS Session. TLS master secretat least 112 bits - at least 112 bitsMAC (TLSv1.2)TLS Keying Materials Developme nt
IPSec/IKE DH Private KeyPrivate Key - CSPUsed to derive IPSec/IKEMODP- 2048, MODP- 3072,KAS-FFC (IKEv2)KAS- FFC- KeyGen (IKEv2)
DH Shared SecretDH Shared SecretMODP- 4096 - 112-152 bits
IPSec/IKE DH Public KeyPublic Key - PSPUsed to derive IPSec/IKE DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC (IKEv2)KAS-FFC- KeyGen (IKEv2)
IPSec/IKE Peer DH Public KeyPublic Key - PSPUsed to derive IPSec/IKE DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC (IKEv2)
IPSec/IKE DH Shared SecretShared Secret - CSPUsed to derive IPSec/IKE Session Encryption Keys, IPSec/IKE Authenticati on KeysMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC (IKEv2)KAS-FFC (IKEv2)
IPSec/IKE ECDH Private KeyPrivate Key - CSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC (IKEv2)KAS- ECC- KeyGen (IKEv2)
IPSec/IKE ECDH Public KeyPublic Key - PSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC (IKEv2)KAS-ECC- KeyGen (IKEv2)
IPSec/IKE Peer ECDH Public KeyPublic Key - PSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC (IKEv2)
IPSec/IKE ECDH Shared SecretShared Secret - CSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC (IKEv2)KAS-ECC (IKEv2)
IPSec/IKE ECDSA Private KeyPrivate Key - CSPUsed for IPSec/IKE peer authenticati onCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigGen (SSHv2, TLSv1.2 and IKEv2)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
IPSec/IKE ECDSA Public KeyPublic Key - PSPUsed for IPSec/IKE peer authenticati onCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigVer (SSHv2, TLSv1.2, and IKEv2)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
IPSec/IKE RSA Private KeyPrivate Key - CSPUsed for IPSec/IKE peer authenticati onModulus 2048 or 3072 - 112 or 128 bitsRSA SigGen (SSHv2, TLSv1.2, IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
IPSec/IKE RSA Public KeyPublic Key - PSPUsed for IPSec/IKE peer authenticati onModulus 2048 or 3072 - 112 or 128 bitsRSA SigVer (SSHv2, TLSv1.2, and IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
IPSec/IKE Pre-shared Secretshared secret - CSPUsed for IPSec/IKE peer authenticati on16-32 bytes character s - 16-32 bytes character sIKEv2 Keying Materials Developme nt
SKEYSEEDKeying Material - CSPKeying material used to derive the IPSec/IKE Session Encryption Key and IPSec/IKE Authenticati on Key160 bits - 160 bitsIKEv2 Keying Materials Developme ntIKEv2 Keying Materials Developme nt
IPSec/IKE SessionSession Key - CSPUsed to secure128-256 bits -Block CipherIKEv2 Keying

MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, KASFFCKeyGen KAS-FFCKeyGen KASECCKeyGen KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc.

Page 46

- 112128 bits - 112128 bits KASFFC© 2021-2025 Cisco Systems, Inc.

Page 47

- 128152 bits - 128152 bits - 128152 bits P-256, P384, P521 128-256 p-256, P384, P521 ) KAS-FFCKeyGen KASECCKeyGen ) KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc.

Page 48

P-256, P384, P521 128-256 P-256, P384, P521 128-256 - 112128 bits - 112128 bits MODP2048, MODP3072, KASFFCKeyGen © 2021-2025 Cisco Systems, Inc.

Page 49

MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, P-256, P384, P521 128-256 P-256, P384, P521 128-256 P-256, P384, P521 128-256 KAS-FFCKeyGen KASECCKeyGen KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc.

Page 51
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseRelated SSPs
Encryption KeyIPSec/IKEv 2 session confidentialit y128-256 bitsMaterials Developme nt(IPSec/IKEv 2)
IPSec/IKE Authenticati on KeySession Key - CSPUsed to secure IPSec/IKEv 2 session integrityat least 160 bits - at least 160 bitsIKEv2 Keying Materials Developme ntMAC (IPSec/IKEv 2)
SNMPv3 Shared SecretAuthenticati on Secret - CSPUsed for SNMPv3 user authenticati on8-32 character s - N/AIKEv2 Keying Materials Developme nt
SNMPv3 Encryption KeyEncryption Key - CSPUsed to protect SNMPv3 traffic confidentialit y128 bits - 128 bitsSNMPv3 Keying Materials Developme ntBlock Cipher (SNMPv3)
SNMPv3 Authenticati on KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 112 bits - At least 112 bitsSNMPv3 Keying Materials Developme ntMAC (SNMPv3)
DRBG Entropy InputDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG SeedDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG Internal State V valueDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseRelated SSPs
Encryption KeyIPSec/IKEv 2 session confidentialit y128-256 bitsMaterials Developme nt(IPSec/IKEv 2)
IPSec/IKE Authenticati on KeySession Key - CSPUsed to secure IPSec/IKEv 2 session integrityat least 160 bits - at least 160 bitsIKEv2 Keying Materials Developme ntMAC (IPSec/IKEv 2)
SNMPv3 Shared SecretAuthenticati on Secret - CSPUsed for SNMPv3 user authenticati on8-32 character s - N/AIKEv2 Keying Materials Developme nt
SNMPv3 Encryption KeyEncryption Key - CSPUsed to protect SNMPv3 traffic confidentialit y128 bits - 128 bitsSNMPv3 Keying Materials Developme ntBlock Cipher (SNMPv3)
SNMPv3 Authenticati on KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 112 bits - At least 112 bitsSNMPv3 Keying Materials Developme ntMAC (SNMPv3)
DRBG Entropy InputDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG SeedDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG Internal State V valueDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With

y y 2) s - N/A 2) Table 18: SSP Table 1 n n n n © 2021-2025 Cisco Systems, Inc.

Page 52
Sensitive security parameter
NameStorageZeroizationUseInput
DRBG KeyDRAM:Plainte xtZeroizatio n CommandDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used WithUntil Reboot
User PasswordFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
Crypto Officer PasswordFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by
RADIUS SecretFlash:Plaintex tZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
TACACS+ SecretFlash:Plaintex tZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
Firmware Load Test KeyFlash:Plaintex tN/A
SSH DH Private KeyDRAM:Plainte xtZeroizatio n CommandSSH DH Public Key:Paired With SSH Peer DHWhile SSH tunnel is on
SSH DH Public KeyDRAM:Plainte xtZeroizatio n CommandSSH DH Private Key:Paired WithModule Public Key OutputWhile SSH tunnel is on
SSH Peer DH Public KeyDRAM:Plainte xtZeroizatio n CommandSSH DH Private Key:Used WithPeer Public Key InputWhile SSH tunnel is on
SSH DH Shared SecretDRAM:Plainte xtZeroizatio n CommandSSH DH Private Key:Derived From SSH DH Public Key:Derived FromWhile SSH tunnel is on
SSH ECDH Private KeyDRAM:Plainte xtZeroizatio n CommandSSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used WithWhile SSH tunnel is on
SSH ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandSSH ECDH Private Key:Paired WithModule Public Key OutputWhile SSH tunnel is on
SSH Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandSSH ECDH Private Key:Used WithPeer Public Key InputWhile SSH tunnel is on
SSH ECDH Shared SecretDRAM:Plainte xtZeroizatio n CommandSSH ECDH Private Key:Derived From SSH ECDH Public Key:Derived FromWhile SSH tunnel is on
SSH RSA Private KeyFlash:Plaintex tZeroizatio n CommandSSH RSA Public Key:Paired With SSH Peer RSA Public Key:Used With
SSH RSA Public KeyFlash:Plaintex tZeroizatio n CommandSSH RSA Private Key:Paired WithModule Public Key Output
SSH ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandSSH ECDSA Public Key:Paired With
SSH ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandSSH ECDSA Private Key:Paired WithModule Public Key Output
SSH Session Encryption KeyDRAM:Plainte xtZeroizatio n CommandSSH Session Authentication Key:Used WithWhile SSH tunnel is on
SSH Session Authenticati on KeyDRAM:Plainte xtZeroizatio n CommandSSH Session Encryption Key:Used WithWhile SSH tunnel is on
TLS DH Private KeyDRAM:Plainte xtZeroizatio n CommandTLS DH Public Key:Paired With TLS Peer DH Public Key:Used WithWhile TLS tunnel is on
TLS DH Public KeyDRAM:Plainte xtZeroizatio n CommandTLS DH Private Key:Paired WithModule Public Key OutputWhile TLS tunnel is on
TLS Peer DH Public KeyDRAM:Plainte xtZeroizatio n CommandTLS DH Private Key:Used WithPeer Public Key Inputwhile TLS tunnel is on
TLS DH Shared SecretDRAM:Plainte xtZeroizatio n CommandTLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived FromWhile TLS tunnel is on
TLS ECDH Private KeyDRAM:Plainte xtZeroizatio n CommandTLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used WithWhile TLS tunnel is on
TLS ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandTLS ECDH Private Key:Paired WithModule Public Key OutputWhile TLS tunnel is on
TLS Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandTLS ECDH Private Key:Used WithPeer Public Key Inputwhile TLS tunnel is on
TLS ECDH Shared SecretDRAM:Plainte xtZeroizatio n CommandTLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived FromWhile TLS tunnel is on
TLS ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandTLS ECDSA Public Key:Paired With
TLS ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandTLS ECDSA Private Key:Paired WithModule Public Key Output
TLS RSA Private KeyFlash:Plaintex tZeroizatio n CommandTLS RSA Public Key:Paired With
TLS RSA Public KeyFlash:Plaintex tZeroizatio n CommandTLS RSA Private Key:Paired WithModule Public Key Output
TLS Master SecretDRAM:Plainte xtZeroizatio n CommandTLS ECDH Shared Secret:Derived FromWhile TLS tunnel is on
TLS Session Encryption KeyDRAM:Plainte xtZeroizatio n CommandTLS Session Authentication Key:Used WithWhile TLS tunnel is on
TLS Session Authenticati on KeyDRAM:Plainte xtZeroizatio n CommandTLS Session Encryption Key:Used WithWhile TLS tunnel is on
IPSec/IKE DH Private KeyDRAM:Plainte xtZeroizatio n CommandIPSec/IKE DH Public Key:Paired With IPSec/IKE Peer DH Public Key:Used WithWhile IPSec/IKE v2 tunnel is on
IPSec/IKE DH Public KeyDRAM:Plainte xtZeroizatio n CommandIPSec/IKE DH Private Key:Paired WithModule Public Key OutputWhile IPSec/IKE v2 tunnel is on
IPSec/IKE Peer DH Public KeyDRAM:Plainte xtZeroizatio n CommandIPSec/IKE DH Private Key:Used WithPeer Public Key Inputwhile IPSec/IKE tunnel is on
IPSec/IKE DH Shared SecretDRAM:Plainte xtZeroizatio n CommandSKEYSEED:Used WithWhile IPSec/IKE v2 tunnel is on
IPSec/IKE ECDH Private KeyDRAM:Plainte xtZeroizatio n CommandIPSec/IKE ECDH Public Key:Paired With IPSec/IKE Peer ECDH Public Key:Used WithWhile IPSec/IKE v2 tunnel is on
IPSec/IKE ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandIPSec/IKE ECDH Private Key:Paired WithModule Public Key OutputWhile IPSec/IKE v2 tunnel is on
IPSec/IKE Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandIPSec/IKE ECDH Private Key:Used WithPeer Public Key InputWhile IPSec/IKE v2 tunnel is on
IPSec/IKE ECDH Shared SecretDRAM:Plainte xtZeroizatio n CommandSKEYSEED:Used WithWhile IPSec/IKE v2 tunnel is on
IPSec/IKE ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandIPSec/IKE ECDSA Public Key:Paired With
IPSec/IKE ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandIPSec/IKE ECDSA Private Key:Paired WithModule Public Key Output
IPSec/IKE RSA Private KeyFlash:Plaintex tZeroizatio n CommandIPSec/IKE RSA Public Key:Paired With
IPSec/IKE RSA Public KeyFlash:Plaintex tZeroizatio n CommandIPSec/IKE RSA Private Key:Paired WithModule Public Key Output
IPSec/IKE Pre-shared SecretDRAM:Plainte xtZeroizatio n CommandSKEYSEED:Deriv ed toWhile IPSec/IKE v2 tunnel is on
SKEYSEEDDRAM:Plainte xtZeroizatio n CommandIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From IPSec/IKE Pre- shared Secret:Derived FromWhile IPSec/IKE v2 tunnel is on
IPSec/IKE Session Encryption KeyDRAM:Plainte xtZeroizatio n CommandIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived FromWhile IPSec/IKE v2 tunnel is on
IPSec/IKE Authenticati on KeyDRAM:Plainte xtZeroizatio n CommandIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived FromWhile IPSec/IKE v2 tunnel is on
SNMPv3 Shared SecretDRAM:Plainte xtZeroizatio n CommandSNMPv3 Encryption Key:Derive To SNMPv3 Authentication Key:Derive ToPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMACWhile SNMPv3 tunnel is on
SNMPv3 Encryption KeyDRAM:Plainte xtZeroizatio n CommandSNMPv3 Shared Secret:Derived FromWhile SNMPv3 tunnel is on
SNMPv3 Authenticati on KeyDRAM:Plainte xtZeroizatio n CommandSNMPv3 Shared Secret:Derived From SNMPv3 Encryption Key:Used WithWhile SNMPv3 tunnel is on
Page 58
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTest PropertiesIndicator
RSA SigVer (FIPS186-4) (A4446)RSA SigVer (FIPS186-4) (A4446)KATSW/FW IntegrityRSA SigVerRSA SigVer 2048 bits with SHA2-512Module is in normal state
10 Self-Tests
10.1 Pre-Operational Self-Tests

Table 20: Pre-Operational Self-Tests The module performs the following self-tests, including the pre-operational self-tests and Conditional self-tests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the © 2021-2025 Cisco Systems, Inc.

Page 59
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
AES-CBC (A4446)AES-CBC (A4446)KATCASTEncrypt256 bitsModule is in normal statePower Up
AES-CBC (A4446)AES-CBC (A4446)KATCASTDecrypt256 bitsModule is in normal statePower Up
AES-GCM (A4446)AES-GCM (A4446)KATCASTAuthenticated Encrypt256 bitsModule is in normal statePower Up
AES-GCM (A4446)AES-GCM (A4446)KATCASTAuthenticated Decrypt256 bitsModule is in normal statePower Up
Counter DRBG (A4446)Counter DRBG (A4446)KATCASTInstantiate KATAES-128Module is in normal statePower Up
Counter DRBG (A4446)Counter DRBG (A4446)KATCASTGenerate KATAES-128Module is in normal statePower Up
Counter DRBG (A4446)Counter DRBG (A4446)KATCASTReseed KATAES-128Module is in normal statePower Up
ECDSA SigGen (FIPS186- 4) (A4446)ECDSA SigGen (FIPS186- 4) (A4446)KATCASTECDSA SigGen KATP-256 curve with SHA2-256Module is in normal statePower Up
ECDSA SigVer (FIPS186- 4) (A4446)ECDSA SigVer (FIPS186- 4) (A4446)KATCASTECDSA SigVer KATP-256 curve with SHA2-256Module is in normal statePower Up
HMAC- SHA-1 (A4446)HMAC- SHA-1 (A4446)KATCASTHMAC-SHA-1SHA-1Module is in normal statePower Up
HMAC- SHA2-256 (A4446)HMAC- SHA2-256 (A4446)KATCASTHMAC-SHA2- 256SHA2-256Module is in normal statePower Up
HMAC- SHA2-384 (C1026)HMAC- SHA2-384 (C1026)KATCASTHMAC-SHA2- 384SHA2-384Module is in normal statePower Up
HMAC- SHA2-512 (A4446)HMAC- SHA2-512 (A4446)KATCASTHMAC-SHA2- 512SHA2-512Module is in normal statePower Up
KAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)KATCASTPrimitive Z KATP-256 CurveModule is in normal statePower Up
KAS-FFC- SSC Sp800- 56Ar3 (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)KATCASTPrimitive Z KATMODP- 2048Module is in normal statePower Up
RSA SigGen (FIPS186- 4) (A4446)RSA SigGen (FIPS186- 4) (A4446)KATCASTRSA SigGen KAT2048 bit modulus with SHA2- 256Module is in normal statePower Up
RSA SigVer (FIPS186- 4) (A4446)RSA SigVer (FIPS186- 4) (A4446)KATCASTRSA SigVer KAT2048 bit modulus with SHA2- 256Module is in normal statePower Up
KDF IKEv2 (A4446)KDF IKEv2 (A4446)KATCASTN/AN/AModule is in normal statePower Up
KDF SNMP (A4446)KDF SNMP (A4446)KATCASTN/AN/AModule is in normal statePower Up
KDF SSH (A4446)KDF SSH (A4446)KATCASTN/AN/AModule is in normal statePower Up
TLS v1.2 KDF RFC7627 (A4446)TLS v1.2 KDF RFC7627 (A4446)KATCASTN/AN/AModule is in normal statePower Up
SHA-1 (A4446)SHA-1 (A4446)KATCASTN/AN/AModule is in normal statePower Up
AES-CBC (C1026)AES-CBC (C1026)KATCASTEncrypt KAT128 bitsModule is in normal statePower Up
AES-CBC (C1026)AES-CBC (C1026)KATCASTDecrypt KAT128 bitsModule is in normal statePower Up
AES-GCM (C1026)AES-GCM (C1026)KATCASTEncrypt KAT128 bitsModule is in normal statePower Up
AES-GCM (C1026)AES-GCM (C1026)KATCASTDecrypt KAT128 bitsModule is in normal statePower Up
Hash DRBG (C1026)Hash DRBG (C1026)KATCASTInstantiate KATSHA2-512Module is in normal statePower Up
Hash DRBG (C1026)Hash DRBG (C1026)KATCASTGenerate KATSHA2-512Module is in normal statePower Up
Hash DRBG (C1026)Hash DRBG (C1026)KATCASTReseed KATSHA2-512Module is in normal statePower Up
HMAC- SHA-1 (C1026)HMAC- SHA-1 (C1026)KATCASTHMAC-SHA-1SHA-1Module is in normal statePower Up
HMAC- SHA2-256 (C1026)HMAC- SHA2-256 (C1026)KATCASTHMAC-SHA2- 256SHA2-256Module is in normal statePower Up
HMAC- SHA2-384 (C1026)HMAC- SHA2-384 (C1026)KATCASTHMAC-SHA2- 384SHA2-384Module is in normal statePower Up
HMAC- SHA2-512 (C1026)HMAC- SHA2-512 (C1026)KATCASTHMAC-SHA2- 512SHA2-512Module is in normal statePower Up
SHA-1 (C1026)SHA-1 (C1026)KATCASTN/AN/AModule is in normal statePower Up
ECDSA KeyGen (FIPS186- 4) (A4446)ECDSA KeyGen (FIPS186- 4) (A4446)PCTPCTECDSACurve P- 256 with SHA2-256Module is in normal statePerforms all required pair- wise consistency tests on the newly generated key pairs before the first operational use.
RSA KeyGen (FIPS186- 4) (A4446)RSA KeyGen (FIPS186- 4) (A4446)PCTPCTRSA2048 bit ModulusModule is in normal statePerforms all required pair- wise consistency tests on the newly generated key pairs before the
KAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)PCTPCTN/ACurve P- 256 with SHA2-256Module is in normal statePerforms all required pair- wise consistency tests on the newly generated key pairs before the first operational use.
KAS-FFC- SSC Sp800- 56Ar3 (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)PCTPCTN/AMODP- 2048Module is in normal statePerforms all required pair- wise consistency tests on the newly generated key pairs before the first operational use.
HMAC- SHA2-512 (A4446)HMAC- SHA2-512 (A4446)KATSW/FW LoadN/AHMAC- SHA2-512Module is in normal stateWhen firmware has been uploaded to the module
RSA SigVer (FIPS186-4) (A4446)RSA SigVer (FIPS186-4) (A4446)KATSW/FW IntegrityRecommend 60 DaysReboot
AES-CBC (A4446)AES-CBC (A4446)KATCASTRecommend 60 DaysReboot

successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.

10.2 Conditional Self-Tests

(FIPS1864) (A4446) (FIPS1864) (A4446) HMACSHA-1 HMACSHA2-256 HMAC-SHA2256 © 2021-2025 Cisco Systems, Inc.

Page 60

HMACSHA2-384 HMACSHA2-512 KAS-ECCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 (FIPS1864) (A4446) (FIPS1864) (A4446) HMAC-SHA2384 HMAC-SHA2512 MODP2048 with SHA2256 with SHA2256 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2021-2025 Cisco Systems, Inc.

Page 61

HMACSHA-1 HMACSHA2-256 HMACSHA2-384 HMACSHA2-512 N/A (FIPS1864) (A4446) (FIPS1864) (A4446) HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 N/A required pairwise required pairwise © 2021-2025 Cisco Systems, Inc.

Page 62
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
KAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)PCTPCTN/ACurve P- 256 with SHA2-256Module is in normal statePerforms all required pair- wise consistency tests on the newly generated key pairs before the first operational use.
KAS-FFC- SSC Sp800- 56Ar3 (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)PCTPCTN/AMODP- 2048Module is in normal statePerforms all required pair- wise consistency tests on the newly generated key pairs before the first operational use.
HMAC- SHA2-512 (A4446)HMAC- SHA2-512 (A4446)KATSW/FW LoadN/AHMAC- SHA2-512Module is in normal stateWhen firmware has been uploaded to the module
RSA SigVer (FIPS186-4) (A4446)RSA SigVer (FIPS186-4) (A4446)KATSW/FW IntegrityRecommend 60 DaysReboot
AES-CBC (A4446)AES-CBC (A4446)KATCASTRecommend 60 DaysReboot
AES-CBC (A4446)AES-CBC (A4446)KATCASTRecommend 60 DaysReboot
AES-GCM (A4446)AES-GCM (A4446)KATCASTRecommend 60 DaysReboot
AES-GCM (A4446)AES-GCM (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG (A4446)Counter DRBG (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG (A4446)Counter DRBG (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG (A4446)Counter DRBG (A4446)KATCASTRecommend 60 DaysReboot
ECDSA SigGen (FIPS186-4) (A4446)ECDSA SigGen (FIPS186-4) (A4446)KATCASTRecommend 60 DaysReboot
ECDSA SigVer (FIPS186-4) (A4446)ECDSA SigVer (FIPS186-4) (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA-1 (A4446)HMAC-SHA-1 (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 256 (A4446)HMAC-SHA2- 256 (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 384 (C1026)HMAC-SHA2- 384 (C1026)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 512 (A4446)HMAC-SHA2- 512 (A4446)KATCASTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800-56Ar3 (A4446)KAS-ECC-SSC Sp800-56Ar3 (A4446)KATCASTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800-56Ar3 (A4446)KAS-FFC-SSC Sp800-56Ar3 (A4446)KATCASTRecommend 60 DaysReboot
RSA SigGen (FIPS186-4) (A4446)RSA SigGen (FIPS186-4) (A4446)KATCASTRecommend 60 DaysReboot
RSA SigVer (FIPS186-4) (A4446)RSA SigVer (FIPS186-4) (A4446)KATCASTRecommend 60 DaysReboot
KDF IKEv2 (A4446)KDF IKEv2 (A4446)KATCASTRecommend 60 DaysReboot
KDF SNMP (A4446)KDF SNMP (A4446)KATCASTRecommend 60 DaysReboot
KDF SSH (A4446)KDF SSH (A4446)KATCASTRecommend 60 DaysReboot
TLS v1.2 KDF RFC7627 (A4446)TLS v1.2 KDF RFC7627 (A4446)KATCASTRecommend 60 DaysReboot
SHA-1 (A4446)SHA-1 (A4446)KATCASTRecommend 60 DaysReboot
AES-CBC (C1026)AES-CBC (C1026)KATCASTRecommend 60 DaysReboot
AES-CBC (C1026)AES-CBC (C1026)KATCASTRecommend 60 DaysReboot
AES-GCM (C1026)AES-GCM (C1026)KATCASTRecommend 60 DaysReboot
AES-GCM (C1026)AES-GCM (C1026)KATCASTRecommend 60 DaysReboot
Hash DRBG (C1026)Hash DRBG (C1026)KATCASTRecommend 60 DaysReboot
Hash DRBG (C1026)Hash DRBG (C1026)KATCASTRecommend 60 DaysReboot
Hash DRBG (C1026)Hash DRBG (C1026)KATCASTRecommend 60 DaysReboot
HMAC-SHA-1 (C1026)HMAC-SHA-1 (C1026)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 256 (C1026)HMAC-SHA2- 256 (C1026)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 384 (C1026)HMAC-SHA2- 384 (C1026)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 512 (C1026)HMAC-SHA2- 512 (C1026)KATCASTRecommend 60 DaysReboot
SHA-1 (C1026)SHA-1 (C1026)KATCASTRecommend 60 DaysReboot
ECDSA KeyGen (FIPS186-4) (A4446)ECDSA KeyGen (FIPS186-4) (A4446)PCTPCTRecommend 60 DaysReboot
RSA KeyGen (FIPS186-4) (A4446)RSA KeyGen (FIPS186-4) (A4446)PCTPCTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800-56Ar3 (A4446)KAS-ECC-SSC Sp800-56Ar3 (A4446)PCTPCTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800-56Ar3 (A4446)KAS-FFC-SSC Sp800-56Ar3 (A4446)PCTPCTRecommend 60 DaysReboot
HMAC-SHA2- 512 (A4446)HMAC-SHA2- 512 (A4446)KATSW/FW LoadN/AN/A

KAS-ECCSSC Sp80056Ar3 N/A KAS-FFCSSC Sp80056Ar3 MODP2048 N/A HMACSHA2-512 HMACSHA2-512 N/A required pairwise required pairwise Table 21: Conditional Self-Tests The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.3 Periodic Self-Test Information

Table 22: Pre-Operational Periodic Information © 2021-2025 Cisco Systems, Inc.

Page 64

N/A N/A Table 23: Conditional Periodic Information

10.4 Error States
Page 65
Service
NameDescriptionRole AccessIndicator
Error StateIf self-test tests fail, the module is put into an error stateSelf-test failureSystem HaltReboot the module

Table 24: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The validated module firmware was installed onto the respective test platforms listed in Table 2 above. The Crypto Officer must configure and enforce the following initialization steps: Step 1: The Crypto Officer must install opacity shields as described in section 7 above. Step 2: The Crypto Officer must apply tamper evidence labels as described in section 7 above. Step 3: The Crypto Officer must securely store any unused tamper evidence labels. Note: Each module has a Type A USB 2.0 port, but it is considered to be disabled once the Crypto Officer has applied the TEL #9. Step 4: The Crypto Officer shall configure the module to be managed by the Firepower Management Center (FMC), and follow the procedure below from the FMC: a) Choose Devices > Platform Settings and create or edit a Firepower policy. b) On the left click “UCAPL/CC Compliance”. c) Choose “CC” from the dropdown under “Enable UCAPL/CC Compliance”. d) Click “Save” to save the changes. e) Click “Deploy” and select “Deploy All”. Step 5: The module will automatically reboot, and will be placed in the approved mode once it is done rebooting. Step 6: Crypto Officer can verify the version installed and running > show version Step 7: Crypto Officer can verify the module is in approved mode: > show fips Step 8: Assign users a Privilege Level of basic. © 2021-2025 Cisco Systems, Inc.

Page 66

Step 9: Configure IP address for unit and all distant endpoints from the FMC. Step 10: Define RADIUS shared secret keys that are at least 8 characters long and secure traffic between the security module and the RADIUS server via secure (IPSec, TLS) tunnel. Note: Perform this step only if RADIUS is configured, otherwise proceed. Step 11: Configure the security module so that any remote connections via Telnet are secured through IPSec. Step 12: Configure the security module so that only approved algorithms are used for all security connections (SSHv2, TLSv1.2, SNMPv3 and IPSec/IKEv2). Step 13: Configure the security module so that error messages can only be viewed by Crypto Officer. Step 14: Enable HTTPS with TLS. HTTPS with TLS should always be used for Web-based management. Step 15: Ensure that installed digital certificates are signed using approved algorithms. Step 16: Save and reboot the module.

11.2 Administrator Guidance

Specific Administrator guidance can be found in the Cisco Secure Firewall Management Center Administration Guide, 7.4: https://www.cisco.com/c/en/us/td/docs/security/securefirewall/management-center/admin/740/management-center-admin-74.html

11.3 Non-Administrator Guidance

Specific Non-Administrator guidance can be found in the Cisco Secure Firewall 3100 Series Hardware Installation Guide: https://www.cisco.com/c/en/us/td/docs/security/securefirewall/hardware/3100/fw-3100-install.html

12 Mitigation of Other Attacks

N/A for this module. © 2021-2025 Cisco Systems, Inc.

Referenced URLs