All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Cisco Adaptive Security Appliance Cryptographic Module (FPR 2100 Series)

Certificate#5066StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCisco Systems, Inc.
High review priority  ·  exposes firmware-update authentication  ·  last validated 10 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/21/2030
CaveatWhen installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy
VendorCisco Systems, Inc.

Approved Algorithms (29)

AlgorithmACVP Cert
AES-CBCA4446
AES-GCMA4446
Counter DRBGA4446
ECDSA KeyGen (FIPS186-4)A4446
ECDSA SigGen (FIPS186-4)A4446
ECDSA SigVer (FIPS186-4)A4446
HMAC-SHA-1A4446
HMAC-SHA2-224A4446
HMAC-SHA2-256A4446
HMAC-SHA2-384A4446
HMAC-SHA2-512A4446
KAS-ECC-SSC Sp800-56Ar3A4446
KAS-FFC-SSC Sp800-56Ar3A4446
KDF IKEv2 (CVL)A4446
KDF SNMP (CVL)A4446
KDF SSH (CVL)A4446
RSA KeyGen (FIPS186-4)A4446
RSA SigGen (FIPS186-4)A4446
RSA SigVer (FIPS186-4)A4446
SHA-1A4446
SHA2-224A4446
SHA2-256A4446
SHA2-384A4446
SHA2-512A4446
TLS v1.2 KDF RFC7627 (CVL)A4446
Hash DRBG
HMAC-SHA2- 256
HMAC-SHA2- 384
HMAC-SHA2- 512

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Physical Security7
Non-Invasive SecurityN/A
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Cisco Adaptive Security Appliance Cryptographic Module (FPR 2100 Series)
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Load Test<br/>Firmware Update</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Block Cipher (SSHv2)<br/>Block Cipher (TLSv1.2)<br/>Block Cipher (IPSec/IKE)</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Cisco Adaptive Security Appliance Cryptographic Module (FPR 2100 Series)
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Load Test<br/>Firmware Update</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Block Cipher (SSHv2)<br/>Block Cipher (TLSv1.2)<br/>Block Cipher (IPSec/IKE)</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Cisco Systems, Inc. Cisco Adaptive Security Appliance Cryptographic Module (FPR 2100 Series) Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2025 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 2
Table of Contents
#SectionPage
1General5
1.1Overview5
1.2Security Levels5
2Cryptographic Module Specification5
2.1Description5
2.2Tested and Vendor Affirmed Module Version and Identification6
2.3Excluded Components7
2.4Modes of Operation7
2.5Algorithms7
2.6Security Function Implementations10
2.7Algorithm Specific Information16
2.8RBG and Entropy16
2.9Key Generation17
2.10Key Establishment17
2.11Industry Protocols18
3Cryptographic Module Interfaces18
3.1Ports and Interfaces18
4Roles, Services, and Authentication19
4.1Authentication Methods19
4.2Roles20
4.3Approved Services20
4.4Non-Approved Services38
4.5External Software/Firmware Loaded38
4.6Bypass Actions and Status39
4.7Cryptographic Output Actions and Status39
5Software/Firmware Security39
5.1Integrity Techniques39
5.2Initiate on Demand39
6Operational Environment40
6.1Operational Environment Type and Requirements40
7Physical Security40
7.1Mechanisms and Actions Required40
7.2User Placed Tamper Seals40
7.3Filler Panels43
8Non-Invasive Security45
9Sensitive Security Parameters Management45
9.1Storage Areas45
9.2SSP Input-Output Methods45
9.3SSP Zeroization Methods46
9.4SSPs47
9.5Transitions61
10Self-Tests61
10.1Pre-Operational Self-Tests61
10.2Conditional Self-Tests62
10.3Periodic Self-Test Information67
10.4Error States70
11Life-Cycle Assurance70
11.1Installation, Initialization, and Startup Procedures70
11.2Administrator Guidance72
11.3Non-Administrator Guidance72
12Mitigation of Other Attacks72
Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware7
Table 3: Modes List and Description7
Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation9
Table 5: Approved Algorithms - Octeon III Family Crypyto Engine9
Table 6: Vendor-Affirmed Algorithms10
Table 7: Security Function Implementations15
Table 8: Entropy Certificates16
Table 9: Entropy Sources16
Table 10: Ports and Interfaces18
Table 11: Authentication Methods20
Table 12: Roles20
Table 13: Approved Services38
Table 14: Mechanisms and Actions Required40
Table 15: Storage Areas45
Table 16: SSP Input-Output Methods46
Table 17: SSP Zeroization Methods46
Table 18: SSP Table 154
Table 19: SSP Table 261
Table 20: Pre-Operational Self-Tests62
Table 21: Conditional Self-Tests67
Table 22: Pre-Operational Periodic Information67
Table 23: Conditional Periodic Information70
Table 24: Error States70
Figure 1 FPR 2110 and FPR 21206
Figure 2 FPR 2130 and FPR 21406
Figure 3 Module front view with opacity shield40
Figure 4 FRP 2110/2120 back view41
Figure 5 FRP 2130/2140 back view41
Figure 6 FRP 2110/2120 top view with opacity shield41
Figure 7 FRP 2130/2140 top view with opacity shield42
Figure 8 Module’s bottom view with opacity shield42
Figure 9 Module’s left view with opacity shield43
Figure 10 Module’s right view with opacity shield43
Figure 11 Opacity Shield Brackets45
Page 5
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic module specification2
33Cryptographic module interfaces2
44Roles, services, and authentication3
55Software/Firmware security2
66Operational environmentN/A
77Physical security2
88Non-invasive securityN/A
99Sensitive security parameter management2
1010Self-tests2
1111Life-cycle assurance2
1212Mitigation of other attacksN/A
Overall LevelOverall Level2
1.1 Overview

Appliance Cryptographic Module (FPR 2100 Series) (hereinafter referred to as ASA or Module), version 9.20. The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 2 Hardware cryptographic module. The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic table indicates the actual security levels for each area of the cryptographic module.

1.2 Security Levels
2.1 Description

Purpose and Use: This module is a multi-chip standalone hardware cryptographic module deployed under the Next-Generation Firewall (NGFW) with Adaptive Security Appliance (ASA). The module’s operational environment is Limited. ASA delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. The ASA solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content © 2021-2025 Cisco Systems, Inc.

Page 6
Module configuration
NameModelHardware VersionFirmware VersionProcessor
FRP 2110FRP 2110FPR-21109.20Intel Xeon D-1526 (Broadwell), Octeon III Family Crypto Engine
FRP 2120FRP 2120FPR-21209.20Intel Xeon D-1528 (Broadwell), Octeon III Family Crypto Engine
FRP 2130FRP 2130FPR-21309.20Intel Xeon D-1548 (Broadwell), Octeon III Family Crypto Engine
FRP 2140FRP 2140FPR-21409.20Intel Xeon D-1577 (Broadwell), Octeon III Family Crypto Engine

security and secure unified communications, HTTPS/TLSv1.2, SSHv2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B using the ASA Cryptographic Module. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic boundary is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case, and shown in the figures below and in the Physical Security section. The FPR 2110 and FPR 2120 have the same exterior features while FPR 2130 and FPR 2140 have the same exterior features. Where they differ is in Firewall throughput, IPS throughput, IPsec VPN throughput and number of VPN peers allowed. Figure 2 FPR 2130 and FPR 2140

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 7
Service
NameDescriptionIndicatorType
Approved Mode of OperationThe module is always in the approved mode of operation after initial operations are performed.Approved mode indicator: "FIPS is currently enabled."Approved

Table 2: Tested Module Identification

2.3 Excluded Components

N/A for this module. Modes List and Description: Table 3: Modes List and Description operation after initial operations are performed (See Section 11). The module does not claim implementation of a degraded mode of operation. Section 4 provides details on the service

2.5 Algorithms
Page 8
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA4446Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA4446Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA4446Prediction Resistance - Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A4446Curve - P-256, P-384, P-521FIPS 186-4
ECDSA SigGen (FIPS186-4)A4446Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4446Curve - P-256, P-384, P-521FIPS 186-4
HMAC-SHA-1A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2-224A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2-256A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2-384A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2-512A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4446Domain Parameter Generation Methods - P- 256, P-384, P-521SP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A4446Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp-4096SP 800-56A Rev. 3
KDF IKEv2 (CVL)A4446Diffie-Hellman Shared Secret Length - Diffie- Hellman Shared Secret Length: 2048 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1SP 800-135 Rev. 1
KDF SNMP (CVL)A4446Password Length - Password Length: 256, 64SP 800-135 Rev. 1
KDF SSH (CVL)A4446Cipher - AES-128, AES-192, AES-256SP 800-135 Rev. 1
RSA KeyGen (FIPS186-4)A4446Key Generation Mode - B.3.4 Modulo - 2048, 3072 Hash Algorithm - SHA2-256 Private Key Format - StandardFIPS 186-4
RSA SigGen (FIPS186-4)A4446Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072FIPS 186-4
RSA SigVer (FIPS186-4)A4446Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072FIPS 186-4
Safe Primes Key GenerationA4446Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp- 4096SP 800-56A Rev. 3
SHA-1A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-224A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-256A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-384A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-512A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4446Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
AES-CBCAES 3301Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMAES 3301Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
Hash DRBGDRBG 819Prediction Resistance - No Mode - SHA2-512SP 800-90A Rev. 1
HMAC-SHA-1HMAC 2095FIPS 198-1
HMAC-SHA2- 256HMAC 2095FIPS 198-1
HMAC-SHA2- 384HMAC 2095FIPS 198-1
HMAC-SHA2- 512HMAC 2095FIPS 198-1
SHA-1SHS 2737Message Length - Message Length: 8- 51200 Increment 8FIPS 180-4
SHA2-256SHS 2737Message Length - Message Length: 8- 51200 Increment 8FIPS 180-4
SHA2-384SHS 2737Message Length - Message Length: 8- 102400 Increment 8FIPS 180-4
SHA2-512SHS 2737Message Length - Message Length: 8- 102400 Increment 8FIPS 180-4

Approved Algorithms: CiscoSSL FOM Cryptographic Implementation © 2021-2025 Cisco Systems, Inc.

Page 9

Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation Octeon III Family Crypyto Engine HMAC-SHA2HMAC HMAC-SHA2HMAC HMAC-SHA2HMAC Table 5: Approved Algorithms - Octeon III Family Crypyto Engine © 2021-2025 Cisco Systems, Inc.

Page 10
Service
NameDescriptionApproved FunctionsTypeProperties
CKGKey Type:AsymmetricN/ASP 800-133r2 Section 4, Method 1
KAS-ECC- KeyGen (SSHv2)KAS ECC keygen used in SSHv2 serviceCounter DRBG: (A4446) Hash DRBG: (DRBG 819) CKG: ()KAS-KeyGen CKGKeysize:128 to 256 bits encryption strength
KAS-FFC- KeyGen (SSHv2)KAS FFC keygen used in SSHv2 serviceCounter DRBG: (A4446) Hash DRBG: (DRBG 819) Safe Primes Key Generation: (A4446) Safe Prime Groups: modp- 2048, modp- 3072, modp- 4096 CKG: ()KAS-KeyGen CKGKeysize:112 to 152 bits encryption strength
KAS-ECC- KeyGen (TLSv1.2)KAS ECC keygen used in TLSv1.2 serviceCounter DRBG: (A4446) Hash DRBG:KAS-KeyGen CKGKeysize:128 to 256 bits encryption strength
Service
NameDescriptionApproved FunctionsTypeProperties
CKGKey Type:AsymmetricN/ASP 800-133r2 Section 4, Method 1
KAS-ECC- KeyGen (SSHv2)KAS ECC keygen used in SSHv2 serviceCounter DRBG: (A4446) Hash DRBG: (DRBG 819) CKG: ()KAS-KeyGen CKGKeysize:128 to 256 bits encryption strength
KAS-FFC- KeyGen (SSHv2)KAS FFC keygen used in SSHv2 serviceCounter DRBG: (A4446) Hash DRBG: (DRBG 819) Safe Primes Key Generation: (A4446) Safe Prime Groups: modp- 2048, modp- 3072, modp- 4096 CKG: ()KAS-KeyGen CKGKeysize:112 to 152 bits encryption strength
KAS-ECC- KeyGen (TLSv1.2)KAS ECC keygen used in TLSv1.2 serviceCounter DRBG: (A4446) Hash DRBG:KAS-KeyGen CKGKeysize:128 to 256 bits encryption strength
KAS-FFC- KeyGen (TLSv1.2)KAS FFC keygen used in TLSv1.2 serviceCounter DRBG: (A4446) Hash DRBG: (DRBG 819) Safe Primes Key Generation: (A4446) Safe Prime Groups: ffdhe2048, ffdhe3072, ffdhe4096 CKG: ()KAS-KeyGen CKGKeysize:112 to 152 bits encryption strength
KAS-ECC- KeyGen (IKEv2)KAS ECC keygen used in TLSv1.2 serviceCounter DRBG: (A4446) Hash DRBG: (DRBG 819) CKG: ()KAS-KeyGen CKGKeysize:128 to 256 bits encryption strength
KAS-FFC- KeyGen (IKEv2)KAS FFC keygen used in IKEv2 serviceCounter DRBG: (A4446) Hash DRBG: (DRBG 819) Safe Primes Key Generation: (A4446) Safe Prime Groups: modp- 2048, modp- 3072, modp- 4096 CKG: ()KAS-KeyGen CKGKeysize:112 to 152 bits encryption strength
KAS-ECC (SSHv2)KAS-ECC for SSHv2 serviceKAS-ECC-SSC Sp800-56Ar3: (A4446) KDF SSH: (A4446)KAS-FullSecurity Strength:Provides between 128 and 256 bits of encryption strength
KAS-FFC (SSHv2)KAS-FFC SSHv2 serviceKDF SSH: (A4446) KAS-FFC-SSC Sp800-56Ar3: (A4446) Safe-Prime Groups:: modp- 2048, modp- 3072, modp- 4096KAS-FullSecurity Strength:Provides between 112 to 152 bits of encryption strength
KAS-ECC (TLSv1.2)KAS-ECC for TLSv1.2 serviceKAS-ECC-SSC Sp800-56Ar3: (A4446) TLS v1.2 KDF RFC7627: (A4446)KAS-FullSecurity Strength:Provides between 128 and 256 bits of encryption strength
KAS-FFC (TLSv1.2)KAS-FFC for TLSv1.2 serviceTLS v1.2 KDF RFC7627: (A4446) KAS-FFC-SSC Sp800-56Ar3: (A4446) Safe-Prime Groups: ffdhe2048, ffdhe3082, ffdhe4096KAS-FullSecurity Strength:Provides 112-152 bits of encryption strength
KAS-ECC (IKEv2)KAS-ECC for IKEv2 ServiceKAS-ECC-SSC Sp800-56Ar3: (A4446) KDF IKEv2: (A4446)KAS-FullSecurity Strength:Provides between 128 and 256 bits of encryption strength
KAS-FFC (IKEv2)KAS-FFC for IKEv2 serviceKAS-FFC-SSC Sp800-56Ar3: (A4446) Safe-Prime Groups: modp- 2048, modp- 3072, modp- 4096 KDF IKEv2: (A4446)KAS-FullSecurity Strength:Provides between 112 and 152 bits of encryption strength
KTS (TLSv1.2 with AES and HMAC)KTS via TLSv1.2 service by using AES and HMACAES-CBC: (A4446) Key Length: 128, 256 HMAC-SHA-1: (A4446) HMAC-SHA2- 256: (A4446) HMAC-SHA2- 384: (A4446) SHA-1: (A4446) SHA2-256: (A4446) SHA2-384: (A4446)KTS-WrapSecurity Strength:Provides between 128 and 256 bits of encryption strength
KTS (TLSv1.2 with AES-GCM)KTS via TLSv1.2 service by using AES- GCMAES-GCM: (A4446) Key Length: 128, 256KTS-WrapSecurity Strength:Provides between 128 and 256 bits of encryption strength
KTS (SSHv2 with AES and HMAC)KTS via SSHv2 service by using AES and HMACAES-CBC: (A4446) Key Length: 128, 256 HMAC-SHA-1: (A4446) HMAC-SHA2- 256: (A4446) SHA-1: (A4446) SHA2-256: (A4446)KTS-WrapSecurity Strength:Provides between 128 and 256 bits of encryption strength
KTS (SSHv2 with AES-GCM)KTS via SSHv2 service by using AES-GCMAES-GCM: (A4446) Key Length: 128, 256KTS-WrapSecurity Strength:Provides between 128 and 256 bits of encryption strength
RSA KeyGen (SSHv2, TLSv1.2, IKEv2)RSA KeyGen for SSHv2, TLSv1.2, and IKEv2 servicesRSA KeyGen (FIPS186-4): (A4446) Counter DRBG: (A4446) Hash DRBG: (DRBG 819) CKG: ()AsymKeyPair- KeyGen CKG
ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)ECDSA KeyGen for TLSv1.2 and IKEv2 servicesECDSA KeyGen (FIPS186-4): (A4446) Counter DRBG: (A4446) Hash DRBG: (DRBG 819) CKG: ()AsymKeyPair- KeyGen CKG
RSA SigGen (SSHv2, TLSv1.2, IKEv2)RSA SigGen for SSHv2, TLSv1.2, and IKEv2 servicesRSA SigGen (FIPS186-4): (A4446)DigSig-SigGen
ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2)ECDSA SigGen for TLSv1.2, and IKEv2 servicesECDSA SigGen (FIPS186-4): (A4446)DigSig-SigGen

Vendor-Affirmed Algorithms: Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations

KAS-ECCKeyGen KAS-FFCKeyGen KAS-ECCKeyGen © 2021-2025 Cisco Systems, Inc. Groups: modp2048, modp3072, modp4096

Page 11

KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. Groups: modp2048, modp3072, modp4096 Groups:: modp2048, modp3072, modp4096

Page 12

© 2021-2025 Cisco Systems, Inc. Groups: modpstrength 2048, modp3072, modp4096

Page 13

AsymKeyPairKeyGen AsymKeyPairKeyGen © 2021-2025 Cisco Systems, Inc.

Page 14
Service
NameDescriptionApproved FunctionsType
RSA SigVer (SSHv2, TLSv1.2, and IKEv2)RSA SigVer for SSHv2, TLSv1.2, and IKEv2 servicesRSA SigVer (FIPS186-4): (A4446)DigSig-SigVer
ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2)ECDSA SigVer for TLSv1.2 and IKEv2 servicesECDSA SigVer (FIPS186-4): (A4446)DigSig-SigVer
Block Cipher (SSHv2)Block Cipher for SSHv2 serviceAES-CBC: (A4446) Key Length: 128, 256 AES-GCM: (A4446) Key Length: 128, 256BC-Auth BC-UnAuth
Block Cipher (TLSv1.2)Block Cipher for TLSv1.2 serviceAES-GCM: (A4446) Key Length: 128, 256 AES-CBC: (A4446) Key Length: 128, 256BC-Auth BC-UnAuth
Block Cipher (IPSec/IKE)Block Cipher for IPSec/IKEv2 serviceAES-CBC: (A4446, AES 3301) AES-GCM: (A4446, AES 3301)BC-Auth BC-UnAuth
Block Cipher (SNMPv3)Block Cipher for SNMPv3 serviceAES-CBC: (A4446) KDF SNMP: (A4446)BC-UnAuth
MAC (SSHv2)MAC for SSHv2 serviceHMAC-SHA-1: (A4446) HMAC-SHA2- 256: (A4446) SHA-1: (A4446) SHA2-256: (A4446)MAC
MAC (TLSv1.2)Message Authentication for TLSv1.2 servicesHMAC-SHA-1: (A4446) HMAC-SHA2- 256: (A4446) HMAC-SHA2- 384: (A4446) SHA-1: (A4446) SHA2-256:MAC
MAC (IPSec/IKEv2)Message Authentication for IPSec/IKEv2 servicesHMAC-SHA2- 256: (A4446, HMAC 2095) HMAC-SHA2- 384: (A4446, HMAC 2095) HMAC-SHA2- 512: (A4446, HMAC 2095) SHA2-256: (A4446, SHS 2737) SHA2-384: (A4446, SHS 2737) SHA2-512: (A4446, SHS 2737) HMAC-SHA-1: (HMAC 2095) SHA-1: (SHS 2737)MAC
MAC (SNMPv3)Message Authentication for SNMPv3 serviceHMAC-SHA-1: (A4446) SHA-1: (A4446) KDF SNMP: (A4446) HMAC-SHA2- 256: (A4446) HMAC-SHA2- 384: (A4446) SHA2-256: (A4446) SHA2-384: (A4446) HMAC-SHA2- 224: (A4446) SHA2-224: (A4446)MAC
Firmware Load TestMAC for firmware load testHMAC-SHA2- 512: (A4446)MAC
Page 15

Table 7: Security Function Implementations © 2021-2025 Cisco Systems, Inc.

Page 16
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Cisco Jitter Entropy SourceNon- Physical256 bitsIntel Xeon D-1526 (Broadwell), Intel Xeon D-1528 (Broadwell), Intel Xeon D-1548 (Broadwell), Intel Xeon D-1577(Broadwell)Full EntropyA2810 (SHA3- 256)
CertVendor Name
Number
E3Cisco Systems, Inc.
2.7 Algorithm Specific Information
2.8 RBG and Entropy

Table 8: Entropy Certificates NonPhysical Table 9: Entropy Sources A2810 (SHA3256) The module implements two approved DRBGs based on SP800-90Arev1, including CRT_DRBG with Algo Cert. #A4446, and HASH_DRBG with DRBG Algo Cert. #819.

Page 17

Those two DRBGs are used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). Each DRBG is seeded by the entropy source described in the table above. The CTR_DRBG (AES-128/192/256) enables Derivation Function capability, and the HASH_DRBG (SHA2-512) doesn’t support Prediction Resistance. Each DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy) and provides at least 256 bits security strength for the cryptographic keys generation while in the approved mode. The Cisco JENT entropy source implementation generates an output that is considered to have full entropy. More information can be found in the public use document for ESV cert #E3.

2.9 Key Generation

The module generates RSA, ECDSA, ECDH, and DH asymmetric key pairs compliant with FIPS 186-4, using a NIST SP 800-90Arev1 DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section

5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an

approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).

2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation:

7919 (TLS) and RFC 3526 (IKE).

o SSH (RFC 4419): MODP-2048 (ID =

  1. MODP-3072 (ID =
  2. MODP-4096 (ID = 16) o TLS (RFC 7919): ffdhe2048 (ID = 256) ffdhe3072 (ID = 257) ffdhe4096 (ID = 258) o IKE (RFC 3526): MODP-2048 (ID =
  3. MODP-3072 (ID =
  4. MODP-4096 (ID = 16) © 2021-2025 Cisco Systems, Inc.
Page 18
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Ethernet Port, SFP (1G) port, SFP+ (10G) port, and Console PortEthernet Port, SFP (1G) port, SFP+ (10G) port, and Console PortData InputData input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP (1G) port, SFP+ (10G) port and Console PortEthernet Port, SFP (1G) port, SFP+ (10G) port and Console PortData OutputData output from the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and RESETEthernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and RESETControl InputControl Data input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and LEDsEthernet Port, SFP (1G) port, SFP+ (10G) port, Console Port and LEDsStatus OutputStatus Information output from the module.
N/AN/AControl OutputN/A
PowerPowerPowerProvide the Power Supply to the module.
2.11 Industry Protocols

The module supports SSHv2, TLS v1.2, SNMPv3 and IPsec/IKEv2 industrial protocols. Please refer to SSPs Table for more information. No parts of IPSec/IKEv2, SNMPv3, SSH and TLS protocols, other than the KDFs, have been tested by the CAVP and CMVP.

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

N/A Table 10: Ports and Interfaces N/A The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided © 2021-2025 Cisco Systems, Inc.

Page 19
Sensitive security parameter
NameDescriptionStrengthStrength per Minute
PasswordThe minimum length is eight (8) characters (94 possible characters). The configuration supports at most ten failed attempts to authenticate in a one- minute period.The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000.Password BasedThe probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000.
RSA- Based CertificateThe modules support RSA public-key based authentication mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000.The probability that a random attempt will succeed is 1/(2^112). Please refer to Description section in this table for more detailsRSA SigVer (FIPS186-4) (A4446)the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112). Please refer to Description section in this table for more details
ECDSA- Based CertificateThe modules support ECDSA public-key based authentication mechanism using aThe probability that a random attempt will succeed isECDSA SigVer (FIPS186-4) (A4446)the probability of successfully authenticating to the module within a one
4 Roles, Services, and Authentication
4.1 Authentication Methods

RSABased ECDSABased © 2021-2025 Cisco Systems, Inc.

Page 20
Service
NameRole AccessType
Crypto OfficerCOIdentityPassword RSA-Based Certificate ECDSA-Based Certificate
UserUserIdentityPassword RSA-Based Certificate ECDSA-Based Certificate
MethodDescriptionSecurityStrengthStrength per Minute
NameMechanismEach Attempt
minimum of curve P- 256, which provides 128 bits of security strength. The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000.1/(2^128) which is less than 1/1,000,000. Please refer to Description section in this table for more detailsminute period is 17,000 * 60 = 1,020,000/(2^128). Please refer to Description section in this table for more details

and the User role. The module also allows the concurrent operators.

4.2 Roles
4.3 Approved Services
Page 21
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Show StatusProvide Module's current status (return codes and/or syslog messages)Crypto Officer UserNoneGlobal Indicator or Syslog MessageCommand used to show Module's StatusModule's Operationa l Status
Show VersionProvide Module's name and version informationCrypto Officer UserNoneConsole MessageCommand to show versionModule's ID and versioning information
Perform Self-TestsReload the module to perform Self-Tests (Pre- operational self-test and Conditional Self-Tests)Crypto Officer User Unauthentic atedNoneGlobal Indicator or syslog messageCommand to trigger reload or Removal and reconnecti on of power supplyStatus of the self- tests results
Perform ZeroizationPerform ZeroizationCrypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State (V, Key): Z - DRBG Internal State (V, C): Z - User Password: Z - Crypto Officer Password: Z - RADIUS Secret: Z - TACACS+ Secret: ZNoneSyslog messageCommand to zeroize the moduleStatus of the SSPs zeroization

n (Preoperational the selftests Z © 2021-2025 Cisco Systems, Inc.

Page 22
Service
NameDescriptioSecurity
nnFunctions
nnFunctions
nnFunctions
Page 25
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure NetworkSets configurati on of the systemsCrypto OfficerNoneNoneCommand s to configure the networkStatus of the completion of network configurati on status
Crypto Officer Authenticat ionCO Role Authenticat ionCrypto Officer - Crypto Officer Password: W,ZNoneN/ACO Authenticat ion RequestStatus of the CO authenticat ion
User Authenticat ionUser Role Authenticat ionUser - User Password: W,ZNoneN/AUser role authenticat ion requestStatus of the User role authenticat ion
Configure Bypass CapabilitySets the Bypass capabilityCrypto OfficerNoneNoneCLI Bypass commandsStatus of the completion of Bypass capability configurati on
Configure SSHv2 FunctionConfigure SSHv2 FunctionCrypto Officer - SSH DH Private Key: W,E - SSH DH Public Key:KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) KAS-ECCGlobal Indicator and SSHv2 configurat ion successCommand s to configure SSHv2Status of the completion of the SSHv2 configurati on

n N/A N/A © 2021-2025 Cisco Systems, Inc. Z W,Z W,Z KAS-ECCKeyGen KAS-FFCKeyGen W,E

Page 26
Service
NameCsps AccessedIndicatorDescriptioSecurity
nnFunctions
status messageW,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH Private Key: W,E - SSH ECDH Public Key: W,E - SSH Peer ECDH Public Key: W,E - SSH ECDH Shared Secret: W,E - SSH RSA Private Key: W,E - SSH RSA Public Key: W,E - SSH ECDSA Private Key: W,E - SSH ECDSA Public Key: W,E - SSH Session Encryption Key: W,E - SSH Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internalstatus message(SSHv2) KAS-FFC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2)

n © 2021-2025 Cisco Systems, Inc. with AESGCM) W,E W,E W,E W,E W,E W,E W,E W,E

Page 27
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure HTTPS over TLSv1.2 FunctionConfigure HTTPS over TLSv1.2 FunctionCrypto Officer - TLS DH Private Key: W,E - TLS DH Public Key: W,E - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key: W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E - TLS RSA Private Key: W,E - TLS RSAKAS-ECC- KeyGen (TLSv1.2) KAS-FFC- KeyGen (TLSv1.2) KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2)Global Indicator and HTTPS over TLSv1.2 configurat ion success status messageCommand s to configure TLSv1.2Status of the completion of TLSv1.2 configurati on
RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2)Public Key: W,E - TLS Master Secret: W,E - TLS Session Encryption Key: W,E - TLS Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State (V, Key): W,E - DRBG Internal State (V, C): W,ERSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2)
Configure IPsec/IKEv 2 FunctionConfigure IPSec/IKEv 2 FunctionCrypto Officer - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: W,E - IPSec/IKE ECDH Private Key: W,E - IPSec/IKE ECDH Public Key: W,E - IPSec/IKEKAS-ECC- KeyGen (IKEv2) KAS-FFC- KeyGen (IKEv2) KAS-ECC (IKEv2) KAS-FFC (IKEv2) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2,Global Indicator with IPsec/IKE v2 configurat ion success status messageCommand s to configure IPsec/IKEv 2Status of the completion of IPsec/IKEv 2 configurati on

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen with AESGCM) W,E W,E W,E W,E W,E W,E W,E W,E W,E

Page 28

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen W,E W,E W,E W,E W,E

Page 29
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE ) MAC (IPSec/IKE v2)Peer ECDH Public Key: W,E - IPSec/IKE ECDH Shared Secret: W,E - IPSec/IKE ECDSA Private Key: W,E - IPSec/IKE ECDSA Public Key: W,E - IPSec/IKE RSA Private Key: W,E - IPSec/IKE RSA Public Key: W,E - IPSec/IKE Pre-shared Secret: W,E - SKEYSEED: W,E - IPSec/IKE Session Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State (V, Key): W,E - DRBG Internal State (V, C): W,EIKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE ) MAC (IPSec/IKE v2)
Page 30
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run SSHv2 FunctionExecute SSHv2 FunctionCrypto Officer - SSH DH Public Key: W,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH Private Key: W,E - SSH ECDH Public Key: W,E - SSH Peer ECDH Public Key: W,E - SSH ECDH Shared Secret: W,E - SSH RSA Private Key: W,E - SSH RSA Public Key: W,E - SSH ECDSA Private Key: W,E - SSH ECDSA Public Key: W,E - SSH Session Encryption Key: W,E - SSH Session Authenticatio n Key: W,E - DRBG Entropy Input: W,EKAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) KAS-ECC (SSHv2) KAS-FFC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2)Global Indicator and successfu l SSHv2 log messageInitiate SSHv2 tunnel establishm entStatus of SSHv2 tunnel establishm ent

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen with AESGCM) W,E W,E W,E W,E W,E W,E W,E W,E

Page 31
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
Block Cipher (SSHv2) MAC (SSHv2)- DRBG Seed: W,E - DRBG Internal State (V, Key): W,E - DRBG Internal State (V, C): W,E - RADIUS Secret: R,E - TACACS+ Secret: R,E User - SSH DH Private Key: W,E - SSH DH Public Key: W,E - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: W,E - SSH ECDH Private Key: W,E - SSH ECDH Public Key: W,E - SSH Peer ECDH Public Key: W,E - SSH ECDH Shared Secret: W,E - SSH RSA Private Key: W,E - SSH RSA Public Key: W,E - SSH ECDSA Private Key:Block Cipher (SSHv2) MAC (SSHv2)
Page 32
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run HTTPS over TLSv1.2 FunctionExecute HTTPS over TLSv1.2 functionCrypto Officer - TLS DH Private Key: W,E - TLS DH Public Key: W,E - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: W,E - TLS ECDH Private Key: W,E - TLS ECDH Public Key:KAS-ECC- KeyGen (TLSv1.2) KAS-FFC- KeyGen (TLSv1.2) KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM)Global Indicator and successfu l HTTPS over TLSv1.2 log messageInitiate TLSv1.2 tunnel establishm ent requestStatus of TLSv1.2 tunnel establishm ent

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen with AESGCM) W,E W,E W,E W,E W,E W,E

Page 33
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2)W,E - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: W,E - TLS ECDSA Private Key: W,E - TLS ECDSA Public Key: W,E - TLS RSA Private Key: W,E - TLS RSA Public Key: W,E - TLS Master Secret: W,E - TLS Session Encryption Key: W,E - TLS Session Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State (V, Key): W,E - DRBG Internal State (V, C): W,E User - TLS DH Private Key: W,ERSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2)
Page 34
Service
NameDescriptioSecurity
nnFunctions
Page 35
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run IPSec/IKEv 2 FunctionExecute IPsec/IKEv 2 FunctionCrypto Officer - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: W,E - IPSec/IKE ECDH Private Key: W,E - IPSec/IKE ECDH Public Key: W,E - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKE ECDH Shared Secret: W,E - IPSec/IKE ECDSA Private Key: W,E - IPSec/IKE ECDSA Public Key: W,EKAS-ECC- KeyGen (IKEv2) KAS-FFC- KeyGen (IKEv2) KAS-ECC (IKEv2) KAS-FFC (IKEv2) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2,Global Indicator and succesful IPsec/IKE v2 log messageInitiate IPsec/IKEv 2 tunnel establishm ent requestStatus of IPSec/IKE v2 tunnel establishm ent

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen W,E W,E W,E W,E W,E W,E W,E

Page 36
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
and IKEv2) Block Cipher (IPSec/IKE ) MAC (IPSec/IKE v2)- IPSec/IKE RSA Private Key: W,E - IPSec/IKE RSA Public Key: W,E - IPSec/IKE Pre-shared Secret: W,E - SKEYSEED: W,E - IPSec/IKE Session Encryption Key: W,E - IPSec/IKE Authenticatio n Key: W,E - DRBG Entropy Input: W,E - DRBG Seed: W,E - DRBG Internal State (V, Key): W,E - DRBG Internal State (V, C): W,E User - IPSec/IKE DH Private Key: W,E - IPSec/IKE DH Public Key: W,E - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: W,E - IPSec/IKE ECDH Private Key:and IKEv2) Block Cipher (IPSec/IKE ) MAC (IPSec/IKE v2)
Page 37
Service
NameDescriptioSecurity
nnFunctions
Page 38
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure SNMPv3 FunctionConfigure SNMPv3 FunctionCrypto Officer - SNMPv3 Shared Secret: W,E - SNMPv3 Encryption Key: W,E - SNMPv3 Authenticatio n Key: W,EBlock Cipher (SNMPv3) MAC (SNMPv3)Global Indicator and SNMPv3 configurat ion success status messageCommand s to configure SNMPv3Status of the completion of SNMPv3 configurati on
Run SNMPv3 FunctionExecute SNMPv3 FunctionCrypto Officer UserBlock Cipher (SNMPv3) MAC (SNMPv3)Global Indicator and successfu l SNMPv3 log messageInitiate SNMPv3 tunnel establishm ent requestStatus of SNMPv3 tunnel establishm ent
Firmware UpdateUpdate the existing FirmwareCrypto Officer - Firmware Load Test Key: RFirmware Load TestGlobal indicator and successfu l Firmware Loading status messageCommand s to load new firmware imageOutcome of the Firmware Update
4.4 Non-Approved Services
4.5 External Software/Firmware Loaded

The module supports the firmware load test by using HMAC-SHA2-512 (HMAC Cert. #A4446) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to complete firmware update service, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not © 2021-2025 Cisco Systems, Inc.

Page 39

performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails.

4.6 Bypass Actions and Status

The module implements alternating Bypass service. Traffic output from the module’s data output interface can be cryptographically protected via IPSec/IKE VPN, or passed as plaintext (Bypass state), depending on the VPN tunnel establishment on the dedicated data output interface. The operator shall assume Crypto Officer role so as to configure IPSec/IKE VPN capability. If no IPSec/IKE VPN was configured, after running two independent internal actions, Module would enter the Bypass state. Before the module executes the Bypass service (sending out plaintext traffic via the data output interface), the module would conduct two independent internal actions to prevent the inadvertent bypass of plaintext data due to a single error. The Crypto Officer can use commands “show access-list” and “show crypto ipsec sa” to verify the module’s Bypass status. In Bypass tests fail, the module would enter an error state, and drop the traffic.

4.7 Cryptographic Output Actions and Status

The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.

4.8 Additional Information

The module supports Unauthenticated service, where the unauthenticated users can run the self-test service by power-cycling the module.

5 Software/Firmware Security
5.1 Integrity Techniques

The module is provided in the form of binary executable code. To ensure firmware security, the module is protected by RSA 2048 bits with SHA2-512 (RSA Cert. #A4446) algorithm. A Firmware Integrity Test Key (non-SSP) was preloaded to the module’s binary at the factory and used for firmware integrity test only at the pre-operational self-test. The module uses the RSA

2048 bits modulus public key to verify the digital signature. If the firmware integrity test fails, the

module would enter to an Error state with all crypto functionality inhibited.

5.2 Initiate on Demand

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the firmware integrity test on-demand. © 2021-2025 Cisco Systems, Inc.

Page 40
MechanismInspectionInspection Guidance
Frequency
Tamper labels (9) with Part number: AIR-AP-FIPSKIT=Recommend 30 DaysVisible inspection of platform for residual evidence of tampering
Opacity shield (1) with Part number: FPR-2100-FIPS-KIT=Recommend 30 DaysVisible inspection of platform for evidence of tampering, removal or access
6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited

7 Physical Security
7.1 Mechanisms and Actions Required

Table 14: Mechanisms and Actions Required Step 1: Turn off and unplug the module. Step 2: Clean the chassis of any grease, dirt, oil or any other material other than the surface coating from manufacture before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Step 3: Apply a label to cover the module as shown in the figures below. The tamper evident labels are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the module will damage the tamper evident labels or the material of the security appliance cover. Because the tamper evident labels have non-repeated serial numbers, they may be inspected for damage and compared against the applied serial numbers to verify that the security appliance has not been tampered with. Tamper evident labels can also be inspected for signs of tampering, which include the following: curled corners, rips, and slices. The word “FIPS” may appear if the label was peeled back.

7.2 User Placed Tamper Seals

Number: Nine (9) Placement: Figure 3 Module front view with opacity shield © 2021-2025 Cisco Systems, Inc.

Page 41

Figure 4 FRP 2110/2120 back view TEL 1 Figure 5 FRP 2130/2140 back view TEL 1 TEL 6 TEL 2 TEL 4 TEL 1 TEL 5 TEL 6 TEL 3 Figure 6 FRP 2110/2120 top view with opacity shield © 2021-2025 Cisco Systems, Inc.

Page 42

TEL 2 TEL 4 TEL 1 TEL 5 TEL 6 TEL 3 Figure 7 FRP 2130/2140 top view with opacity shield TEL 7 TEL 8 TEL 9 Figure 8 Module’s bottom view with opacity shield © 2021-2025 Cisco Systems, Inc.

Page 43

TEL 6 TEL 2 Figure 9 Module’s left view with opacity shield TEL 3 Figure 10 Module’s right view with opacity shield Surface Preparation: Clean the chassis of any grease, dirt, or oil before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Operator Responsible for Securing Unused Seals: It is recommended seals be stored in a secure location under controlled access Part Numbers: AIR-AP-FIPSKIT=

7.3 Filler Panels

2110, 2120, 2130 and 2140 Opacity Shield FPR-2100-FIPS-KIT= Step 1: Attach the Slide Rail Locking Bracket, #2 in diagram to the Side of the Chassis using the countersink screws #3 in diagram. Step 2: Attach the Cable Management Bracket (#1) to the Slide Rail Locking Bracket (#2) using the countersink screws (#3) © 2021-2025 Cisco Systems, Inc.

Page 44

Step 3: Route the Cables through the Cable Management Brackets Step 4: Attach the FIPS Opacity Shield (#1) to the Cable Management Brackets (#3) using the countersink screws (#2) © 2021-2025 Cisco Systems, Inc.

Page 45
Sensitive security parameter
NameTypeDescription
DRAMDynamicVolatile Memory
FlashStaticNon-Volatile Memory
Service
NameApproved FunctionsTypeFromToDistributio n Type
Peer Public Key InputElectroni cPlaintextExternal (Outside of the Module'sModuleAutomated

Figure 11 Opacity Shield Brackets

8 Non-Invasive Security
9 Sensitive Security Parameters Management
9.1 Storage Areas
9.2 SSP Input-Output Methods
Page 46
Service
NameApproved FunctionsTypeFrom Boundary )ToDistributio n TypeEntry Type
Module Public Key OutputPlaintextModuleExternal (Outside of the Module's Boundary )AutomatedElectroni c
Password/Secre t Input via SSHv2 encrypted by GCMKTS (SSHv2 with AES- GCM)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via SSHv2 encrypted by AES and HMACKTS (SSHv2 with AES and HMAC)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via TLS encrypted by GCMKTS (TLSv1.2 with AES- GCM)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via TLS encrypted by AES and HMACKTS (TLSv1.2 with AES and HMAC)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
ZeroizationDescriptionRationaleOperator
MethodInitiation
Zeroization CommandCO issues zeroization servicethe zeroization command will erase all SSPs stored in the DRAM or in the Flash of the module.'configure factory-default'

) ) ) ) ) m ) c d c with AESGCM) d c d c with AESGCM) d c Table 16: SSP Input-Output Methods

9.3 SSP Zeroization Methods

Table 17: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement. © 2021-2025 Cisco Systems, Inc.

Page 47
Sensitive security parameter
NameTypeDescriptionStrengthUse
DRBG Entropy InputEntropy Input - CSPUsed to seed the DRBG384 bits - at least 256 bitsCounter DRBG (A4446) Hash DRBG (DRBG 819)
DRBG SeedDRBG Seed - CSPUsed in DRBG Generation256 bits - 256 bitsCounter DRBG (A4446) Hash DRBG (DRBG 819)
DRBG Internal State (V, Key)DRBG Internal State - CSPUsed in DRBG Generation256 bits - 256 bitsCounter DRBG (A4446)
DRBG Internal State (V, C)DRBG Internal State - CSPUsed in DRBG Generation256 bits - 256 bitsHash DRBG (DRBG 819)
User PasswordAuthenticati on Data - CSPUser authenticati on8-30 Characte rs - 8-30 Characte rs
Crypto Officer PasswordAuthenticati on Data - CSPCrypto Officer authenticati on8-30 Characte rs - 8-30 Characte rs
RADIUS SecretAuthenticati on Data - CSPRADIUS Server Authenticati on16 Characte rs - 16 Characte rs
TACACS+ SecretAuthenticati on Data - CSPTACACS+ Authenticati on16 Characte rs - 16 Characte rs
Firmware Load Test KeyPublic Key - CSPUsed for Firmware Load Test112 bits - 112 bitsFirmware Load Test
9.4 SSPs
Page 48
Sensitive security parameter
NameTypeDescriptionStrengthUse
SSH DH Private KeyPrivate Key - CSPUsed to derive the SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)KAS- FFC- KeyGen (SSHv2)
SSH DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)Safe Primes Key Generatio n (A4446)
SSH Peer DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)
SSH DH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKDF SSH (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)
SSH ECDH Private KeyPrivate Key - CSPUsed to derive the SSH ECDH Shared SecretCurves: 256, 384, 521 bits - 128 to 256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS- ECC- KeyGen (SSHv2)
SSH ECDH Public KeyPublic Key - PSPUsed to derive SSH ECDHE Shared SecretCurves: 256, 384, 521 bits - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
SSH Peer ECDH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretCurves: 256, 384, 521 bits - 128 to 256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
SSH ECDH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysCurves: 256, 384, 521 bits - 128 to 256 bitsKDF SSH (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)
SSH RSA Private KeyPrivate Key - CSPUsed for SSH session authenticati onModulus 2048 and 3072 bits - 112- 128 bitsRSA SigGen (FIPS186-4) (A4446)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH RSA Public KeyPublic Key - PSPUsed for SSH sessions aiuthenticati onModulus 2048 and 3072 bits - 112- 128 bitsRSA SigVer (FIPS186-4) (A4446)RSA KeyGen (FIPS186- 4) (A4446)
SSH ECDSA Private KeyPrivate Key - CSPUsed for SSH session authenticati onCurves: 256, 384, 521 bits - 128 to 256 bitsECDSA SigGen (FIPS186-4) (A4446)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
SSH ECDSA Public KeyPublic Key - PSPUsed for SSH sessions aiuthenticati onCurves: 256, 384, 521 bits - 128 to 256 bitsECDSA SigVer (FIPS186-4) (A4446)ECDSA KeyGen (FIPS186- 4) (A4446)
SSH Session Encryption KeySession Key - CSPUsed for SSH Session confidentialit y protection128-256 bits - 128-256 bitsBlock Cipher (SSHv2)KDF SSH (A4446)
SSH Session Authenticati on KeySession Key - CSPUsed for SSH Session integrity protectionAt least 160 bits - At least 160 bitsMAC (SSHv2)KDF SSH (A4446)
TLS DH Private KeyPrivate Key - CSPUsed to Derive TLS DH Shared Secretffdhe204 8, ffdhe307 2, ffdhe409 6 - 112- 152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)KAS- FFC- KeyGen (TLSv1.2 )
TLS DH Public KeyPublic Key - PSPUsed to Derive TLSffdhe204 8,KAS-FFC- SSCSafe Primes
DH Shared SecretDH Shared Secretffdhe307 2, ffdhe409 6 - 112- 152 bitsSp800- 56Ar3 (A4446)Key Generatio n (A4446)
TLS Peer DH Public KeyPublic Key - PSPUsed to derive TLS DH Shared Secretffdhe204 8, ffdhe307 2, ffdhe409 6 - 112- 152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)
TLS DH Shared SecretShared Secret - CSPUsed to Derive TLS Session Encryption Key and TLS Session Authenticati on Keyffdhe204 8, ffdhe307 2, ffdhe409 6 - 112- 152 bitsTLS v1.2 KDF RFC7627 (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)
TLS ECDH Private KeyPrivate Key - CSPUsed to Derive TLS ECDH Shared SecretCurves P-256, P- 384, and P-521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS- ECC- KeyGen (TLSv1.2 )
TLS ECDH Public KeyPublic Key - PSPUsed to Derive TS ECDH Shared SecretCurves P-256, P- 384, and P-521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
TLS Peer ECDH Public KeyPublic Key - PSPUsed to derive IKE ECDH Shared SecretCurves: P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
TLS ECDH Shared SecretShared Secret - CSPUsed to Derive TLS Session Encryption Key and TLS Session Authenticati on KeyCurves p-256, P- 384, P- 521 - 128-256 bitsTLS v1.2 KDF RFC7627 (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)
TLS ECDSA Private KeyPrivate Key - CSPUsed to support CO and Admin HTTPS interfacesCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigGen (FIPS186-4) (A4446)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
TLS ECDSA Public KeyPublic Key - PSPUsed to support CO and User HTTPS InterfacesCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigVer (FIPS186-4) (A4446)ECDSA KeyGen (FIPS186- 4) (A4446)
TLS RSA Private KeyPrivate Key - CSPUsed to support CO and Admin HTTPS InterfacesModulus 2048 and 3072 bits - 112- 128 bitsRSA SigGen (FIPS186-4) (A4446)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS RSA Public KeyPublic Key - PSPUsed to support CO and User HTTPS interfacesModulus 2048 and 3072 bits - 112- 128 bitsRSA SigVer (FIPS186-4) (A4446)RSA KeyGen (FIPS186- 4) (A4446)
TLS Master SecretMaster Secret - CSPUsed to protect HTTPS Session. Pre-master secretAt least 112 bits - At least 112 bitsTLS v1.2 KDF RFC7627 (A4446)
TLS Session Encryption KeySession Key - CSPUsed to protect HTTPS Session. TLS Master secret128-256 bits - 128-256 bitsBlock Cipher (TLSv1.2)TLS v1.2 KDF RFC7627 (A4446)
TLS Session Authenticati on KeySession Key - CSPUsed to protect HTTPS Session. TLS master secretat least 112 bits - at least 112 bitsMAC (TLSv1.2)TLS v1.2 KDF RFC7627 (A4446)
IPSec/IKE DH Private KeyPrivate Key - CSPUsed to derive IPSec/IKE DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)KAS- FFC- KeyGen (IKEv2)
IPSec/IKE DH Public KeyPublic Key - PSPUsed to derive IPSec/IKE DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)Safe Primes Key Generatio n (A4446)
IPSec/IKE Peer DH Public KeyPublic Key - PSPUsed to derive IPSec/IKE DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)
IPSec/IKE DH Shared SecretShared Secret - CSPUsed to derive IPSec/IKE Session Encryption Keys, IPSec/IKE Authenticati on KeysMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKDF IKEv2 (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)
IPSec/IKE ECDH Private KeyPrivate Key - CSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS- ECC- KeyGen (IKEv2)
IPSec/IKE ECDH Public KeyPublic Key - PSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
IPSec/IKE Peer ECDH Public KeyPublic Key - PSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
IPSec/IKE ECDH Shared SecretShared Secret - CSPUsed to derive IPSec/IKE ECDHCurves P-256, P- 384, P- 521 -KDF IKEv2 (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)
Shared SecretsShared Secrets128-256 bits
IPSec/IKE ECDSA Private KeyPrivate Key - CSPUsed for IPSec/IKE peer authenticati onCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigGen (FIPS186-4) (A4446)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
IPSec/IKE ECDSA Public KeyPublic Key - PSPUsed for IPSec/IKE peer authenticati onCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigVer (FIPS186-4) (A4446)ECDSA KeyGen (FIPS186- 4) (A4446)
IPSec/IKE RSA Private KeyPrivate Key - CSPUsed for IPSec/IKE peer authenticati onModulus 2048 or 3072 - 112 or 128 bitsRSA SigGen (FIPS186-4) (A4446)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
IPSec/IKE RSA Public KeyPublic Key - PSPUsed for IPSec/IKE peer authenticati onModulus 2048 or 3072 - 112 or 128 bitsRSA SigVer (FIPS186-4) (A4446)RSA KeyGen (FIPS186- 4) (A4446)
IPSec/IKE Pre-shared Secretshared secret - CSPUsed for IPSec/IKE peer authenticati on16-32 bytes character s - 16-32 bytes character sKDF IKEv2 (A4446)
SKEYSEEDKeying Material - CSPKeying material used to derive the IPSec/IKE Session Encryption Key and IPSec/IKE Authenticati on Key160 bits - 160 bitsKDF IKEv2 (A4446)
IPSec/IKE Session Encryption KeySession Key - CSPUsed to secure IPSec/IKEv2 session confidentialit y128-256 bits - 128-256 bitsBlock Cipher (IPSec/IKE)KDF IKEv2 (A4446)

© 2021-2025 Cisco Systems, Inc. MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, KASFFCKeyGen KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KASECCKeyGen KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3

Page 49

© 2021-2025 Cisco Systems, Inc. - 112128 bits - 112128 bits KAS-ECCSSC Sp80056Ar3 (FIPS1864) (A4446) (FIPS1864) (A4446) 8, 2,

6 - 112152 bits

8, KASFFCKeyGen ) KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC

Page 50
6 - 112152 bits
6 - 112152 bits
6 - 112152 bits

P-256, P384, P521 128-256 p-256, P384, P521 128-256 Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KASECCKeyGen ) KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3

Page 51

© 2021-2025 Cisco Systems, Inc. P-256, P384, P521 128-256 P-256, P384, P521 128-256 - 112128 bits - 112128 bits MODP2048, MODP3072, (FIPS1864) (A4446) (FIPS1864) (A4446) KASFFCKeyGen KAS-FFCSSC Sp80056Ar3

Page 52

© 2021-2025 Cisco Systems, Inc. MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, P-256, P384, P521 128-256 P-256, P384, P521 128-256 P-256, P384, P521 128-256 P-256, P384, P521 KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KASECCKeyGen KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3

Page 53

y © 2021-2025 Cisco Systems, Inc. P-256, P384, P521 128-256 P-256, P384, P521 128-256 s (FIPS1864) (A4446) (FIPS1864) (A4446)

Page 54
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseRelated SSPs
IPSec/IKE Authenticati on KeySession Key - CSPUsed to secure IPSec/IKEv2 session integrityat least 160 bits - at least 160 bitsKDF IKEv2 (A4446)MAC (IPSec/IKEv 2)
SNMPv3 Shared SecretAuthenticati on Secret - CSPUsed for SNMPv3 user authenticati on8-32 character s - N/A
SNMPv3 Encryption KeyEncryption Key - CSPUsed to protect SNMPv3 traffic confidentialit y128 bits - 128 bitsKDF SNMP (A4446)Block Cipher (SNMPv3)
SNMPv3 Authenticati on KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 112 bits - At least 112 bitsKDF SNMP (A4446)MAC (SNMPv3)
DRBG Entropy InputDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Seed:Used With DRBG Internal State (V, Key):Used With DRBG Internal State (V, C):Used With
DRBG SeedDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With DRBG Internal State (V, Key):Used With DRBG Internal State (V, C):Used With
DRBG Internal State (V, Key)DRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With
DRBG Internal State (V, C)DRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseRelated SSPs
IPSec/IKE Authenticati on KeySession Key - CSPUsed to secure IPSec/IKEv2 session integrityat least 160 bits - at least 160 bitsKDF IKEv2 (A4446)MAC (IPSec/IKEv 2)
SNMPv3 Shared SecretAuthenticati on Secret - CSPUsed for SNMPv3 user authenticati on8-32 character s - N/A
SNMPv3 Encryption KeyEncryption Key - CSPUsed to protect SNMPv3 traffic confidentialit y128 bits - 128 bitsKDF SNMP (A4446)Block Cipher (SNMPv3)
SNMPv3 Authenticati on KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 112 bits - At least 112 bitsKDF SNMP (A4446)MAC (SNMPv3)
DRBG Entropy InputDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Seed:Used With DRBG Internal State (V, Key):Used With DRBG Internal State (V, C):Used With
DRBG SeedDRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With DRBG Internal State (V, Key):Used With DRBG Internal State (V, C):Used With
DRBG Internal State (V, Key)DRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With
DRBG Internal State (V, C)DRAM:Plainte xtZeroizatio n CommandUntil RebootDRBG Entropy Input:Used With

s - N/A y 2) Table 18: SSP Table 1 n n n © 2021-2025 Cisco Systems, Inc. n n

Page 55
Sensitive security parameter
NameStorageZeroizationInput
User PasswordFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
Crypto Officer PasswordFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
RADIUS SecretFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via
Page 56
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs
TACACS+ SecretFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
Firmware Load Test KeyFlash:Plaintex tN/A
SSH DH Private KeyDRAM:Plainte xtZeroizatio n CommandWhile SSH tunnel is onSSH DH Public Key:Paired With SSH Peer DH Public Key:Used With
SSH DH Public KeyDRAM:Plainte xtZeroizatio n CommandModule Public Key OutputWhile SSH tunnel is onSSH DH Private Key:Paired With
SSH Peer DH Public KeyDRAM:Plainte xtZeroizatio n CommandPeer Public Key InputWhile SSH tunnel is onSSH DH Private Key:Used With
SSH DH Shared SecretDRAM:Plainte xtZeroizatio n CommandWhile SSH tunnel is onSSH DH Private Key:Derived From SSH DH Public Key:Derived From
SSH ECDH Private KeyDRAM:Plainte xtZeroizatio n CommandWhile SSH tunnel is onSSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used With
SSH ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandModule Public Key OutputWhile SSH tunnel is onSSH ECDH Private Key:Paired With
SSH Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandPeer Public Key InputWhile SSH tunnel is onSSH ECDH Private Key:Used With
SSH ECDH Shared SecretDRAM:Plainte xtZeroizatio n CommandWhile SSH tunnel is onSSH ECDH Private Key:Derived From SSH ECDH Public Key:Derived From
SSH RSA Private KeyFlash:Plaintex tZeroizatio n CommandSSH RSA Public Key:Paired With
SSH RSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputSSH RSA Private Key:Paired With
SSH ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandSSH ECDSA Public Key:Paired With
SSH ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputSSH ECDSA Private Key:Paired With
SSH Session Encryption KeyDRAM:Plainte xtZeroizatio n CommandWhile SSH tunnel is onSSH Session Authentication Key:Used With
SSH Session Authenticati on KeyDRAM:Plainte xtZeroizatio n CommandWhile SSH tunnel is onSSH Session Encryption Key:Used With
TLS DH Private KeyDRAM:Plainte xtZeroizatio n CommandWhile TLS tunnel is onTLS DH Public Key:Paired With TLS Peer DH Public Key:Used With
TLS DH Public KeyDRAM:Plainte xtZeroizatio n CommandModule Public Key OutputWhile TLS tunnel is onTLS DH Private Key:Paired With
TLS Peer DH Public KeyDRAM:Plainte xtZeroizatio n CommandPeer Public Key Inputwhile TLS tunnel is onTLS DH Private Key:Used With
TLS DH Shared SecretDRAM:Plainte xtZeroizatio n CommandWhile TLS tunnel is onTLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From
TLS ECDH Private KeyDRAM:Plainte xtZeroizatio n CommandWhile TLS tunnel is onTLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used With
TLS ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandModule Public Key OutputWhile TLS tunnel is onTLS ECDH Private Key:Paired With
TLS Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandPeer Public Key Inputwhile TLS tunnel is onTLS ECDH Private Key:Used With
TLS ECDH Shared SecretDRAM:Plainte xtZeroizatio n CommandWhile TLS tunnel is onTLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From
TLS ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandTLS ECDSA Public Key:Paired With
TLS ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputTLS ECDSA Private Key:Paired With
TLS RSA Private KeyFlash:Plaintex tZeroizatio n CommandTLS RSA Public Key:Paired With
TLS RSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputTLS RSA Private Key:Paired With
TLS Master SecretDRAM:Plainte xtZeroizatio n CommandWhile TLS tunnel is onTLS ECDH Shared Secret:Derived From
TLS SessionDRAM:Plainte xtZeroizatio n CommandWhile TLS tunnel is onTLS Session Authentication Key:Used With
TLS Session Authenticati on KeyDRAM:Plainte xtZeroizatio n CommandWhile TLS tunnel is onTLS Session Encryption Key:Used With
IPSec/IKE DH Private KeyDRAM:Plainte xtZeroizatio n CommandWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Public Key:Paired With IPSec/IKE Peer DH Public Key:Used With
IPSec/IKE DH Public KeyDRAM:Plainte xtZeroizatio n CommandModule Public Key OutputWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Private Key:Paired With
IPSec/IKE Peer DH Public KeyDRAM:Plainte xtZeroizatio n CommandPeer Public Key Inputwhile IPSec/IKE tunnel is onIPsec/IKE DH Private Key:Used With
IPSec/IKE DH Shared SecretDRAM:Plainte xtZeroizatio n CommandWhile IPSec/IKE v2 tunnel is onSKEYSEED:Used With
IPSec/IKE ECDH Private KeyDRAM:Plainte xtZeroizatio n CommandWhile IPSec/IKE v2 tunnel is onIPSec/IKE ECDH Public Key:Paired With IPSec/IKE Peer ECDH Public Key:Used With
IPSec/IKE ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandModule Public Key OutputWhile IPSec/IKE v2 tunnel is onIPSec/IKE ECDH Private Key:Paired With
IPSec/IKE Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n CommandPeer Public Key InputWhile IPSec/IKE v2 tunnel is onIPSec/IKE ECDH Private Key:Used With
IPSec/IKE ECDH Shared SecretDRAM:Plainte xtZeroizatio n CommandWhile IPSec/IKE v2 tunnel is onSKEYSEED:Used With
IPSec/IKE ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandIPSec/IKE ECDSA Public Key:Paired With
IPSec/IKE ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputIPSec/IKE ECDSA Private Key:Paired With
IPSec/IKE RSA Private KeyFlash:Plaintex tZeroizatio n CommandIPSec/IKE RSA Public Key:Paired With
IPSec/IKE RSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputIPSec/IKE RSA Private Key:Paired With
IPSec/IKE Pre-shared SecretFlash:Encrypt edZeroizatio n CommandWhile IPSec/IKE v2 tunnel is onSKEYSEED:Deriv ed to
SKEYSEEDDRAM:Plainte xtZeroizatio n CommandWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From IPSec/IKE Pre- shared Secret:Derived From
IPSec/IKE Session Encryption KeyDRAM:Plainte xtZeroizatio n CommandWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From
IPSec/IKE Authenticati on KeyDRAM:Plainte xtZeroizatio n CommandWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From
SNMPv3 Shared SecretFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/SecWhile SNMPv3 tunnel is onSNMPv3 Encryption Key:Derive To SNMPv3 Authentication Key:Derive To
SNMPv3 Encryption KeyDRAM:Plainte xtZeroizatio n CommandWhile SNMPv3 tunnel is onSNMPv3 Shared Secret:Derived From
SNMPv3 Authenticati on KeyDRAM:Plainte xtZeroizatio n CommandWhile SNMPv3 tunnel is onSNMPv3 Shared Secret:Derived From SNMPv3 Encryption Key:Used With
Page 61
9.5 Transitions
10 Self-Tests
10.1 Pre-Operational Self-Tests
Page 62
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTest PropertiesIndicatorConditions
RSA SigVer Firmware Integrity TestRSA SigVer Firmware Integrity TestKATSW/FW IntegrityRSA SigVerRSA SigVer 2048 bits with SHA2-512Module is in normal state
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassN/AN/AModule is in normal state
AES-CBC Encrypt KAT (A4446)AES-CBC Encrypt KAT (A4446)KATCASTEncryptModule is in normal state256 bitsPower Up
AES-CBC Decrypt KAT (A4446)AES-CBC Decrypt KAT (A4446)KATCASTDecryptModule is in normal state256 bitsPower Up
AES-GCM Authenticated Encrypt KAT (A4446)AES-GCM Authenticated Encrypt KAT (A4446)KATCASTAuthenticated EncryptModule is in normal state256 bitsPower Up
AES-GCM Authenticated Decrypt KAT (A4446)AES-GCM Authenticated Decrypt KAT (A4446)KATCASTAuthenticated DecryptModule is in normal state256 bitsPower Up
Counter DRBG Instantiate KAT (A4446)Counter DRBG Instantiate KAT (A4446)KATCASTInstantiate KATModule is in normal stateAES-128Power Up
Counter DRBG Generate KAT (A4446)Counter DRBG Generate KAT (A4446)KATCASTGenerate KATModule is in normal stateAES-128Power Up
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTest PropertiesIndicatorConditions
RSA SigVer Firmware Integrity TestRSA SigVer Firmware Integrity TestKATSW/FW IntegrityRSA SigVerRSA SigVer 2048 bits with SHA2-512Module is in normal state
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassN/AN/AModule is in normal state
AES-CBC Encrypt KAT (A4446)AES-CBC Encrypt KAT (A4446)KATCASTEncryptModule is in normal state256 bitsPower Up
AES-CBC Decrypt KAT (A4446)AES-CBC Decrypt KAT (A4446)KATCASTDecryptModule is in normal state256 bitsPower Up
AES-GCM Authenticated Encrypt KAT (A4446)AES-GCM Authenticated Encrypt KAT (A4446)KATCASTAuthenticated EncryptModule is in normal state256 bitsPower Up
AES-GCM Authenticated Decrypt KAT (A4446)AES-GCM Authenticated Decrypt KAT (A4446)KATCASTAuthenticated DecryptModule is in normal state256 bitsPower Up
Counter DRBG Instantiate KAT (A4446)Counter DRBG Instantiate KAT (A4446)KATCASTInstantiate KATModule is in normal stateAES-128Power Up
Counter DRBG Generate KAT (A4446)Counter DRBG Generate KAT (A4446)KATCASTGenerate KATModule is in normal stateAES-128Power Up
Counter DRBG Reseed KAT (A4446)Counter DRBG Reseed KAT (A4446)KATCASTReseed KATModule is in normal stateAES-128Power Up
ECDSA SigGen KAT (A4446)ECDSA SigGen KAT (A4446)KATCASTECDSA SigGen KATModule is in normal stateP-256 curve with SHA2-256Power Up
ECDSA SigVer KAT (A4446)ECDSA SigVer KAT (A4446)KATCASTECDSA SigVer KATModule is in normal stateP-256 curve with SHA2-256Power Up
HMAC-SHA-1 KAT (A4446)HMAC-SHA-1 KAT (A4446)KATCASTHMAC-SHA-1Module is in normal stateSHA-1Power Up
HMAC-SHA2- 256 KAT (A4446)HMAC-SHA2- 256 KAT (A4446)KATCASTHMAC-SHA2- 256Module is in normal stateSHA2-256Power Up
HMAC-SHA2- 384 KAT (A4446)HMAC-SHA2- 384 KAT (A4446)KATCASTHMAC-SHA2- 384Module is in normal stateSHA2-384Power Up
HMAC-SHA2- 512 KAT (A4446)HMAC-SHA2- 512 KAT (A4446)KATCASTHMAC-SHA2- 512Module is in normal stateSHA2-512Power Up
KAS-ECC- SSC Sp800- 56Ar3 KAT (A4446)KAS-ECC- SSC Sp800- 56Ar3 KAT (A4446)KATCASTPrimitive Z KATModule is in normal stateP-256 CurvePower Up
KAS-FFC- SSC Sp800- 56Ar3 KAT (A4446)KAS-FFC- SSC Sp800- 56Ar3 KAT (A4446)KATCASTPrimitive Z KATModule is in normal stateMODP- 2048Power Up
RSA SigGen (FIPS186-4) KAT (A4446)RSA SigGen (FIPS186-4) KAT (A4446)KATCASTRSA SigGen KATModule is in normal state2048 bit modulus with SHA2- 256Power Up
RSA SigVer (FIPS186-4) KAT (A4446)RSA SigVer (FIPS186-4) KAT (A4446)KATCASTRSA SigVer KATModule is in normal state2048 bit modulus with SHA2- 256Power Up
KDF IKEv2 KAT (A4446)KDF IKEv2 KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
KDF SNMP KAT (A4446)KDF SNMP KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
KDF SSH KAT (A4446)KDF SSH KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
TLS v1.2 KDF RFC7627 KAT (A4446)TLS v1.2 KDF RFC7627 KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
SHA-1 KAT (A4446)SHA-1 KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
AES-CBC Encrypt KAT (AES 3301)AES-CBC Encrypt KAT (AES 3301)KATCASTEncrypt KATModule is in normal state128 bitsPower Up
AES-CBC Decrypt KAT (AES 3301)AES-CBC Decrypt KAT (AES 3301)KATCASTDecrypt KATModule is in normal state128 bitsPower Up
AES-GCM Authenticated Encrypt KAT (AES 3301)AES-GCM Authenticated Encrypt KAT (AES 3301)KATCASTEncrypt KATModule is in normal state128 bitsPower Up
AES-GCM Authenticated Decrypt KAT (AES 3301)AES-GCM Authenticated Decrypt KAT (AES 3301)KATCASTDecrypt KATModule is in normal state128 bitsPower Up
Hash DRBG Instantiate KAT (DRBG 819)Hash DRBG Instantiate KAT (DRBG 819)KATCASTInstantiate KATModule is in normal stateSHA2-512Power Up
Hash DRBG Generate KAT (DRBG 819)Hash DRBG Generate KAT (DRBG 819)KATCASTGenerate KATModule is in normal stateSHA2-512Power Up
Hash DRBG Reseed KAT (DRBG 819)Hash DRBG Reseed KAT (DRBG 819)KATCASTReseed KATModule is in normal stateSHA2-512Power Up
HMAC-SHA-1 KAT (HMAC 2095)HMAC-SHA-1 KAT (HMAC 2095)KATCASTHMAC-SHA-1Module is in normal stateSHA-1Power Up
HMAC-SHA2- 256 KAT (HMAC 2095)HMAC-SHA2- 256 KAT (HMAC 2095)KATCASTHMAC-SHA2- 256Module is in normal stateSHA2-256Power Up
HMAC-SHA2- 384 KAT (HMAC 2095)HMAC-SHA2- 384 KAT (HMAC 2095)KATCASTHMAC-SHA2- 384Module is in normal stateSHA2-384Power Up
HMAC-SHA2- 512 KAT (HMAC 2095)HMAC-SHA2- 512 KAT (HMAC 2095)KATCASTHMAC-SHA2- 512Module is in normal stateSHA2-512Power Up
ECDSA KeyGen (FIPS186-4) PCT (A4446)ECDSA KeyGen (FIPS186-4) PCT (A4446)PCTPCTECDSAModule is in normal stateCurve P- 256 with SHA2-256Performs all required pair-wise consistency tests on the
RSA KeyGen (FIPS186-4) PCT (A4446)RSA KeyGen (FIPS186-4) PCT (A4446)PCTPCTRSAModule is in normal state2048 bit ModulusPerforms all required pair-wise consistency tests on the newly generated key pairs before the first operational use.
KAS-ECC- SSC Sp800- 56Ar3 PCT (A4446)KAS-ECC- SSC Sp800- 56Ar3 PCT (A4446)PCTPCTN/AModule is in normal stateCurve P- 256 with SHA2-256Performs all required pair-wise consistency tests on the newly generated key pairs before the first operational use.
KAS-FFC- SSC Sp800- 56Ar3 PCT (A4446)KAS-FFC- SSC Sp800- 56Ar3 PCT (A4446)PCTPCTN/AModule is in normal stateMODP- 2048Performs all required pair-wise consistency tests on the newly generated key pairs before the first operational use.
HMAC-SHA2- 512 Firmware Load TestHMAC-SHA2- 512 Firmware Load TestKATSW/FW LoadN/AModule is in normal stateHMAC- SHA2-512When firmware has been uploaded to the module
Conditional Bypass TestConditional Bypass TestN/ABypassN/AModule is in normal stateN/APerforms conditional bypass test before first operational use of bypass service
Entropy 90B Start-up Repetition Count Test (RCT)Entropy 90B Start-up Repetition Count Test (RCT)RCTCASTDesigned to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output value for a long period of timeModule is in normal stateRepetition Count TestPower Up
Entropy 90B Start-up Adaptive Proportion Test (APT)Entropy 90B Start-up Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of some physical failure or environmental change affecting the noise sourceModule is in normal stateAdaptive Proportion TestPower Up
Entropy 90B Continuous Repetition Count Test (RCT)Entropy 90B Continuous Repetition Count Test (RCT)RCTCASTDesigned to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output value for a long period of timeModule is in normal stateRepetition Count TestEntropy data is generated from the Entropy Source - Continuous
Entropy 90B Continuous Adaptive Proportion Test (APT)Entropy 90B Continuous Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of someModule is in normal stateAdaptive Proportion TestEntropy data is generated from the Entropy Source - Continuous

N/A N/A N/A Table 20: Pre-Operational Self-Tests The module performs the following self-tests, including the pre-operational self-tests and Conditional self-tests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the

10.2 Conditional Self-Tests
Page 63

KAS-ECCSSC Sp80056Ar3 KAT KAS-FFCSSC Sp80056Ar3 KAT HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 MODP2048 with SHA2256 with SHA2256 N/A N/A N/A N/A N/A N/A © 2021-2025 Cisco Systems, Inc.

Page 64

N/A N/A N/A N/A HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 © 2021-2025 Cisco Systems, Inc.

Page 65

KAS-ECCSSC Sp80056Ar3 PCT N/A KAS-FFCSSC Sp80056Ar3 PCT MODP2048 N/A HMACSHA2-512 N/A © 2021-2025 Cisco Systems, Inc.

Page 67
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic Method
RSA SigVer Firmware Integrity TestRSA SigVer Firmware Integrity TestKATSW/FW IntegrityRecommend 60 DaysReboot
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassRecommend 60 DaysReboot
AES-CBC Encrypt KAT (A4446)AES-CBC Encrypt KAT (A4446)KATCASTRecommend 60 DaysReboot
AES-CBC Decrypt KAT (A4446)AES-CBC Decrypt KAT (A4446)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Encrypt KAT (A4446)AES-GCM Authenticated Encrypt KAT (A4446)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Decrypt KAT (A4446)AES-GCM Authenticated Decrypt KAT (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG Instantiate KAT (A4446)Counter DRBG Instantiate KAT (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG Generate KAT (A4446)Counter DRBG Generate KAT (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG Reseed KAT (A4446)Counter DRBG Reseed KAT (A4446)KATCASTRecommend 60 DaysReboot
ECDSA SigGen KAT (A4446)ECDSA SigGen KAT (A4446)KATCASTRecommend 60 DaysReboot
ECDSA SigVer KAT (A4446)ECDSA SigVer KAT (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA-1 KAT (A4446)HMAC-SHA-1 KAT (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 256 KAT (A4446)HMAC-SHA2- 256 KAT (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 384 KAT (A4446)HMAC-SHA2- 384 KAT (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 512 KAT (A4446)HMAC-SHA2- 512 KAT (A4446)KATCASTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800-56Ar3 KAT (A4446)KAS-ECC-SSC Sp800-56Ar3 KAT (A4446)KATCASTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800-56Ar3 KAT (A4446)KAS-FFC-SSC Sp800-56Ar3 KAT (A4446)KATCASTRecommend 60 DaysReboot
RSA SigGen (FIPS186-4) KAT (A4446)RSA SigGen (FIPS186-4) KAT (A4446)KATCASTRecommend 60 DaysReboot
RSA SigVer (FIPS186-4) KAT (A4446)RSA SigVer (FIPS186-4) KAT (A4446)KATCASTRecommend 60 DaysReboot
KDF IKEv2 KAT (A4446)KDF IKEv2 KAT (A4446)KATCASTRecommend 60 DaysReboot
KDF SNMP KAT (A4446)KDF SNMP KAT (A4446)KATCASTRecommend 60 DaysReboot
KDF SSH KAT (A4446)KDF SSH KAT (A4446)KATCASTRecommend 60 DaysReboot
TLS v1.2 KDF RFC7627 KAT (A4446)TLS v1.2 KDF RFC7627 KAT (A4446)KATCASTRecommend 60 DaysReboot
SHA-1 KAT (A4446)SHA-1 KAT (A4446)KATCASTRecommend 60 DaysReboot
AES-CBC Encrypt KAT (AES 3301)AES-CBC Encrypt KAT (AES 3301)KATCASTRecommend 60 DaysReboot
AES-CBC Decrypt KAT (AES 3301)AES-CBC Decrypt KAT (AES 3301)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Encrypt KAT (AES 3301)AES-GCM Authenticated Encrypt KAT (AES 3301)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Decrypt KAT (AES 3301)AES-GCM Authenticated Decrypt KAT (AES 3301)KATCASTRecommend 60 DaysReboot
Hash DRBG Instantiate KAT (DRBG 819)Hash DRBG Instantiate KAT (DRBG 819)KATCASTRecommend 60 DaysReboot
Hash DRBG Generate KAT (DRBG 819)Hash DRBG Generate KAT (DRBG 819)KATCASTRecommend 60 DaysReboot
Hash DRBG Reseed KAT (DRBG 819)Hash DRBG Reseed KAT (DRBG 819)KATCASTRecommend 60 DaysReboot
HMAC-SHA-1 KAT (HMAC 2095)HMAC-SHA-1 KAT (HMAC 2095)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 256 KAT (HMAC 2095)HMAC-SHA2- 256 KAT (HMAC 2095)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 384 KAT (HMAC 2095)HMAC-SHA2- 384 KAT (HMAC 2095)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 512 KAT (HMAC 2095)HMAC-SHA2- 512 KAT (HMAC 2095)KATCASTRecommend 60 DaysReboot
ECDSA KeyGen (FIPS186-4) PCT (A4446)ECDSA KeyGen (FIPS186-4) PCT (A4446)PCTPCTRecommend 60 DaysReboot
RSA KeyGen (FIPS186-4) PCT (A4446)RSA KeyGen (FIPS186-4) PCT (A4446)PCTPCTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800-56Ar3 PCT (A4446)KAS-ECC-SSC Sp800-56Ar3 PCT (A4446)PCTPCTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800-56Ar3 PCT (A4446)KAS-FFC-SSC Sp800-56Ar3 PCT (A4446)PCTPCTRecommend 60 DaysReboot
HMAC-SHA2- 512 Firmware Load TestHMAC-SHA2- 512 Firmware Load TestKATSW/FW LoadN/AN/A
Conditional Bypass TestConditional Bypass TestN/ABypassN/AN/A
Entropy 90B Start-upEntropy 90B Start-upRCTCASTN/AN/A
Entropy 90B Start-up Adaptive Proportion Test (APT)Entropy 90B Start-up Adaptive Proportion Test (APT)APTCASTN/AN/A
Entropy 90B Continuous Repetition Count Test (RCT)Entropy 90B Continuous Repetition Count Test (RCT)RCTCASTN/AN/A
Entropy 90B Continuous Adaptive Proportion Test (APT)Entropy 90B Continuous Adaptive Proportion Test (APT)APTCASTN/AN/A

Table 21: Conditional Self-Tests The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.3 Periodic Self-Test Information

N/A Table 22: Pre-Operational Periodic Information © 2021-2025 Cisco Systems, Inc.

Page 70
Service
NameDescriptionRole AccessIndicator
Error StateIf self-test tests fail, the module is put into an error stateSelf-test failureSystem HaltReboot the module

N/A N/A N/A N/A N/A N/A Table 23: Conditional Periodic Information

10.4 Error States

Table 24: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The validated module firmware was installed onto the respective test platforms listed in Table 2 above. Any firmware/software loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation. The Crypto Officer must configure and enforce the following initialization steps. Operating this module without maintaining the following settings will put the module into a non-compliant state. Step 1: The Crypto Officer must install opacity shields as described in section Physical Security above. © 2021-2025 Cisco Systems, Inc.

Page 71

Step 2: The Crypto Officer must apply tamper evidence labels as described in section Physical Security above. Step 3: The Crypto Officer must securely store any unused tamper evidence labels. Note: Each module has a Type A USB 2.0 port, but it is considered to be disabled once the Crypto Officer has applied the TEL #9. Step 4: Crypto Officer performs the following configurations: ciscoasa# configure terminal Note, the Crypto Officer needs to connect the platform to cisco.com to obtain the license for ASA from Cisco. ciscoasa(config)# license smart register idtoken [token data] ciscoasa(config)#license smart ciscoasa(config-smart-lic)# show license all Smart Licensing Status ====================== Smart Licensing is ENABLED -ORciscoasa(config-smart-lic)# show license summary Smart Licensing is ENABLED Registration: Step

  1. Crypto officer shall perform zeroization operation if the module was previously used before the approved mode configuration. Step 6: Enable approved mode of operation by using the following command. ciscoasa(config)# fips enable Note: Startup operational mode will not take effect until you save configuration and reboot the device Rebooting the device will force new self-test Step 7: Crypto Officer can verify the version installed and running the following command. ciscoasa(config)# show version Step 8: Crypto Officer will need to issue the following commands to configure module. ciscoasa> en ciscoasa# conf t ciscoasa(config)# Step 9: Assign users a Privilege Level of
  2. Step 10: Configure IP address for unit and all distant endpoints. © 2021-2025 Cisco Systems, Inc.
Page 72

Step 11: Define RADIUS and TACACS+ shared secret keys that are at least 8 characters long and secure traffic between the security module and the RADIUS/TACACS+ server via secure (IPSec, TLS) tunnel. Note: Perform this step only if RADIUS/TACAS+ is configured, otherwise skip over and proceed to next step. Step 12: Configure the security module so that any remote connections via Telnet are secured through IPSec connection by using the following commands crypto map interface access-list protocol esp encryption protocol esp integrity If IPSec secure connection is not configured, after running two internal independent actions defined in section 4.6 above, the module would enter the Bypass state. Step 13: Configure the security module so that only approved algorithms are used for all security connections (SSHv2, TLSv1.2, SNMPv3 and IPSec/IKEv2). Step 14: Configure the security module so that error messages can only be viewed by Crypto Officer. Step 15: Disable the TFTP server. Step 16: Disable HTTP for performing system management in approved mode of operation. HTTPS with TLSv1.2 should always be used for Web-based management. Step 17: Ensure that installed digital certificates are signed using approved algorithms. Step 18: Save the configuration. Step 19: Reboot the module.

11.2 Administrator Guidance

No specific Administrator guidance.

11.3 Non-Administrator Guidance

No specific Non-Administrator guidance.

12 Mitigation of Other Attacks

N/A for this module. © 2021-2025 Cisco Systems, Inc.