| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 2/27/2030 |
| Caveat | When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy |
| Vendor | Cisco Systems, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A4446 |
| AES-GCM | A4446 |
| Counter DRBG | A4446 |
| ECDSA KeyGen (FIPS186-4) | A4446 |
| ECDSA SigGen (FIPS186-4) | A4446 |
| ECDSA SigVer (FIPS186-4) | A4446 |
| HMAC-SHA-1 | A4446 |
| HMAC-SHA2-224 | A4446 |
| HMAC-SHA2-256 | A4446 |
| HMAC-SHA2-384 | A4446 |
| HMAC-SHA2-512 | A4446 |
| KAS-ECC-SSC Sp800-56Ar3 | A4446 |
| KAS-FFC-SSC Sp800-56Ar3 | A4446 |
| KDF IKEv2 (CVL) | A4446 |
| KDF SNMP (CVL) | A4446 |
| KDF SSH (CVL) | A4446 |
| RSA KeyGen (FIPS186-4) | A4446 |
| RSA SigGen (FIPS186-4) | A4446 |
| RSA SigVer (FIPS186-4) | A4446 |
| SHA-1 | A4446 |
| SHA2-224 | A4446 |
| SHA2-256 | A4446 |
| SHA2-384 | A4446 |
| SHA2-512 | A4446 |
| TLS v1.2 KDF RFC7627 (CVL) | A4446 |
| Hash DRBG | C1026 |
| HMAC-SHA2- 256 | C1026 |
| HMAC-SHA2- 384 | C1026 |
| HMAC-SHA2- 512 | C1026 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Physical Security | 7 |
| Non-Invasive Security | N/A |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series)
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Load Test<br/>Perform Zeroization</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Block Cipher (SSHv2)<br/>Block Cipher (TLSv1.2)<br/>Block Cipher (IPSec/IKEv2)</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series)
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Load Test<br/>Perform Zeroization</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Block Cipher (SSHv2)<br/>Block Cipher (TLSv1.2)<br/>Block Cipher (IPSec/IKEv2)</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3 clueHigh;
class C5,C6 clueLow;Cisco Systems, Inc. Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series) Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2025 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.
| # | Section | Page |
|---|---|---|
| 1 | General | 5 |
| 1.1 | Overview | 5 |
| 1.2 | Security Levels | 5 |
| 2 | Cryptographic Module Specification | 5 |
| 2.1 | Description | 5 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 6 |
| 2.3 | Excluded Components | 7 |
| 2.4 | Modes of Operation | 7 |
| 2.5 | Algorithms | 7 |
| 2.6 | Security Function Implementations | 10 |
| 2.7 | Algorithm Specific Information | 15 |
| 2.8 | RBG and Entropy | 16 |
| 2.9 | Key Generation | 16 |
| 2.10 | Key Establishment | 16 |
| 2.11 | Industry Protocols | 17 |
| 3 | Cryptographic Module Interfaces | 17 |
| 3.1 | Ports and Interfaces | 17 |
| 4 | Roles, Services, and Authentication | 17 |
| 4.1 | Authentication Methods | 17 |
| 4.2 | Roles | 19 |
| 4.3 | Approved Services | 19 |
| 4.4 | Non-Approved Services | 36 |
| 4.5 | External Software/Firmware Loaded | 37 |
| 4.6 | Cryptographic Output Actions and Status | 37 |
| 4.7 | Additional Information | 37 |
| 5 | Software/Firmware Security | 37 |
| 5.1 | Integrity Techniques | 37 |
| 5.2 | Initiate on Demand | 37 |
| 6 | Operational Environment | 38 |
| 6.1 | Operational Environment Type and Requirements | 38 |
| 7 | Physical Security | 38 |
| 7.1 | Mechanisms and Actions Required | 38 |
| 7.2 | User Placed Tamper Seals | 38 |
| 7.3 | Filler Panels | 40 |
| 8 | Non-Invasive Security | 42 |
| 9 | Sensitive Security Parameters Management | 42 |
| 9.1 | Storage Areas | 42 |
| 9.2 | SSP Input-Output Methods | 43 |
| 9.3 | SSP Zeroization Methods | 44 |
| 9.4 | SSPs | 44 |
| 10 | Self-Tests | 58 |
| 10.1 | Pre-Operational Self-Tests | 58 |
| 10.2 | Conditional Self-Tests | 59 |
| 10.3 | Periodic Self-Test Information | 62 |
| 10.4 | Error States | 64 |
| 11 | Life-Cycle Assurance | 65 |
| 11.1 | Installation, Initialization, and Startup Procedures | 65 |
| 11.2 | Administrator Guidance | 66 |
| 11.3 | Non-Administrator Guidance | 66 |
| 12 | Mitigation of Other Attacks | 66 |
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Hardware | 7 |
| Table 3: Modes List and Description | 7 |
| Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation | 9 |
| Table 5: Approved Algorithms - Marvell Cavium Nitrox V | 9 |
| Table 6: Vendor-Affirmed Algorithms | 10 |
| Table 7: Security Function Implementations | 15 |
| Table 8: Entropy Certificates | 16 |
| Table 9: Entropy Sources | 16 |
| Table 10: Ports and Interfaces | 17 |
| Table 11: Authentication Methods | 19 |
| Table 12: Roles | 19 |
| Table 13: Approved Services | 36 |
| Table 14: Mechanisms and Actions Required | 38 |
| Table 15: Storage Areas | 43 |
| Table 16: SSP Input-Output Methods | 44 |
| Table 17: SSP Zeroization Methods | 44 |
| Table 18: SSP Table 1 | 51 |
| Table 19: SSP Table 2 | 58 |
| Table 20: Pre-Operational Self-Tests | 58 |
| Table 21: Conditional Self-Tests | 62 |
| Table 22: Pre-Operational Periodic Information | 62 |
| Table 23: Conditional Periodic Information | 64 |
| Table 24: Error States | 65 |
| Figure 1 FPR 3105, 3110, 3120, 3130, 3140 | 6 |
| Figure 2 Module’s front view opacity shield | 39 |
| Figure 3 Module’s back view | 39 |
| Figure 4 Module’s top view with opacity shield | 39 |
| Figure 5 Module’s bottom view with opacity shield | 40 |
| Figure 6 Module’s left view with opacity shield | 40 |
| Figure 7 Module’s right view with opacity shield | 40 |
| Figure 8 Opacity Shield Brackets | 42 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic module specification | 2 |
| 3 | 3 | Cryptographic module interfaces | 2 |
| 4 | 4 | Roles, services, and authentication | 3 |
| 5 | 5 | Software/Firmware security | 2 |
| 6 | 6 | Operational environment | N/A |
| 7 | 7 | Physical security | 2 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 2 |
| 10 | 10 | Self-tests | 2 |
| 11 | 11 | Life-cycle assurance | 2 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 2 |
Defense Cryptographic Module (FPR 3100 Series) (hereinafter referred to as FTD or Module), version 7.4. The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 2 hardware cryptographic module. The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic table indicates the actual security levels for each area of the cryptographic module.
Purpose and Use: This module is a multi-chip standalone hardware cryptographic module which houses Firepower solutions with underlying operating system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FX-OS throughout this document). The Module is operated in FTD delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. The FTD solution offers the combination of the industry's most deployed stateful firewall with a comprehensive © 2021-2025 Cisco Systems, Inc.
| Name | Model | Hardware Version | Firmware Version | Processor |
|---|---|---|---|---|
| FRP 3105 | FRP 3105 | FPR-3105 | 7.4 | AMD EPYC 7272 (Zen2) & NITROX-V, Marvell Semiconductor, NITROX |
| FRP 3110 | FRP 3110 | FPR-3110 | 7.4 | AMD EPYC 7272 (Zen2) & NITROX-V, Marvell Semiconductor, NITROX |
| FRP 3120 | FRP 3120 | FPR-3120 | 7.4 | AMD EPYC 7282 (Zen2) & NITROX-V, Marvell Semiconductor, NITROX |
| FRP 3130 | FRP 3130 | FPR-3130 | 7.4 | AMD EPYC 7352 (Zen2) & NITROX-V, Marvell Semiconductor, NITROX |
| FRP 3140 | FRP 3140 | FPR-3140 | 7.4 | AMD EPYC 7452 (Zen2) & NITROX-V, Marvell Semiconductor, NITROXC |
range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications, HTTPS/TLSv1.2, SSHv2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic boundary is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case, and shown in the figures below and in the Physical Security section. The FPR 3105, FPR 3110, FPR 3120, FPR 3130 and FPR 3140 all have the same exterior appearance. Where they differ is in Firewall throughput, IPS throughput, IPsec VPN throughput and number of VPN peers allowed. Tested Operational Environment’s Physical Perimeter (TOEPP):
Tested Module Identification
| Name | Description | Indicator | Type |
|---|---|---|---|
| Approved Mode of Operation | The module is always in the approved mode of operation after initial operations are performed. | Approved mode indicator: "FIPS is currently enabled." | Approved |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A4446 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-GCM | A4446 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| Counter DRBG | A4446 | Prediction Resistance - Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A4446 | Curve - P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A4446 | Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A4446 | Curve - P-256, P-384, P-521 | FIPS 186-4 |
| HMAC-SHA-1 | A4446 | Key Length - Key Length: 256-448 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A4446 | Key Length - Key Length: 256-448 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A4446 | Key Length - Key Length: 256-448 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A4446 | Key Length - Key Length: 256-448 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A4446 | Key Length - Key Length: 256-448 Increment 8 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A4446 | Domain Parameter Generation Methods - P- 256, P-384, P-521 | SP 800-56A Rev. 3 |
| KAS-FFC-SSC Sp800-56Ar3 | A4446 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp-4096 | SP 800-56A Rev. 3 |
| KDF IKEv2 (CVL) | A4446 | Diffie-Hellman Shared Secret Length - Diffie- Hellman Shared Secret Length: 2048 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1 | SP 800-135 Rev. 1 |
| KDF SNMP (CVL) | A4446 | Password Length - Password Length: 256, 64 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A4446 | Cipher - AES-128, AES-192, AES-256 | SP 800-135 Rev. 1 |
| RSA KeyGen (FIPS186-4) | A4446 | Key Generation Mode - B.3.4 Modulo - 2048, 3072, 4096 Hash Algorithm - SHA2-256 Private Key Format - Standard | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A4446 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A4446 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 |
| Safe Primes Key Generation | A4446 | Safe Prime Groups - modp-2048, modp-3072, modp-4096 | SP 800-56A Rev. 3 |
| SHA-1 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| TLS v1.2 KDF RFC7627 (CVL) | A4446 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| AES-CBC | C1026 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-GCM | C1026 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| Hash DRBG | C1026 | Prediction Resistance - No Mode - SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | C1026 | FIPS 198-1 | |
| HMAC-SHA2- 256 | C1026 | FIPS 198-1 | |
| HMAC-SHA2- 384 | C1026 | FIPS 198-1 | |
| HMAC-SHA2- 512 | C1026 | FIPS 198-1 | |
| SHA-1 | C1026 | Message Length - Message Length: 0- 51200 Increment 8 | FIPS 180-4 |
| SHA2-256 | C1026 | Message Length - Message Length: 0- 51200 Increment 8 | FIPS 180-4 |
| SHA2-384 | C1026 | Message Length - Message Length: 0- 102400 Increment 8 | FIPS 180-4 |
| SHA2-512 | C1026 | Message Length - Message Length: 0- 102400 Increment 8 | FIPS 180-4 |
Table 2: Tested Module Identification
N/A for this module. Modes List and Description: Table 3: Modes List and Description operation after initial operations are performed (See Section 11). The module does not claim implementation of a degraded mode of operation. Section 4 provides details on the service
Approved Algorithms: CiscoSSL FOM Cryptographic Implementation © 2021-2025 Cisco Systems, Inc.
Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation Marvell Cavium Nitrox V HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 Table 5: Approved Algorithms - Marvell Cavium Nitrox V Vendor-Affirmed Algorithms: © 2021-2025 Cisco Systems, Inc.
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| CKG | Key Type:Asymmetric | CiscoSSL FOM Cryptographic Implementation | The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed) and FIPS 140-3 IG D.H. A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800-90Arev1 CTR_DRBG (A4446) or HMAC_DRBG (C1026) | |||
| KAS-ECC- KeyGen (SSHv2) | KAS ECC keygen used in SSHv2 service | Counter DRBG Hash DRBG CKG | KAS-KeyGen | |||
| KAS-FFC- KeyGen (SSHv2) | KAS FFC keygen used in SSHv2 service | Counter DRBG Safe Primes Key Generation Hash DRBG CKG | KAS-KeyGen | |||
| KAS-ECC- KeyGen (TLSv1.2) | KAS ECC keygen used in TLSv1.2 service | Counter DRBG Hash DRBG CKG | KAS-KeyGen | |||
| KAS-FFC- KeyGen (TLSv1.2) | KAS FFC keygen used in TLSv1.2 service | Counter DRBG Safe Primes Key Generation Hash DRBG CKG | KAS-KeyGen |
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| CKG | Key Type:Asymmetric | CiscoSSL FOM Cryptographic Implementation | The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed) and FIPS 140-3 IG D.H. A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800-90Arev1 CTR_DRBG (A4446) or HMAC_DRBG (C1026) | |||
| KAS-ECC- KeyGen (SSHv2) | KAS ECC keygen used in SSHv2 service | Counter DRBG Hash DRBG CKG | KAS-KeyGen | |||
| KAS-FFC- KeyGen (SSHv2) | KAS FFC keygen used in SSHv2 service | Counter DRBG Safe Primes Key Generation Hash DRBG CKG | KAS-KeyGen | |||
| KAS-ECC- KeyGen (TLSv1.2) | KAS ECC keygen used in TLSv1.2 service | Counter DRBG Hash DRBG CKG | KAS-KeyGen | |||
| KAS-FFC- KeyGen (TLSv1.2) | KAS FFC keygen used in TLSv1.2 service | Counter DRBG Safe Primes Key Generation Hash DRBG CKG | KAS-KeyGen |
Non-Approved, Allowed Algorithms: Non-Approved, Allowed Algorithms with No Security Claimed: Non-Approved, Not Allowed Algorithms:
KAS-ECCKeyGen KAS-FFCKeyGen KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| KAS-ECC- KeyGen (IKEv2) | KAS ECC keygen used in IKE v2 service | Counter DRBG Hash DRBG CKG | KAS-KeyGen | |
| KAS-FFC- KeyGen (IKEv2) | KAS FFC keygen used in IKE v2 service | Counter DRBG Safe Primes Key Generation Hash DRBG CKG | KAS-KeyGen | |
| KAS-FFC (SSHv2) | Key Agreement Scheme per SP800-56Arev3 with KDF SSH. The module’s KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant | KDF SSH KAS-FFC-SSC Sp800-56Ar3 Domain Parameter Generation Methods:: modp- 2048 | KAS-Full | Bit-strength Caveat:Provides between 112 to 152 bits of encryption strength |
| KAS-ECC (SSHv2) | Key Agreement Scheme per SP800-56Arev3 with KDF SSH. The module’s KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant | KDF SSH KAS-ECC-SSC Sp800-56Ar3 | KAS-Full | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength |
| KAS-FFC (TLSv1.2) | Key Agreement Scheme per SP800-56Arev3 with TLS v1.2 KDF RFC7627. The module’s KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant | TLS v1.2 KDF RFC7627 KAS-FFC-SSC Sp800-56Ar3 Domain Parameter Generation Methods:: ffdhe2048 | KAS-Full | Bit-strength Caveat:Provides between 112 to 152 bits of encryption strength |
| KAS-ECC (TLSv1.2) | Key Agreement Scheme per SP800-56Arev3 with KDF IKEv2. The module’s KAS (ECC) implementation | TLS v1.2 KDF RFC7627 KAS-ECC-SSC Sp800-56Ar3 | KAS-Full | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength |
Methods:: modp2048 © 2021-2025 Cisco Systems, Inc.
| Name | Description | Role Access | Approved Functions | Type |
|---|---|---|---|---|
| KAS-ECC (IKEv2) | Bit-strength Caveat:Provides between 112 and 256 bits of encryption strength | Key Agreement Scheme per SP800-56Arev3 with KDF IKEv2. The module’s KAS (ECC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant | KAS-ECC-SSC Sp800-56Ar3 KDF IKEv2 | KAS-Full |
| KAS-FFC (IKEv2) | Bit-strength Caveat:Provides between 112 and 152 bits of encryption strength | Key Agreement Scheme per SP800-56Arev3 with KDF IKEv2. The module’s KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant | KAS-FFC-SSC Sp800-56Ar3 KDF IKEv2 | KAS-Full |
| KTS (TLSv1.2 with AES and HMAC) | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength | KTS via TLSv1.2 service by using AES and HMAC | AES-CBC Key Length: 128, 256 HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 SHA-1 SHA2-256 SHA2-384 | KTS-Wrap |
| KTS (TLSv1.2 with AES-GCM) | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength | KTS via TLSv1.2 service by using AES-GCM | AES-GCM Key Length: 128, 256 AES-CBC | KTS-Wrap |
| KTS (SSHv2 with AES and HMAC) | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength | KTS via SSHv2 service by using AES and HMAC | AES-CBC Key Length: 128, 256 HMAC-SHA-1 HMAC-SHA2- 256 | KTS-Wrap |
| KTS (SSHv2 with AES-GCM) | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength | KTS via SSHv2 service by using AES-GCM | AES-GCM Key Length: 128, 256 AES-CBC | KTS-Wrap |
| RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | RSA KeyGen for SSHv2, TLSv1.2, and IKEv2 services | RSA KeyGen (FIPS186-4) Counter DRBG Hash DRBG | AsymKeyPair- KeyGen | |
| ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) | ECDSA KeyGen for TLSv1.2 and IKEv2 services | ECDSA KeyGen (FIPS186-4) Counter DRBG Hash DRBG | AsymKeyPair- KeyGen | |
| RSA SigGen (SSHv2, TLSv1.2, IKEv2) | RSA SigGen for SSHv2, TLSv1.2, and IKEv2 services | RSA SigGen (FIPS186-4) | DigSig-SigGen | |
| ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) | ECDSA SigGen for TLSv1.2, and IKEv2 services | ECDSA SigGen (FIPS186-4) | DigSig-SigGen | |
| RSA SigVer (SSHv2, TLSv1.2, and IKEv2) | RSA SigVer for SSHv2, TLSv1.2, and IKEv2 services | RSA SigVer (FIPS186-4) | DigSig-SigVer | |
| ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) | ECDSA SigVer for TLSv1.2 and IKEv2 services | ECDSA SigVer (FIPS186-4) | DigSig-SigVer | |
| Block Cipher (SSHv2) | Block Cipher for SSHv2 service | AES-CBC Key Length: 128, 256 AES-GCM Key Length: 128, 256 | BC-Auth BC-UnAuth | |
| Block Cipher (TLSv1.2) | Block Cipher for TLSv1.2 service | AES-GCM Key Length: 128, 256 AES-CBC Key Length: 128, 256 | BC-Auth BC-UnAuth | |
| Block Cipher (IPSec/IKEv2) | Block Cipher for IPSec/IKEv2 service | AES-CBC AES-GCM AES-CBC AES-GCM | BC-Auth BC-UnAuth |
HMAC-SHA2256 HMAC-SHA2384 © 2021-2025 Cisco Systems, Inc. HMAC-SHA2256
AsymKeyPairKeyGen AsymKeyPairKeyGen © 2021-2025 Cisco Systems, Inc.
| Name | Description | Approved Functions | Type |
|---|---|---|---|
| Block Cipher (SNMPv3) | Block Cipher for SNMPv3 service | AES-CBC KDF SNMP | BC-UnAuth |
| MAC (SSHv2) | MAC for SSHv2 service | HMAC-SHA-1 HMAC-SHA2- 256 SHA-1 SHA2-256 | MAC |
| MAC (TLSv1.2) | Message Authentication for TLSv1.2 services | HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 SHA-1 SHA2-256 SHA2-384 | MAC |
| MAC (IPSec/IKEv2) | Message Authentication for IPSec/IKEv2 services | HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 SHA2-256 SHA2-384 SHA2-512 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 SHA2-256 SHA2-384 SHA2-512 HMAC-SHA-1 SHA-1 | MAC |
| MAC (SNMPv3) | Message Authentication for SNMPv3 service | HMAC-SHA-1 SHA-1 KDF SNMP HMAC-SHA2- 256 HMAC-SHA2- 384 SHA2-256 SHA2-384 HMAC-SHA2- 224 SHA2-224 | MAC |
| Firmware Load Test | MAC for firmware load test | HMAC-SHA2- 512 | MAC |
| SSHv2 Keying Materials Development | SSHv2 session keying materials, used to derive SSHv2 session keys | KDF SSH | KAS-135KDF |
| TLS Keying Materials Development | TLS session keying materials, used to derive TLS session keys | TLS v1.2 KDF RFC7627 | KAS-135KDF |
| IKEv2 Keying Materials Development | IKEv2 session keying materials, used to derive IKEv2 session keys | KDF IKEv2 | KAS-135KDF |
| SNMPv3 Keying Materials Development | SNMPv3 session keying materials, used to derive SNMPv3 session keys | KDF SNMP | KAS-135KDF |
| DRBG Function | DRBG generation | Counter DRBG Hash DRBG | DRBG |
© 2021-2025 Cisco Systems, Inc. HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2224
HMAC-SHA2512 Table 7: Security Function Implementations
There are some algorithm modes that were tested but not implemented by the module. Only the algorithms, modes, and key sizes that are implemented by the module are shown in this table. The module’s AES-GCM implementation conforms to Implementation Guidance C.H scenario #1 following RFC 5288 for TLS. The module is compatible with TLSv1.2 and provides support for the acceptable GCM cipher suites from SP 800-52 Rev1, Section 3.3.1. The operations of one of the two parties involved in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the module being validated. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. The keys for the client and server negotiated in the TLSv1.2 handshake process (client_write_key and server_write_key) are compared and the module aborts the session if the key values are identical. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established. © 2021-2025 Cisco Systems, Inc.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Cisco Jitter Entropy Source | Non- Physical | 4 bits | AMD EPYC 7272 (Zen2), AMD EPYC 7282 (Zen2), AMD EPYC 7352 (Zen2), AMD EPYC 7452 (Zen2) | 2 bits | A2810 (SHA3- 256) |
| Cert | Vendor Name | |
|---|---|---|
| Number | ||
| E3 | Cisco Systems, Inc. |
The module uses RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption keys are derived. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. Two keys established by IKEv2 for one security association (one key for encryption in each direction between the parties) are not identical and abort the session if they are. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.
Table 8: Entropy Certificates NonPhysical A2810 (SHA3256) Table 9: Entropy Sources
The module generates RSA, ECDSA, ECDH, and DH asymmetric key pairs compliant with FIPS 186-4, using a NIST SP 800-90A CTR DRBG or NIST SP 800-90A Hash DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).
The module provides the following key/SSP establishment services in the approved mode of operation:
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| Ethernet Port, SFP (1G) port, SFP+ (10G) port, and Console Port | Ethernet Port, SFP (1G) port, SFP+ (10G) port, and Console Port | Data Input | Data input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. |
| Ethernet Port, SFP (1G) port, SFP+ (10G) port and Console Port | Ethernet Port, SFP (1G) port, SFP+ (10G) port and Console Port | Data Output | Data output from the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. |
| Ethernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and RESET | Ethernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and RESET | Control Input | Control Data input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. |
| Ethernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and LEDs | Ethernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and LEDs | Status Output | Status Information output from the module. |
| N/A | N/A | Control Output | N/A |
| Power | Power | Power | Provide the Power Supply to the module. |
shared secret computation. The shared secret computation provides between 128 and
The module supports SSHv2, TLS v1.2, SNMPv3 and IPsec/IKEv2 industrial protocols. Please refer to the Security Function Implementations Table for more information. No parts of SSH, TLS, IKE and SNMP protocols, other than the KDFs, have been tested by the CAVP and CMVP.
N/A N/A Table 10: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided The module’s data output interface will be disabled when performing pre-operational self-tests, loading new firmware, zeroizing keys, or when in an error state.
| Name | Description | Strength | Strength per Minute | |
|---|---|---|---|---|
| Password | The minimum length is eight (8) characters (94 possible characters). The configuration supports at most ten failed attempts to authenticate in a one- minute period. | The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000. | Password Based | The probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. |
| RSA- Based Certificate | The modules support RSA public-key based authentication mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000. | The probability that a random attempt will succeed is 1/(2^112). Please refer to Description section in this table for more details | RSA SigVer (FIPS186-4) (A4446) | the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112). Please refer to Description section in this table for more details |
| ECDSA- Based Certificate | The modules support ECDSA public-key based authentication mechanism using a minimum of curve P- 256, which provides 128 bits of security strength. The probability that a random attempt will succeed is 1/(2^128) | The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. Please refer to Description | ECDSA SigVer (FIPS186-4) (A4446) | the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128). Please refer to Description section in |
RSABased ECDSABased © 2021-2025 Cisco Systems, Inc.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Identity | Password RSA-Based Certificate ECDSA-Based Certificate | ||||||
| User | User | Identity | Password RSA-Based Certificate ECDSA-Based Certificate | ||||||
| Show Status | Provide Module’s current | Crypto Officer User | None | N/A | Command used to show | Module's Operationa l Status |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Identity | Password RSA-Based Certificate ECDSA-Based Certificate | ||||||
| User | User | Identity | Password RSA-Based Certificate ECDSA-Based Certificate | ||||||
| Show Status | Provide Module’s current | Crypto Officer User | None | N/A | Command used to show | Module's Operationa l Status |
| Method | Description | Security Mechanism | Strength | Strength per Minute | |
|---|---|---|---|---|---|
| Name | Each Attempt | ||||
| which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000. | section in this table for more details | this table for more details |
and the User role. The module also allows the concurrent operators.
Table 12: Roles Unauthenticated Users can run the self-test service by power-cycling the module by removing the power and re-applying.
| Name | Role Access | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Show Version | Provide Module's name and version information | Crypto Officer User | None | N/A | Command to show version | Module's ID and versioning information |
| Perform Self-Tests | Perform Self-Tests (Pre- operational self-test and Conditional Self-Tests) | Crypto Officer User Unauthentic ated | None | N/A | Command to trigger Self-Test | Status of the self- tests results |
| Perform Zeroization | Perform Zeroization | Crypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - User Password: Z - Crypto Officer Password: Z - RADIUS Secret: Z - TACACS+ Secret: Z - Firmware Load Test Key: Z - SSH DH Private Key: Z - SSH DH | None | Syslog message | Command to zeroize the module | Status of the SSPs zeroization |
n (Preoperational N/A N/A the selftests Z Z © 2021-2025 Cisco Systems, Inc.
| Name | Descriptio | Security |
|---|---|---|
| n | n | Functions |
| n | n | Functions |
| n | n | Functions |
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Configure Network | Sets configurati on of the systems | Crypto Officer | None | None | Command s to configure the network | Status of the completion of network configurati on status |
| Crypto Officer Authenticat ion | CO Role Authenticat ion | Crypto Officer - Crypto Officer Password: W,Z | None | N/A | CO Authenticat ion Request | Status of the CO authenticat ion |
| User Authenticat ion | User Role Authenticat ion | User - User Password: W,Z | None | N/A | User role authenticat ion request | Status of the User role authenticat ion |
| Configure SSHv2 Function | Configure SSHv2 Function | Crypto Officer - SSH DH Private Key: W,E - SSH DH Public Key: W,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH Private Key: W,E - SSH ECDH Public Key: W,E - SSH Peer | KAS-FFC (SSHv2) KAS-ECC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, | Global Indicator and SSHv2 configurat ion success status message | Command s to configure SSHv2 | Status of the completion of the SSHv2 configurati on |
| TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) DRBG Function SSHv2 Keying Materials Developm ent | ECDH Public Key: W,E - SSH ECDH Shared Secret: W,E - SSH RSA Private Key: W,E - SSH RSA Public Key: W,E - SSH ECDSA Private Key: W,E - SSH ECDSA Public Key: W,E - SSH Session Encryption Key: W,E - SSH Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E | TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) DRBG Function SSHv2 Keying Materials Developm ent | ||||
| Configure HTTPS over TLSv1.2 Function | Configure HTTPS over TLSv1.2 Function | Crypto Officer - TLS DH Private Key: W,E - TLS DH Public Key: W,E - TLS Peer | KAS-FFC (TLSv1.2) KAS-ECC (TLSv1.2) KTS (TLSv1.2 with AES and HMAC) | Global Indicator and HTTPS over TLSv1.2 configurat ion success | Command s to configure TLSv1.2 | Status of the completion of TLSv1.2 configurati on |
n N/A N/A with AESGCM) © 2021-2025 Cisco Systems, Inc. W,Z W,Z W,E W,E W,E W,E
n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E W,E
| Name | Csps Accessed | Indicator | Descriptio | Security | |
|---|---|---|---|---|---|
| n | n | Functions | |||
| status message | DH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key: W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E - TLS RSA Private Key: W,E - TLS RSA Public Key: W,E - TLS Master Secret: W,E - TLS Session Encryption Key: W,E - TLS Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal | status message | KTS (TLSv1.2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2) KAS-ECC- KeyGen (TLSv1.2) KAS-FFC- KeyGen (TLSv1.2) TLS Keying Materials Developm |
n with AESGCM) KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Configure IPsec/IKEv 2 Function | Configure IPSec/IKEv 2 Function | Crypto Officer - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: W,E - IPSec/IKE ECDH Private Key: W,E - IPSec/IKE ECDH Public Key: W,E - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKE ECDH Shared Secret: W,E - IPSec/IKE ECDSA Private Key: W,E - IPSec/IKE ECDSA Public Key: W,E - IPSec/IKE RSA Private Key: W,E - IPSec/IKE RSA Public Key: W,E | KAS-ECC (IKEv2) KAS-FFC (IKEv2) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE v2) MAC (IPSec/IKE v2) KAS-ECC- KeyGen (IKEv2) KAS-FFC- | Global Indicator with IPsec/IKE v2 configurat ion success status message | Command s to configure IPsec/IKEv 2 | Status of the completion of IPsec/IKEv 2 configurati on |
| KeyGen (IKEv2) IKEv2 Keying Materials Developm ent DRBG Function | - IPSec/IKE Pre-shared Secret: W,E - SKEYSEED: W,E - IPSec/IKE Session Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E | KeyGen (IKEv2) IKEv2 Keying Materials Developm ent DRBG Function | ||||
| Run SSHv2 Function | Execute SSHv2 Function | Crypto Officer - SSH DH Private Key: W,E - SSH DH Public Key: W,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH Private Key: W,E - SSH ECDH Public Key: W,E - SSH Peer ECDH Public Key: W,E - SSH ECDH | KAS-FFC (SSHv2) KAS-ECC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen | Global Indicator and successfu l SSHv2 log message | Initiate SSHv2 tunnel establishm ent | Status of SSHv2 tunnel establishm ent |
n KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E
n with AESGCM) © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E
| Name | Csps Accessed | Descriptio | Security | |
|---|---|---|---|---|
| n | n | Functions | ||
| (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) DRBG Function SSHv2 Keying Materials Developm ent | Shared Secret: W,E - SSH RSA Private Key: W,E - SSH RSA Public Key: W,E - SSH ECDSA Private Key: W,E - SSH ECDSA Public Key: W,E - SSH Session Encryption Key: W,E - SSH Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E User - SSH DH Private Key: W,E - SSH DH Public Key: W,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH | (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) DRBG Function SSHv2 Keying Materials Developm ent |
n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Run HTTPS over | Execute HTTPS over | Crypto Officer - TLS DH Private Key: | KAS-FFC (TLSv1.2) KAS-ECC (TLSv1.2) | Global Indicator and successfu | Initiate TLSv1.2 tunnel | Status of TLSv1.2 tunnel |
| TLSv1.2 Function | TLSv1.2 function | W,E - TLS DH Public Key: W,E - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key: W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E - TLS RSA Private Key: W,E - TLS RSA Public Key: W,E - TLS Master Secret: W,E - TLS Session Encryption Key: W,E - TLS Session Authenticatio n Key: W,E - DRBG Entropy | KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2) KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen | l HTTPS over TLSv1.2 log message | establishm ent request | establishm ent |
n with AESGCM) KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E W,E W,E W,E W,E W,E
| Name | Csps Accessed | Descriptio | Security | |
|---|---|---|---|---|
| n | n | Functions | ||
| (SSHv2) DRBG Function SSHv2 Keying Materials Developm ent | Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E User - TLS DH Private Key: W,E - TLS DH Public Key: W,E - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key: W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E - TLS RSA Private Key: W,E - TLS RSA Public Key: W,E | (SSHv2) DRBG Function SSHv2 Keying Materials Developm ent |
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Run IPSec/IKEv 2 Function | Execute IPsec/IKEv 2 Function | Crypto Officer - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: W,E - IPSec/IKE ECDH Private Key: W,E - IPSec/IKE ECDH Public Key: W,E - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKE | KAS-ECC (IKEv2) KAS-FFC (IKEv2) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, | Global Indicator and succesful IPsec/IKE v2 log message | Initiate IPsec/IKEv 2 tunnel establishm ent request | Status of IPSec/IKE v2 tunnel establishm ent |
| Name | Csps Accessed | Descriptio | Security | |
|---|---|---|---|---|
| n | n | Functions | ||
| and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE v2) MAC (IPSec/IKE v2) KAS-ECC- KeyGen (IKEv2) KAS-FFC- KeyGen (IKEv2) IKEv2 Keying Materials Developm ent DRBG Function | ECDH Shared Secret: W,E - IPSec/IKE ECDSA Private Key: W,E - IPSec/IKE ECDSA Public Key: W,E - IPSec/IKE RSA Private Key: W,E - IPSec/IKE RSA Public Key: W,E - IPSec/IKE Pre-shared Secret: W,E - SKEYSEED: W,E - IPSec/IKE Session Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State V value: W,E - DRBG Key: W,E User - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE | and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE v2) MAC (IPSec/IKE v2) KAS-ECC- KeyGen (IKEv2) KAS-FFC- KeyGen (IKEv2) IKEv2 Keying Materials Developm ent DRBG Function |
n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. W,E W,E W,E W,E
| Name | Descriptio | Security |
|---|---|---|
| n | n | Functions |
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Configure SNMPv3 Function | Configure SNMPv3 Function | Crypto Officer - SNMPv3 Shared Secret: W,E - SNMPv3 Encryption Key: W,E - SNMPv3 Authenticatio n Key: W,E | Block Cipher (SNMPv3) MAC (SNMPv3) SNMPv3 Keying Materials Developm ent | Global Indicator and SNMPv3 configurat ion success status message | Command s to configure SNMPv3 | Status of the completion of SNMPv3 configurati on |
| Run SNMPv3 Function | Execute SNMPv3 Function | Crypto Officer User | Block Cipher (SNMPv3) MAC (SNMPv3) SNMPv3 Keying Materials Developm ent | Global Indicator and successfu l SNMPv3 log message | Initiate SNMPv3 tunnel establishm ent request | Status of SNMPv3 tunnel establishm ent |
| Firmware Load Test | Execute the Firmware Load Test | Crypto Officer - Firmware Load Test Key: R | Firmware Load Test | Global indicator and successfu l Firmware Loading status message | Command s to load new firmware image | Outcome of the Firmware Load Test |
N/A for this module. © 2021-2025 Cisco Systems, Inc. W,E
The module supports the firmware load test by using HMAC-SHA2-512 (HMAC Cert. #A4446) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails.
The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.
The module supports unauthenticated service. The unauthenticated User/Operators can trigger the self-test service by power-cycling the module, and is able to observe the module’s LEDs status.
The module is provided in the form of binary executable code. To ensure firmware security, the module is protected by RSA 2048 bits with SHA2-512 (RSA Cert. #A4446) algorithm. A Firmware Integrity Test Key (non-SSP) was preloaded to the module’s binary at the factory and used for firmware integrity test only at the pre-operational self-test. The module uses the RSA
2048 bits modulus public key to verify the digital signature. If the firmware integrity test fails, the
module would enter to an Error state with all crypto functionality inhibited.
Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the firmware integrity test on-demand. © 2021-2025 Cisco Systems, Inc.
| Mechanism | Inspection | Inspection Guidance | |
|---|---|---|---|
| Frequency | |||
| Tamper labels (9) with Part number: AIR-AP-FIPSKIT= | Recommend 30 Days | Visible inspection of platform for residual evidence of tampering | |
| Opacity shield (1) with Part number: FPR3K-FIPS-KIT= | Recommend 30 Days | Visible inspection of platform for evidence of tampering, removal or access |
Type of Operational Environment: Limited
Table 14: Mechanisms and Actions Required Step 1: Turn off and unplug the module. Step 2: Clean the chassis of any grease, dirt, oil or any other material other than the surface coating from manufacture before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Step 3: Apply a label to cover the module as shown in the figures below. The tamper evident labels are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the module will damage the tamper evident labels or the material of the security appliance cover. Because the tamper evident labels have non-repeated serial numbers, they may be inspected for damage and compared against the applied serial numbers to verify that the security appliance has not been tampered with. Tamper evident labels can also be inspected for signs of tampering, which include the following: curled corners, rips, and slices. The word “FIPS” may appear if the label was peeled back.
Number: Nine (9) Placement: © 2021-2025 Cisco Systems, Inc.
Figure 2 Module’s front view opacity shield TEL 1 Figure 3 Module’s back view TEL 7 TEL 6 TEL 8 TEL 2 TEL 4 TEL 5 TEL 1 TEL 3 Figure 4 Module’s top view with opacity shield © 2021-2025 Cisco Systems, Inc.
TEL 8 TEL 9 TEL 7 TEL 6 Figure 5 Module’s bottom view with opacity shield TEL 3 Figure 6 Module’s left view with opacity shield TEL 2 Figure 7 Module’s right view with opacity shield Surface Preparation: Clean the chassis of any grease, dirt, or oil before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Operator Responsible for Securing Unused Seals: Any unused TELs must be securely stored, accounted for, and maintained by the CO in a protected location.
3105, 3110, 3120, 3130, 3140 Opacity Shield FPR3K-FIPS-KIT= Step 1: Attach the Slide Rail Locking Bracket, #2 in diagram to the Side of the Chassis using the countersink screws #3 in diagram. © 2021-2025 Cisco Systems, Inc.
Step 2: Attach the Cable Management Bracket (#1) to the Slide Rail Locking Bracket (#2) using the countersink screws (#3) Step 3: Route the Cables through the Cable Management Brackets Step 4: Attach the FIPS Opacity Shield (#1) to the Cable Management Brackets (#3) using the countersink screws (#2) © 2021-2025 Cisco Systems, Inc.
Figure 8 Opacity Shield Brackets
| Name | Type | Description |
|---|---|---|
| DRAM | Dynamic | Volatile Memory |
| Flash | Static | Non-Volatile Memory |
| Name | Approved Functions | Type | From | To | Distributio n Type | Entry Type |
|---|---|---|---|---|---|---|
| Peer Public Key Input | Plaintext | External (Outside of the Module's Boundary ) | Module | Automated | Electroni c | |
| Module Public Key Output | Plaintext | Module | External (Outside of the Module's Boundary ) | Automated | Electroni c | |
| Password/Secre t Input via SSHv2 encrypted by GCM | KTS (SSHv2 with AES- GCM) | Encrypte d | External (Outside of the Module's Boundary ) | Module | Automated | Electroni c |
| Password/Secre t Input via SSHv2 encrypted by AES and HMAC | KTS (SSHv2 with AES and HMAC) | Encrypte d | External (Outside of the Module's Boundary ) | Module | Automated | Electroni c |
| Password/Secre t Input via TLS encrypted by GCM | KTS (TLSv1.2 with AES- GCM) | Encrypte d | External (Outside of the Module's Boundary ) | Module | Automated | Electroni c |
| Password/Secre t Input via TLS encrypted by AES and HMAC | KTS (TLSv1.2 with AES and HMAC) | Encrypte d | External (Outside of the Module's Boundary ) | Module | Automated | Electroni c |
) c ) c d c with AESGCM) d c d c with AESGCM) d c ) ) ) ) © 2021-2025 Cisco Systems, Inc. m
| Name | Type | Description | Strength | Use |
|---|---|---|---|---|
| DRBG Entropy Input | Entropy Input - CSP | Used to seed the DRBG | 384 bits - at least 256 bits | DRBG Function |
| DRBG Seed | DRBG Seed - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function |
| DRBG Internal State V value | DRBG Internal State V value - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function |
| DRBG Key | DRBG Key - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function |
| User Password | Authenticati on Data - CSP | User authenticati on | 8-30 Characte rs - 8-30 Characte rs | |
| Crypto Officer Password | Authenticati on Data - CSP | Crypto Officer authenticati on | 8-30 Characte rs - 8-30 Characte rs | |
| RADIUS Secret | Authenticati on Data - CSP | RADIUS Server Authenticati on | 16 Characte rs - 16 Characte rs |
| Zeroization | Description | Rationale | Operator | ||
|---|---|---|---|---|---|
| Method | Initiation | ||||
| Zeroization Command | CO issues zeroization service | the zeroization command will erase all SSPs stored in the DRAM or in the Flash of the module. | 'configure factory-default' |
Table 16: SSP Input-Output Methods
Table 17: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement. © 2021-2025 Cisco Systems, Inc.
| Name | Type | Description | Strength | Use | ||
|---|---|---|---|---|---|---|
| TACACS+ Secret | Authenticati on Data - CSP | TACACS+ Authenticati on | 16 Characte rs - 16 Characte rs | |||
| Firmware Load Test Key | Public Key - CSP | Used for Firmware Load Test | 112 bits - 112 bits | Firmware Load Test | ||
| SSH DH Private Key | Private Key - CSP | Used to derive the SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bits | KAS-FFC (SSHv2) | KAS- FFC- KeyGen (SSHv2) | |
| SSH DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bits | KAS-FFC (SSHv2) | KAS-FFC- KeyGen (SSHv2) | |
| SSH Peer DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bits | KAS-FFC (SSHv2) | ||
| SSH DH Shared Secret | Shared Secret - CSP | Used to derive SSH Session Encryption Keys, SSH Session Authenticati on Keys | MODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bits | KAS-FFC (SSHv2) | KAS-FFC (SSHv2) | |
| SSH ECDH Private Key | Private Key - CSP | Used to derive the SSH ECDH Shared Secret | Curves: 256, 384, 521 bits - 128 to 256 bits | KAS-ECC (SSHv2) | KAS- ECC- KeyGen (SSHv2) | |
| SSH ECDH Public Key | Public Key - PSP | Used to derive SSH ECDHE | Curves: 256, 384, 521 bits - | KAS-ECC (SSHv2) | KAS-ECC- KeyGen (SSHv2) | |
| Shared Secret | Shared Secret | 128-256 bits | ||||
| SSH Peer ECDH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | Curves: 256, 384, 521 bits - 128 to 256 bits | KAS-ECC (SSHv2) | ||
| SSH ECDH Shared Secret | Shared Secret - CSP | Used to derive SSH Session Encryption Keys, SSH Session Authenticati on Keys | Curves: 256, 384, 521 bits - 128 to 256 bits | KAS-ECC (SSHv2) | KAS-ECC (SSHv2) | |
| SSH RSA Private Key | Private Key - CSP | Used for SSH session authenticati on | Modulus 2048 and 3072 bits - 112- 128 bits | RSA SigVer (SSHv2, TLSv1.2, and IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| SSH RSA Public Key | Public Key - PSP | Used for SSH sessions aiuthenticati on | Modulus 2048 and 3072 bits - 112- 128 bits | RSA SigVer (SSHv2, TLSv1.2, and IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| SSH ECDSA Private Key | Private Key - CSP | Used for SSH session authenticati on | Curves: 256, 384, 521 bits - 128 to 256 bits | ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) | ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) | |
| SSH ECDSA Public Key | Public Key - PSP | Used for SSH sessions aiuthenticati on | Curves: 256, 384, 521 bits - 128 to 256 bits | ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) | ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) | |
| SSH Session Encryption Key | Session Key - CSP | Used for SSH Session confidentialit y protection | 128-256 bits - 128-256 bits | Block Cipher (SSHv2) | SSHv2 Keying Materials Developme nt | |
| SSH Session Authenticati on Key | Session Key - CSP | Used for SSH Session integrity protection | At least 160 bits - At least 160 bits | MAC (SSHv2) | SSHv2 Keying Materials Developme nt | |
| TLS DH Private Key | Private Key - CSP | Used to Derive TLS | Modulus: 2048, | KAS-FFC (TLSv1.2) | KAS- FFC- | |
| DH Shared Secret | DH Shared Secret | 3072, 4096 bits - 128- 152 bits | KeyGen (TLSv1.2 ) | |||
| TLS DH Public Key | Public Key - PSP | Used to Derive TS DH Shared Secret | Modulus: 2048, 3072, or 4096 bits - 128- 152 bits | KAS-FFC (TLSv1.2) | KAS-FFC- KeyGen (TLSv1.2) | |
| TLS Peer DH Public Key | Public Key - PSP | Used to derive IKE DH Shared Secret | Modulus: 2048, 3072, or 4096 bits - 128- 152 bits | KAS-FFC (TLSv1.2) | ||
| TLS DH Shared Secret | Shared Secret - CSP | Used to Derive TLS Session Encryption Key and TLS Session Authenticati on Key | Modulus 2048, 3072, or 4096 - 128-152 bits | KAS-FFC (TLSv1.2) | KAS-FFC (TLSv1.2) | |
| TLS ECDH Private Key | Private Key - CSP | Used to Derive TLS ECDH Shared Secret | Curves P-256, P- 384, and P-521 - 128-256 bits | KAS-ECC (TLSv1.2) | KAS- ECC- KeyGen (TLSv1.2 ) | |
| TLS ECDH Public Key | Public Key - PSP | Used to Derive TS ECDH Shared Secret | Curves P-256, P- 384, and P-521 - 128-256 bits | KAS-ECC (TLSv1.2) | KAS-ECC- KeyGen (TLSv1.2) | |
| TLS Peer ECDH Public Key | Public Key - PSP | Used to derive IKE ECDH Shared Secret | Curves: P-256, P- 384, P- 521 - 128-256 bits | KAS-ECC (TLSv1.2) | ||
| TLS ECDH Shared Secret | Shared Secret - CSP | Used to Derive TLS Session Encryption Key and | Curves p-256, P- 384, P- 521 - | KAS-ECC (TLSv1.2) | KAS-ECC (TLSv1.2) | |
| TLS Session Authenticati on Key | TLS Session Authenticati on Key | 128-256 bits | ||||
| TLS ECDSA Private Key | Private Key - CSP | Used to support CO and Admin HTTPS interfaces | Curves P-256, P- 384, P- 521 - 128-256 bits | ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) | ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) | |
| TLS ECDSA Public Key | Public Key - PSP | Used to support CO and User HTTPS Interfaces | Curves P-256, P- 384, P- 521 - 128-256 bits | ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) | ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) | |
| TLS RSA Private Key | Private Key - CSP | Used to support CO and Admin HTTPS Interfaces | Modulus 2048 and 3072 bits - 112- 128 bits | RSA SigVer (SSHv2, TLSv1.2, and IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| TLS RSA Public Key | Public Key - PSP | Used to support CO and User HTTPS interfaces | Modulus 2048 and 3072 bits - 112- 128 bits | RSA SigVer (SSHv2, TLSv1.2, and IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| TLS Master Secret | Master Secret - CSP | Used to protect HTTPS Session. Pre-master secret | At least 112 bits - At least 112 bits | TLS Keying Materials Developme nt | TLS Keying Materials Developme nt | |
| TLS Session Encryption Key | Session Key - CSP | Used to protect HTTPS Session. TLS Master secret | 128-256 bits - 128-256 bits | Block Cipher (TLSv1.2) | TLS Keying Materials Developme nt | |
| TLS Session Authenticati on Key | Session Key - CSP | Used to protect HTTPS Session. TLS master secret | at least 112 bits - at least 112 bits | MAC (TLSv1.2) | TLS Keying Materials Developme nt | |
| IPSec/IKE DH Private Key | Private Key - CSP | Used to derive IPSec/IKE | MODP- 2048, MODP- 3072, | KAS-FFC (IKEv2) | KAS- FFC- KeyGen (IKEv2) | |
| DH Shared Secret | DH Shared Secret | MODP- 4096 - 112-152 bits | ||||
| IPSec/IKE DH Public Key | Public Key - PSP | Used to derive IPSec/IKE DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bits | KAS-FFC (IKEv2) | KAS-FFC- KeyGen (IKEv2) | |
| IPSec/IKE Peer DH Public Key | Public Key - PSP | Used to derive IPSec/IKE DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bits | KAS-FFC (IKEv2) | ||
| IPSec/IKE DH Shared Secret | Shared Secret - CSP | Used to derive IPSec/IKE Session Encryption Keys, IPSec/IKE Authenticati on Keys | MODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bits | KAS-FFC (IKEv2) | KAS-FFC (IKEv2) | |
| IPSec/IKE ECDH Private Key | Private Key - CSP | Used to derive IPSec/IKE ECDH Shared Secrets | Curves P-256, P- 384, P- 521 - 128-256 bits | KAS-ECC (IKEv2) | KAS- ECC- KeyGen (IKEv2) | |
| IPSec/IKE ECDH Public Key | Public Key - PSP | Used to derive IPSec/IKE ECDH Shared Secrets | Curves P-256, P- 384, P- 521 - 128-256 bits | KAS-ECC (IKEv2) | KAS-ECC- KeyGen (IKEv2) | |
| IPSec/IKE Peer ECDH Public Key | Public Key - PSP | Used to derive IPSec/IKE ECDH Shared Secrets | Curves P-256, P- 384, P- 521 - 128-256 bits | KAS-ECC (IKEv2) | ||
| IPSec/IKE ECDH Shared Secret | Shared Secret - CSP | Used to derive IPSec/IKE ECDH Shared Secrets | Curves P-256, P- 384, P- 521 - 128-256 bits | KAS-ECC (IKEv2) | KAS-ECC (IKEv2) | |
| IPSec/IKE ECDSA Private Key | Private Key - CSP | Used for IPSec/IKE peer authenticati on | Curves P-256, P- 384, P- 521 - 128-256 bits | ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) | ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) | |
| IPSec/IKE ECDSA Public Key | Public Key - PSP | Used for IPSec/IKE peer authenticati on | Curves P-256, P- 384, P- 521 - 128-256 bits | ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) | ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) | |
| IPSec/IKE RSA Private Key | Private Key - CSP | Used for IPSec/IKE peer authenticati on | Modulus 2048 or 3072 - 112 or 128 bits | RSA SigGen (SSHv2, TLSv1.2, IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| IPSec/IKE RSA Public Key | Public Key - PSP | Used for IPSec/IKE peer authenticati on | Modulus 2048 or 3072 - 112 or 128 bits | RSA SigVer (SSHv2, TLSv1.2, and IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| IPSec/IKE Pre-shared Secret | shared secret - CSP | Used for IPSec/IKE peer authenticati on | 16-32 bytes character s - 16-32 bytes character s | IKEv2 Keying Materials Developme nt | ||
| SKEYSEED | Keying Material - CSP | Keying material used to derive the IPSec/IKE Session Encryption Key and IPSec/IKE Authenticati on Key | 160 bits - 160 bits | IKEv2 Keying Materials Developme nt | IKEv2 Keying Materials Developme nt | |
| IPSec/IKE Session | Session Key - CSP | Used to secure | 128-256 bits - | Block Cipher | IKEv2 Keying |
MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, KASFFCKeyGen KAS-FFCKeyGen KASECCKeyGen KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc.
- 112128 bits - 112128 bits KASFFC© 2021-2025 Cisco Systems, Inc.
- 128152 bits - 128152 bits - 128152 bits P-256, P384, P521 128-256 p-256, P384, P521 ) KAS-FFCKeyGen KASECCKeyGen ) KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc.
P-256, P384, P521 128-256 P-256, P384, P521 128-256 - 112128 bits - 112128 bits MODP2048, MODP3072, KASFFCKeyGen © 2021-2025 Cisco Systems, Inc.
MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, P-256, P384, P521 128-256 P-256, P384, P521 128-256 P-256, P384, P521 128-256 KAS-FFCKeyGen KASECCKeyGen KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|
| Encryption Key | IPSec/IKEv 2 session confidentialit y | 128-256 bits | Materials Developme nt | (IPSec/IKEv 2) | |||||
| IPSec/IKE Authenticati on Key | Session Key - CSP | Used to secure IPSec/IKEv 2 session integrity | at least 160 bits - at least 160 bits | IKEv2 Keying Materials Developme nt | MAC (IPSec/IKEv 2) | ||||
| SNMPv3 Shared Secret | Authenticati on Secret - CSP | Used for SNMPv3 user authenticati on | 8-32 character s - N/A | IKEv2 Keying Materials Developme nt | |||||
| SNMPv3 Encryption Key | Encryption Key - CSP | Used to protect SNMPv3 traffic confidentialit y | 128 bits - 128 bits | SNMPv3 Keying Materials Developme nt | Block Cipher (SNMPv3) | ||||
| SNMPv3 Authenticati on Key | Authenticati on Key - CSP | Used to secure SNMPv3 traffic integrity | At least 112 bits - At least 112 bits | SNMPv3 Keying Materials Developme nt | MAC (SNMPv3) | ||||
| DRBG Entropy Input | DRAM:Plainte xt | Zeroizatio n Command | Until Reboot | DRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||
| DRBG Seed | DRAM:Plainte xt | Zeroizatio n Command | Until Reboot | DRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||
| DRBG Internal State V value | DRAM:Plainte xt | Zeroizatio n Command | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With |
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|
| Encryption Key | IPSec/IKEv 2 session confidentialit y | 128-256 bits | Materials Developme nt | (IPSec/IKEv 2) | |||||
| IPSec/IKE Authenticati on Key | Session Key - CSP | Used to secure IPSec/IKEv 2 session integrity | at least 160 bits - at least 160 bits | IKEv2 Keying Materials Developme nt | MAC (IPSec/IKEv 2) | ||||
| SNMPv3 Shared Secret | Authenticati on Secret - CSP | Used for SNMPv3 user authenticati on | 8-32 character s - N/A | IKEv2 Keying Materials Developme nt | |||||
| SNMPv3 Encryption Key | Encryption Key - CSP | Used to protect SNMPv3 traffic confidentialit y | 128 bits - 128 bits | SNMPv3 Keying Materials Developme nt | Block Cipher (SNMPv3) | ||||
| SNMPv3 Authenticati on Key | Authenticati on Key - CSP | Used to secure SNMPv3 traffic integrity | At least 112 bits - At least 112 bits | SNMPv3 Keying Materials Developme nt | MAC (SNMPv3) | ||||
| DRBG Entropy Input | DRAM:Plainte xt | Zeroizatio n Command | Until Reboot | DRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||
| DRBG Seed | DRAM:Plainte xt | Zeroizatio n Command | Until Reboot | DRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||
| DRBG Internal State V value | DRAM:Plainte xt | Zeroizatio n Command | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With |
y y 2) s - N/A 2) Table 18: SSP Table 1 n n n n © 2021-2025 Cisco Systems, Inc.
| Name | Storage | Zeroization | Use | Input | |
|---|---|---|---|---|---|
| DRBG Key | DRAM:Plainte xt | Zeroizatio n Command | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used With | Until Reboot | |
| User Password | Flash:Encrypt ed | Zeroizatio n Command | Password/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC | ||
| Crypto Officer Password | Flash:Encrypt ed | Zeroizatio n Command | Password/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by | ||
| RADIUS Secret | Flash:Plaintex t | Zeroizatio n Command | Password/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC | ||
| TACACS+ Secret | Flash:Plaintex t | Zeroizatio n Command | Password/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC | ||
| Firmware Load Test Key | Flash:Plaintex t | N/A | |||
| SSH DH Private Key | DRAM:Plainte xt | Zeroizatio n Command | SSH DH Public Key:Paired With SSH Peer DH | While SSH tunnel is on | |
| SSH DH Public Key | DRAM:Plainte xt | Zeroizatio n Command | SSH DH Private Key:Paired With | Module Public Key Output | While SSH tunnel is on |
| SSH Peer DH Public Key | DRAM:Plainte xt | Zeroizatio n Command | SSH DH Private Key:Used With | Peer Public Key Input | While SSH tunnel is on |
| SSH DH Shared Secret | DRAM:Plainte xt | Zeroizatio n Command | SSH DH Private Key:Derived From SSH DH Public Key:Derived From | While SSH tunnel is on | |
| SSH ECDH Private Key | DRAM:Plainte xt | Zeroizatio n Command | SSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used With | While SSH tunnel is on | |
| SSH ECDH Public Key | DRAM:Plainte xt | Zeroizatio n Command | SSH ECDH Private Key:Paired With | Module Public Key Output | While SSH tunnel is on |
| SSH Peer ECDH Public Key | DRAM:Plainte xt | Zeroizatio n Command | SSH ECDH Private Key:Used With | Peer Public Key Input | While SSH tunnel is on |
| SSH ECDH Shared Secret | DRAM:Plainte xt | Zeroizatio n Command | SSH ECDH Private Key:Derived From SSH ECDH Public Key:Derived From | While SSH tunnel is on | |
| SSH RSA Private Key | Flash:Plaintex t | Zeroizatio n Command | SSH RSA Public Key:Paired With SSH Peer RSA Public Key:Used With | ||
| SSH RSA Public Key | Flash:Plaintex t | Zeroizatio n Command | SSH RSA Private Key:Paired With | Module Public Key Output | |
| SSH ECDSA Private Key | Flash:Plaintex t | Zeroizatio n Command | SSH ECDSA Public Key:Paired With | ||
| SSH ECDSA Public Key | Flash:Plaintex t | Zeroizatio n Command | SSH ECDSA Private Key:Paired With | Module Public Key Output | |
| SSH Session Encryption Key | DRAM:Plainte xt | Zeroizatio n Command | SSH Session Authentication Key:Used With | While SSH tunnel is on | |
| SSH Session Authenticati on Key | DRAM:Plainte xt | Zeroizatio n Command | SSH Session Encryption Key:Used With | While SSH tunnel is on | |
| TLS DH Private Key | DRAM:Plainte xt | Zeroizatio n Command | TLS DH Public Key:Paired With TLS Peer DH Public Key:Used With | While TLS tunnel is on | |
| TLS DH Public Key | DRAM:Plainte xt | Zeroizatio n Command | TLS DH Private Key:Paired With | Module Public Key Output | While TLS tunnel is on |
| TLS Peer DH Public Key | DRAM:Plainte xt | Zeroizatio n Command | TLS DH Private Key:Used With | Peer Public Key Input | while TLS tunnel is on |
| TLS DH Shared Secret | DRAM:Plainte xt | Zeroizatio n Command | TLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From | While TLS tunnel is on | |
| TLS ECDH Private Key | DRAM:Plainte xt | Zeroizatio n Command | TLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used With | While TLS tunnel is on | |
| TLS ECDH Public Key | DRAM:Plainte xt | Zeroizatio n Command | TLS ECDH Private Key:Paired With | Module Public Key Output | While TLS tunnel is on |
| TLS Peer ECDH Public Key | DRAM:Plainte xt | Zeroizatio n Command | TLS ECDH Private Key:Used With | Peer Public Key Input | while TLS tunnel is on |
| TLS ECDH Shared Secret | DRAM:Plainte xt | Zeroizatio n Command | TLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From | While TLS tunnel is on | |
| TLS ECDSA Private Key | Flash:Plaintex t | Zeroizatio n Command | TLS ECDSA Public Key:Paired With | ||
| TLS ECDSA Public Key | Flash:Plaintex t | Zeroizatio n Command | TLS ECDSA Private Key:Paired With | Module Public Key Output | |
| TLS RSA Private Key | Flash:Plaintex t | Zeroizatio n Command | TLS RSA Public Key:Paired With | ||
| TLS RSA Public Key | Flash:Plaintex t | Zeroizatio n Command | TLS RSA Private Key:Paired With | Module Public Key Output | |
| TLS Master Secret | DRAM:Plainte xt | Zeroizatio n Command | TLS ECDH Shared Secret:Derived From | While TLS tunnel is on | |
| TLS Session Encryption Key | DRAM:Plainte xt | Zeroizatio n Command | TLS Session Authentication Key:Used With | While TLS tunnel is on | |
| TLS Session Authenticati on Key | DRAM:Plainte xt | Zeroizatio n Command | TLS Session Encryption Key:Used With | While TLS tunnel is on | |
| IPSec/IKE DH Private Key | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE DH Public Key:Paired With IPSec/IKE Peer DH Public Key:Used With | While IPSec/IKE v2 tunnel is on | |
| IPSec/IKE DH Public Key | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE DH Private Key:Paired With | Module Public Key Output | While IPSec/IKE v2 tunnel is on |
| IPSec/IKE Peer DH Public Key | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE DH Private Key:Used With | Peer Public Key Input | while IPSec/IKE tunnel is on |
| IPSec/IKE DH Shared Secret | DRAM:Plainte xt | Zeroizatio n Command | SKEYSEED:Used With | While IPSec/IKE v2 tunnel is on | |
| IPSec/IKE ECDH Private Key | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE ECDH Public Key:Paired With IPSec/IKE Peer ECDH Public Key:Used With | While IPSec/IKE v2 tunnel is on | |
| IPSec/IKE ECDH Public Key | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE ECDH Private Key:Paired With | Module Public Key Output | While IPSec/IKE v2 tunnel is on |
| IPSec/IKE Peer ECDH Public Key | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE ECDH Private Key:Used With | Peer Public Key Input | While IPSec/IKE v2 tunnel is on |
| IPSec/IKE ECDH Shared Secret | DRAM:Plainte xt | Zeroizatio n Command | SKEYSEED:Used With | While IPSec/IKE v2 tunnel is on | |
| IPSec/IKE ECDSA Private Key | Flash:Plaintex t | Zeroizatio n Command | IPSec/IKE ECDSA Public Key:Paired With | ||
| IPSec/IKE ECDSA Public Key | Flash:Plaintex t | Zeroizatio n Command | IPSec/IKE ECDSA Private Key:Paired With | Module Public Key Output | |
| IPSec/IKE RSA Private Key | Flash:Plaintex t | Zeroizatio n Command | IPSec/IKE RSA Public Key:Paired With | ||
| IPSec/IKE RSA Public Key | Flash:Plaintex t | Zeroizatio n Command | IPSec/IKE RSA Private Key:Paired With | Module Public Key Output | |
| IPSec/IKE Pre-shared Secret | DRAM:Plainte xt | Zeroizatio n Command | SKEYSEED:Deriv ed to | While IPSec/IKE v2 tunnel is on | |
| SKEYSEED | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From IPSec/IKE Pre- shared Secret:Derived From | While IPSec/IKE v2 tunnel is on | |
| IPSec/IKE Session Encryption Key | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From | While IPSec/IKE v2 tunnel is on | |
| IPSec/IKE Authenticati on Key | DRAM:Plainte xt | Zeroizatio n Command | IPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From | While IPSec/IKE v2 tunnel is on | |
| SNMPv3 Shared Secret | DRAM:Plainte xt | Zeroizatio n Command | SNMPv3 Encryption Key:Derive To SNMPv3 Authentication Key:Derive To | Password/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC | While SNMPv3 tunnel is on |
| SNMPv3 Encryption Key | DRAM:Plainte xt | Zeroizatio n Command | SNMPv3 Shared Secret:Derived From | While SNMPv3 tunnel is on | |
| SNMPv3 Authenticati on Key | DRAM:Plainte xt | Zeroizatio n Command | SNMPv3 Shared Secret:Derived From SNMPv3 Encryption Key:Used With | While SNMPv3 tunnel is on |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Test Properties | Indicator |
|---|---|---|---|---|---|---|
| RSA SigVer (FIPS186-4) (A4446) | RSA SigVer (FIPS186-4) (A4446) | KAT | SW/FW Integrity | RSA SigVer | RSA SigVer 2048 bits with SHA2-512 | Module is in normal state |
Table 20: Pre-Operational Self-Tests The module performs the following self-tests, including the pre-operational self-tests and Conditional self-tests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the © 2021-2025 Cisco Systems, Inc.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| AES-CBC (A4446) | AES-CBC (A4446) | KAT | CAST | Encrypt | 256 bits | Module is in normal state | Power Up | ||
| AES-CBC (A4446) | AES-CBC (A4446) | KAT | CAST | Decrypt | 256 bits | Module is in normal state | Power Up | ||
| AES-GCM (A4446) | AES-GCM (A4446) | KAT | CAST | Authenticated Encrypt | 256 bits | Module is in normal state | Power Up | ||
| AES-GCM (A4446) | AES-GCM (A4446) | KAT | CAST | Authenticated Decrypt | 256 bits | Module is in normal state | Power Up | ||
| Counter DRBG (A4446) | Counter DRBG (A4446) | KAT | CAST | Instantiate KAT | AES-128 | Module is in normal state | Power Up | ||
| Counter DRBG (A4446) | Counter DRBG (A4446) | KAT | CAST | Generate KAT | AES-128 | Module is in normal state | Power Up | ||
| Counter DRBG (A4446) | Counter DRBG (A4446) | KAT | CAST | Reseed KAT | AES-128 | Module is in normal state | Power Up | ||
| ECDSA SigGen (FIPS186- 4) (A4446) | ECDSA SigGen (FIPS186- 4) (A4446) | KAT | CAST | ECDSA SigGen KAT | P-256 curve with SHA2-256 | Module is in normal state | Power Up | ||
| ECDSA SigVer (FIPS186- 4) (A4446) | ECDSA SigVer (FIPS186- 4) (A4446) | KAT | CAST | ECDSA SigVer KAT | P-256 curve with SHA2-256 | Module is in normal state | Power Up | ||
| HMAC- SHA-1 (A4446) | HMAC- SHA-1 (A4446) | KAT | CAST | HMAC-SHA-1 | SHA-1 | Module is in normal state | Power Up | ||
| HMAC- SHA2-256 (A4446) | HMAC- SHA2-256 (A4446) | KAT | CAST | HMAC-SHA2- 256 | SHA2-256 | Module is in normal state | Power Up | ||
| HMAC- SHA2-384 (C1026) | HMAC- SHA2-384 (C1026) | KAT | CAST | HMAC-SHA2- 384 | SHA2-384 | Module is in normal state | Power Up | ||
| HMAC- SHA2-512 (A4446) | HMAC- SHA2-512 (A4446) | KAT | CAST | HMAC-SHA2- 512 | SHA2-512 | Module is in normal state | Power Up | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A4446) | KAS-ECC- SSC Sp800- 56Ar3 (A4446) | KAT | CAST | Primitive Z KAT | P-256 Curve | Module is in normal state | Power Up | ||
| KAS-FFC- SSC Sp800- 56Ar3 (A4446) | KAS-FFC- SSC Sp800- 56Ar3 (A4446) | KAT | CAST | Primitive Z KAT | MODP- 2048 | Module is in normal state | Power Up | ||
| RSA SigGen (FIPS186- 4) (A4446) | RSA SigGen (FIPS186- 4) (A4446) | KAT | CAST | RSA SigGen KAT | 2048 bit modulus with SHA2- 256 | Module is in normal state | Power Up | ||
| RSA SigVer (FIPS186- 4) (A4446) | RSA SigVer (FIPS186- 4) (A4446) | KAT | CAST | RSA SigVer KAT | 2048 bit modulus with SHA2- 256 | Module is in normal state | Power Up | ||
| KDF IKEv2 (A4446) | KDF IKEv2 (A4446) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| KDF SNMP (A4446) | KDF SNMP (A4446) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| KDF SSH (A4446) | KDF SSH (A4446) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| TLS v1.2 KDF RFC7627 (A4446) | TLS v1.2 KDF RFC7627 (A4446) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| SHA-1 (A4446) | SHA-1 (A4446) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| AES-CBC (C1026) | AES-CBC (C1026) | KAT | CAST | Encrypt KAT | 128 bits | Module is in normal state | Power Up | ||
| AES-CBC (C1026) | AES-CBC (C1026) | KAT | CAST | Decrypt KAT | 128 bits | Module is in normal state | Power Up | ||
| AES-GCM (C1026) | AES-GCM (C1026) | KAT | CAST | Encrypt KAT | 128 bits | Module is in normal state | Power Up | ||
| AES-GCM (C1026) | AES-GCM (C1026) | KAT | CAST | Decrypt KAT | 128 bits | Module is in normal state | Power Up | ||
| Hash DRBG (C1026) | Hash DRBG (C1026) | KAT | CAST | Instantiate KAT | SHA2-512 | Module is in normal state | Power Up | ||
| Hash DRBG (C1026) | Hash DRBG (C1026) | KAT | CAST | Generate KAT | SHA2-512 | Module is in normal state | Power Up | ||
| Hash DRBG (C1026) | Hash DRBG (C1026) | KAT | CAST | Reseed KAT | SHA2-512 | Module is in normal state | Power Up | ||
| HMAC- SHA-1 (C1026) | HMAC- SHA-1 (C1026) | KAT | CAST | HMAC-SHA-1 | SHA-1 | Module is in normal state | Power Up | ||
| HMAC- SHA2-256 (C1026) | HMAC- SHA2-256 (C1026) | KAT | CAST | HMAC-SHA2- 256 | SHA2-256 | Module is in normal state | Power Up | ||
| HMAC- SHA2-384 (C1026) | HMAC- SHA2-384 (C1026) | KAT | CAST | HMAC-SHA2- 384 | SHA2-384 | Module is in normal state | Power Up | ||
| HMAC- SHA2-512 (C1026) | HMAC- SHA2-512 (C1026) | KAT | CAST | HMAC-SHA2- 512 | SHA2-512 | Module is in normal state | Power Up | ||
| SHA-1 (C1026) | SHA-1 (C1026) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| ECDSA KeyGen (FIPS186- 4) (A4446) | ECDSA KeyGen (FIPS186- 4) (A4446) | PCT | PCT | ECDSA | Curve P- 256 with SHA2-256 | Module is in normal state | Performs all required pair- wise consistency tests on the newly generated key pairs before the first operational use. | ||
| RSA KeyGen (FIPS186- 4) (A4446) | RSA KeyGen (FIPS186- 4) (A4446) | PCT | PCT | RSA | 2048 bit Modulus | Module is in normal state | Performs all required pair- wise consistency tests on the newly generated key pairs before the | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A4446) | KAS-ECC- SSC Sp800- 56Ar3 (A4446) | PCT | PCT | N/A | Curve P- 256 with SHA2-256 | Module is in normal state | Performs all required pair- wise consistency tests on the newly generated key pairs before the first operational use. | ||
| KAS-FFC- SSC Sp800- 56Ar3 (A4446) | KAS-FFC- SSC Sp800- 56Ar3 (A4446) | PCT | PCT | N/A | MODP- 2048 | Module is in normal state | Performs all required pair- wise consistency tests on the newly generated key pairs before the first operational use. | ||
| HMAC- SHA2-512 (A4446) | HMAC- SHA2-512 (A4446) | KAT | SW/FW Load | N/A | HMAC- SHA2-512 | Module is in normal state | When firmware has been uploaded to the module | ||
| RSA SigVer (FIPS186-4) (A4446) | RSA SigVer (FIPS186-4) (A4446) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| AES-CBC (A4446) | AES-CBC (A4446) | KAT | CAST | Recommend 60 Days | Reboot |
successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.
(FIPS1864) (A4446) (FIPS1864) (A4446) HMACSHA-1 HMACSHA2-256 HMAC-SHA2256 © 2021-2025 Cisco Systems, Inc.
HMACSHA2-384 HMACSHA2-512 KAS-ECCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 (FIPS1864) (A4446) (FIPS1864) (A4446) HMAC-SHA2384 HMAC-SHA2512 MODP2048 with SHA2256 with SHA2256 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2021-2025 Cisco Systems, Inc.
HMACSHA-1 HMACSHA2-256 HMACSHA2-384 HMACSHA2-512 N/A (FIPS1864) (A4446) (FIPS1864) (A4446) HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 N/A required pairwise required pairwise © 2021-2025 Cisco Systems, Inc.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| KAS-ECC- SSC Sp800- 56Ar3 (A4446) | KAS-ECC- SSC Sp800- 56Ar3 (A4446) | PCT | PCT | N/A | Curve P- 256 with SHA2-256 | Module is in normal state | Performs all required pair- wise consistency tests on the newly generated key pairs before the first operational use. | ||
| KAS-FFC- SSC Sp800- 56Ar3 (A4446) | KAS-FFC- SSC Sp800- 56Ar3 (A4446) | PCT | PCT | N/A | MODP- 2048 | Module is in normal state | Performs all required pair- wise consistency tests on the newly generated key pairs before the first operational use. | ||
| HMAC- SHA2-512 (A4446) | HMAC- SHA2-512 (A4446) | KAT | SW/FW Load | N/A | HMAC- SHA2-512 | Module is in normal state | When firmware has been uploaded to the module | ||
| RSA SigVer (FIPS186-4) (A4446) | RSA SigVer (FIPS186-4) (A4446) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| AES-CBC (A4446) | AES-CBC (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC (A4446) | AES-CBC (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM (A4446) | AES-GCM (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM (A4446) | AES-GCM (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG (A4446) | Counter DRBG (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG (A4446) | Counter DRBG (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG (A4446) | Counter DRBG (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA SigGen (FIPS186-4) (A4446) | ECDSA SigGen (FIPS186-4) (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA SigVer (FIPS186-4) (A4446) | ECDSA SigVer (FIPS186-4) (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA-1 (A4446) | HMAC-SHA-1 (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2- 256 (A4446) | HMAC-SHA2- 256 (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2- 384 (C1026) | HMAC-SHA2- 384 (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2- 512 (A4446) | HMAC-SHA2- 512 (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A4446) | KAS-ECC-SSC Sp800-56Ar3 (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KAS-FFC-SSC Sp800-56Ar3 (A4446) | KAS-FFC-SSC Sp800-56Ar3 (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| RSA SigGen (FIPS186-4) (A4446) | RSA SigGen (FIPS186-4) (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| RSA SigVer (FIPS186-4) (A4446) | RSA SigVer (FIPS186-4) (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KDF IKEv2 (A4446) | KDF IKEv2 (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KDF SNMP (A4446) | KDF SNMP (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KDF SSH (A4446) | KDF SSH (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| TLS v1.2 KDF RFC7627 (A4446) | TLS v1.2 KDF RFC7627 (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| SHA-1 (A4446) | SHA-1 (A4446) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC (C1026) | AES-CBC (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC (C1026) | AES-CBC (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM (C1026) | AES-GCM (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM (C1026) | AES-GCM (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Hash DRBG (C1026) | Hash DRBG (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Hash DRBG (C1026) | Hash DRBG (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Hash DRBG (C1026) | Hash DRBG (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA-1 (C1026) | HMAC-SHA-1 (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2- 256 (C1026) | HMAC-SHA2- 256 (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2- 384 (C1026) | HMAC-SHA2- 384 (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2- 512 (C1026) | HMAC-SHA2- 512 (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| SHA-1 (C1026) | SHA-1 (C1026) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA KeyGen (FIPS186-4) (A4446) | ECDSA KeyGen (FIPS186-4) (A4446) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| RSA KeyGen (FIPS186-4) (A4446) | RSA KeyGen (FIPS186-4) (A4446) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A4446) | KAS-ECC-SSC Sp800-56Ar3 (A4446) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| KAS-FFC-SSC Sp800-56Ar3 (A4446) | KAS-FFC-SSC Sp800-56Ar3 (A4446) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2- 512 (A4446) | HMAC-SHA2- 512 (A4446) | KAT | SW/FW Load | N/A | N/A |
KAS-ECCSSC Sp80056Ar3 N/A KAS-FFCSSC Sp80056Ar3 MODP2048 N/A HMACSHA2-512 HMACSHA2-512 N/A required pairwise required pairwise Table 21: Conditional Self-Tests The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.
Table 22: Pre-Operational Periodic Information © 2021-2025 Cisco Systems, Inc.
N/A N/A Table 23: Conditional Periodic Information
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error State | If self-test tests fail, the module is put into an error state | Self-test failure | System Halt | Reboot the module |
Table 24: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs.
The validated module firmware was installed onto the respective test platforms listed in Table 2 above. The Crypto Officer must configure and enforce the following initialization steps: Step 1: The Crypto Officer must install opacity shields as described in section 7 above. Step 2: The Crypto Officer must apply tamper evidence labels as described in section 7 above. Step 3: The Crypto Officer must securely store any unused tamper evidence labels. Note: Each module has a Type A USB 2.0 port, but it is considered to be disabled once the Crypto Officer has applied the TEL #9. Step 4: The Crypto Officer shall configure the module to be managed by the Firepower Management Center (FMC), and follow the procedure below from the FMC: a) Choose Devices > Platform Settings and create or edit a Firepower policy. b) On the left click “UCAPL/CC Compliance”. c) Choose “CC” from the dropdown under “Enable UCAPL/CC Compliance”. d) Click “Save” to save the changes. e) Click “Deploy” and select “Deploy All”. Step 5: The module will automatically reboot, and will be placed in the approved mode once it is done rebooting. Step 6: Crypto Officer can verify the version installed and running > show version Step 7: Crypto Officer can verify the module is in approved mode: > show fips Step 8: Assign users a Privilege Level of basic. © 2021-2025 Cisco Systems, Inc.
Step 9: Configure IP address for unit and all distant endpoints from the FMC. Step 10: Define RADIUS shared secret keys that are at least 8 characters long and secure traffic between the security module and the RADIUS server via secure (IPSec, TLS) tunnel. Note: Perform this step only if RADIUS is configured, otherwise proceed. Step 11: Configure the security module so that any remote connections via Telnet are secured through IPSec. Step 12: Configure the security module so that only approved algorithms are used for all security connections (SSHv2, TLSv1.2, SNMPv3 and IPSec/IKEv2). Step 13: Configure the security module so that error messages can only be viewed by Crypto Officer. Step 14: Enable HTTPS with TLS. HTTPS with TLS should always be used for Web-based management. Step 15: Ensure that installed digital certificates are signed using approved algorithms. Step 16: Save and reboot the module.
Specific Administrator guidance can be found in the Cisco Secure Firewall Management Center Administration Guide, 7.4: https://www.cisco.com/c/en/us/td/docs/security/securefirewall/management-center/admin/740/management-center-admin-74.html
Specific Non-Administrator guidance can be found in the Cisco Secure Firewall 3100 Series Hardware Installation Guide: https://www.cisco.com/c/en/us/td/docs/security/securefirewall/hardware/3100/fw-3100-install.html
N/A for this module. © 2021-2025 Cisco Systems, Inc.