All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Cisco Adaptive Security Appliance Cryptographic Module (FPR 1000 Series)

Certificate#5069StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCisco Systems, Inc.
High review priority  ·  exposes firmware-update authentication  ·  last validated 10 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/22/2030
CaveatWhen installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy
VendorCisco Systems, Inc.

Approved Algorithms (25)

AlgorithmACVP Cert
AES-CBCA4446
AES-GCMA4446
Counter DRBGA4446
ECDSA KeyGen (FIPS186-4)A4446
ECDSA SigGen (FIPS186-4)A4446
ECDSA SigVer (FIPS186-4)A4446
HMAC-SHA-1A4446
HMAC-SHA2- 224A4446
HMAC-SHA2- 256A4446
HMAC-SHA2- 384A4446
HMAC-SHA2- 512A4446
KAS-ECC-SSC Sp800-56Ar3A4446
KAS-FFC-SSC Sp800-56Ar3A4446
KDF IKEv2 (CVL)A4446
KDF SNMP (CVL)A4446
KDF SSH (CVL)A4446
RSA KeyGen (FIPS186-4)A4446
RSA SigGen (FIPS186-4)A4446
RSA SigVer (FIPS186-4)A4446
SHA-1A4446
SHA2-224A4446
SHA2-256A4446
SHA2-384A4446
SHA2-512A4446
TLS v1.2 KDF RFC7627 (CVL)A4446

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Physical Security7
Non-Invasive SecurityN/A
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Cisco Adaptive Security Appliance Cryptographic Module (FPR 1000 Series)
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Load Test<br/>Firmware Update</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Block Cipher (SSHv2)<br/>Block Cipher (TLSv1.2)<br/>Block Cipher (IPSec/IKE)</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Cisco Adaptive Security Appliance Cryptographic Module (FPR 1000 Series)
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Load Test<br/>Firmware Update</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Block Cipher (SSHv2)<br/>Block Cipher (TLSv1.2)<br/>Block Cipher (IPSec/IKE)</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Cisco Systems, Inc. Cisco Adaptive Security Appliance Cryptographic Module (FPR 1000 Series) Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2025 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 2
Table of Contents
#SectionPage
1General5
1.1Overview5
1.2Security Levels5
2Cryptographic Module Specification5
2.1Description5
2.2Tested and Vendor Affirmed Module Version and Identification6
2.3Excluded Components7
2.4Modes of Operation7
2.5Algorithms7
2.6Security Function Implementations9
2.7Algorithm Specific Information15
2.8RBG and Entropy15
2.9Key Generation16
2.10Key Establishment16
2.11Industry Protocols17
3Cryptographic Module Interfaces17
3.1Ports and Interfaces17
4Roles, Services, and Authentication18
4.1Authentication Methods18
4.2Roles19
4.3Approved Services20
4.4Non-Approved Services38
4.5External Software/Firmware Loaded38
4.6Bypass Actions and Status39
4.7Cryptographic Output Actions and Status39
4.8Additional Information39
5Software/Firmware Security39
5.1Integrity Techniques39
5.2Initiate on Demand39
6Operational Environment40
6.1Operational Environment Type and Requirements40
7Physical Security40
7.1Mechanisms and Actions Required40
7.2User Placed Tamper Seals40
7.3Filler Panels45
8Non-Invasive Security47
9Sensitive Security Parameters Management47
9.1Storage Areas47
9.2SSP Input-Output Methods47
9.3SSP Zeroization Methods48
9.4SSPs49
9.5Transitions65
10Self-Tests66
10.1Pre-Operational Self-Tests66
10.2Conditional Self-Tests66
10.3Periodic Self-Test Information70
10.4Error States73
11Life-Cycle Assurance73
11.1Installation, Initialization, and Startup Procedures73
11.2Administrator Guidance75
11.3Non-Administrator Guidance75
12Mitigation of Other Attacks75
Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware7
Table 3: Modes List and Description7
Table 4: Approved Algorithms9
Table 5: Vendor-Affirmed Algorithms9
Table 6: Security Function Implementations15
Table 7: Entropy Certificates15
Table 8: Entropy Sources16
Table 9: Ports and Interfaces17
Table 10: Authentication Methods19
Table 11: Roles19
Table 12: Approved Services38
Table 13: Mechanisms and Actions Required40
Table 14: Storage Areas47
Table 15: SSP Input-Output Methods48
Table 16: SSP Zeroization Methods49
Table 17: SSP Table 156
Table 18: SSP Table 265
Table 19: Pre-Operational Self-Tests66
Table 20: Conditional Self-Tests70
Table 21: Pre-Operational Periodic Information70
Table 22: Conditional Periodic Information73
Table 23: Error States73
Figure 1: FPR 10106
Figure 2: FPR 1120, FPR 1140 and FPR 11506
Figure 3: FPR-1010 Front view41
Figure 4: FPR-1010 Back view41
Figure 5: FPR-1010 Left view41
Figure 6: FPR-1010 Right view41
Figure 7: FPR-1010 Top View42
Figure 8: FPR-1010 Bottom view42
Figure 9: FPR-1140 Front View43
Figure 10: FPR-1140 Rear View43
Figure 11: FPR-1140 Left View43
Figure 12: FPR-1140 Right View43
Figure 13: FPR-1140 Top View44
Figure 14: FPR-1140 Bottom View45
Page 5
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic module specification2
33Cryptographic module interfaces2
44Roles, services, and authentication3
55Software/Firmware security2
66Operational environmentN/A
77Physical security2
88Non-invasive securityN/A
99Sensitive security parameter management2
1010Self-tests2
1111Life-cycle assurance2
1212Mitigation of other attacksN/A
Overall LevelOverall Level2
1.1 Overview

Appliance Cryptographic Module (FPR 1000 Series) (hereinafter referred to as ASA or Module), version 9.20. The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 2 Hardware cryptographic module. The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic table indicates the actual security levels for each area of the cryptographic module.

1.2 Security Levels
2.1 Description

Purpose and Use: This module is a multi-chip standalone hardware cryptographic module deployed under the Next-Generation Firewall (NGFW) with Adaptive Security Appliance (ASA). The module is operated in a limited operational environment. ASA delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. The ASA solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content © 2021-2025 Cisco Systems, Inc.

Page 6
Module configuration
NameModelHardware VersionFirmware VersionProcessor
FRP 1010FRP 1010FPR-10109.20Intel Atom C3558 (Goldmont)
FRP 1120FRP 1120FPR-11209.20Intel Atom C3858 (Goldmont)
FRP 1140FRP 1140FPR-11409.20Intel Atom C3958 (Goldmont)
FRP 1150FRP 1150FPR-11509.20Intel Atom C3958 (Goldmont)

security and secure unified communications, HTTPS/TLSv1.2, SSHv2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B using the ASA Cryptographic Module. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The module’s cryptographic boundary is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case, and shown in the figures below and in the Physical Security section. The FPR 1010 has a unique exterior appearance whereas the FPR 1120, FPR 1140 and FPR 1150 all have the same exterior appearance. Where they differ is in Firewall throughput, IPS throughput, IPsec VPN throughput and number of VPN peers allowed.

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 7
Service
NameDescriptionIndicatorType
Approved Mode of OperationThe module is always in the approved mode of operation after initial operations are performed.Approved mode indicator: "FIPS is currently enabled."Approved
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA4446Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA4446Direction - Decrypt, Encrypt IV Generation - InternalSP 800-38D
Counter DRBGA4446Prediction Resistance - Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A4446Curve - P-256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA SigGen (FIPS186-4)A4446Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4446Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512FIPS 186-4
HMAC-SHA-1A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2- 224A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2- 256A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2- 384A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
HMAC-SHA2- 512A4446Key Length - Key Length: 256-448 Increment 8FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4446Domain Parameter Generation Methods - P- 256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A4446Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp-4096 Scheme - dhEphem - KAS Role - initiator, responderSP 800-56A Rev. 3
KDF IKEv2 (CVL)A4446Diffie-Hellman Shared Secret Length - Diffie- Hellman Shared Secret Length: 2048 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1SP 800-135 Rev. 1
KDF SNMP (CVL)A4446Password Length - Password Length: 256, 64SP 800-135 Rev. 1
KDF SSH (CVL)A4446Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512SP 800-135 Rev. 1
RSA KeyGen (FIPS186-4)A4446Key Generation Mode - B.3.4 Modulo - 2048, 3072 Hash Algorithm - SHA2-256 Private Key Format - StandardFIPS 186-4
RSA SigGen (FIPS186-4)A4446Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072FIPS 186-4
RSA SigVer (FIPS186-4)A4446Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072FIPS 186-4
Safe Primes Key GenerationA4446Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp- 4096SP 800-56A Rev. 3
SHA-1A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-224A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-256A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-384A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-512A4446Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4446Hash Algorithm - SHA2-256, SHA2-384, SHA2- 512SP 800-135 Rev. 1

Table 2: Tested Module Identification

2.3 Excluded Components

N/A for this module. Modes List and Description: Table 3: Modes List and Description operation after initial operations are performed (See Section 11). The module does not claim implementation of a degraded mode of operation. Section 4 provides details on the service

2.5 Algorithms

Approved Algorithms: © 2021-2025 Cisco Systems, Inc.

Page 8

HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 © 2021-2025 Cisco Systems, Inc.

Page 9
Service
NameProperties
CKGKey Type:AsymmetricN/ASP 800-133r2 Section 4, Method 1

Table 4: Approved Algorithms Vendor-Affirmed Algorithms: Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations
Page 10
Service
NameDescriptionApproved FunctionsTypeProperties
KAS-ECC- KeyGen (SSHv2)KAS ECC keygen used in SSHv2 serviceCounter DRBG: (A4446) CKG: ()KAS-KeyGen CKGBit-strength Caveat:Provides between 128 and 256 bits encryption strength
KAS-FFC- KeyGen (SSHv2)KAS FFC keygen used in SSHv2 serviceCounter DRBG: (A4446) Safe Primes Key Generation: (A4446) Safe Prime Groups: modp- 2048, modp- 3072, modp- 4096 CKG: ()KAS-KeyGen CKGBit-strength Caveat:Provides between 112 and 152 bits encryption strength
KAS-ECC- KeyGen (TLSv1.2)KAS ECC keygen used in TLSv1.2 serviceCounter DRBG: (A4446) CKG: ()KAS-KeyGen CKGBit-strength Caveat:Provides between 128 and 256 bits encryption strength
KAS-FFC- KeyGen (TLSv1.2)KAS FFC keygen used in TLSv1.2 serviceCounter DRBG: (A4446) Safe Primes Key Generation: (A4446) Safe Prime Groups: ffdhe2048, ffdhe3072, ffdhe4096 CKG: ()KAS-KeyGen CKGBit-strength Caveat:Provides between 112 and 152 bits encryption strength
KAS-ECC- KeyGen (IKEv2)KAS ECC keygen used in TLSv1.2 serviceCounter DRBG: (A4446) CKG: ()KAS-KeyGen CKGBit-strength Caveat:Provides between 128 and 256 bits encryption strength
KAS-FFC- KeyGen (IKEv2)KAS FFC keygen used in TLSv1.2 serviceCounter DRBG: (A4446) Safe Primes Key Generation: (A4446) Safe Prime Groups: modp- 2048, modp- 3072, modp-KAS-KeyGen CKGBit-strength Caveat:Provides between 112 and 152 bits encryption strength
KAS-ECC (SSHv2)KAS-ECC for SSHv2 serviceKDF SSH: (A4446) KAS-ECC-SSC Sp800-56Ar3: (A4446)KAS-FullBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
KAS-FFC (SSHv2)KAS-FFC SSHv2 serviceKDF SSH: (A4446) KAS-FFC-SSC Sp800-56Ar3: (A4446) Domain Parameter Generation Method: modp- 2048, modp- 3072, modp- 4096KAS-FullBit-strength Caveat:Provides between 112 and 152 bits of encryption strength
KAS-ECC (TLSv1.2)KAS-ECC for TLSv1.2 serviceTLS v1.2 KDF RFC7627: (A4446) KAS-ECC-SSC Sp800-56Ar3: (A4446)KAS-FullBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
KAS-FFC (TLSv1.2)KAS-FFC for TLSv1.2 serviceTLS v1.2 KDF RFC7627: (A4446) KAS-FFC-SSC Sp800-56Ar3: (A4446) Domain Parameter Generation Method: ffdhe2048, ffdhe3072, ffdhe4096KAS-FullBit-strength Caveat:Provides between 112 to 152 bits of encryption strength
KAS-ECC (IKEv2)KAS-ECC for IKEv2 ServiceKAS-ECC-SSC Sp800-56Ar3: (A4446) KDF IKEv2: (A4446)KAS-FullBit-strength Caveat:Provides between 112 and 256 bits of encryption strength
KAS-FFC (IKEv2)KAS-FFC for IKEv2 serviceKAS-FFC-SSC Sp800-56Ar3: (A4446) KDF IKEv2:KAS-FullBit-strength Caveat:Provides between 112 and 152 bits of

KAS-ECCKeyGen KAS-FFCKeyGen KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Cisco Systems, Inc. Groups: modp2048, modp3072, modp4096 Groups: modp2048, modp3072, modp-

Page 11

© 2021-2025 Cisco Systems, Inc. Method: modp2048, modp3072, modp4096

Page 12
Sensitive security parameter
NameTypeDescriptionStrengthGeneration
KTS (TLSv1.2 with AES and HMAC)KTS-WrapKTS via TLSv1.2 service by using AES and HMACBit-strength Caveat:Provides between 128 and 256 bits of encryption strengthAES-CBC: (A4446) Key Length: 128, 256 HMAC-SHA-1: (A4446) HMAC-SHA2- 256: (A4446) HMAC-SHA2- 384: (A4446) SHA-1: (A4446) SHA2-256: (A4446) SHA2-384: (A4446)
KTS (TLSv1.2 with AES-GCM)KTS-WrapKTS via TLSv1.2 service by using AES-GCMBit-strength Caveat:Provides between 128 and 256 bits of encryption strengthAES-GCM: (A4446) Key Length: 128, 256
KTS (SSHv2 with AES and HMAC)KTS-WrapKTS via SSHv2 service by using AES and HMACBit-strength Caveat:Provides between 128 and 256 bits of encryption strengthAES-CBC: (A4446) Key Length: 128, 256 HMAC-SHA-1: (A4446) HMAC-SHA2- 256: (A4446) SHA-1: (A4446) SHA2-256: (A4446)
KTS (SSHv2 with AES-GCM)KTS-WrapKTS via SSHv2 service by using AES-GCMBit-strength Caveat:Provides between 128 and 256 bits of encryption strengthAES-GCM: (A4446) Key Length: 128, 256
RSA KeyGen (SSHv2, TLSv1.2, IKEv2)AsymKeyPair- KeyGen CKGRSA KeyGen for SSHv2,RSA KeyGen (FIPS186-4): (A4446)

AsymKeyPairKeyGen © 2021-2025 Cisco Systems, Inc. Method: modp2048, modp3072, modp4096

Page 13
Service
NameDescriptionRole AccessType
ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)ECDSA KeyGen for TLSv1.2 and IKEv2 servicesECDSA KeyGen (FIPS186-4): (A4446) Counter DRBG: (A4446) CKG: ()AsymKeyPair- KeyGen CKG
RSA SigGen (SSHv2, TLSv1.2, IKEv2)RSA SigGen for SSHv2, TLSv1.2, and IKEv2 servicesRSA SigGen (FIPS186-4): (A4446)DigSig-SigGen
ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2)ECDSA SigGen for TLSv1.2, and IKEv2 servicesECDSA SigGen (FIPS186-4): (A4446)DigSig-SigGen
RSA SigVer (SSHv2, TLSv1.2, and IKEv2)RSA SigVer for SSHv2, TLSv1.2, and IKEv2 servicesRSA SigVer (FIPS186-4): (A4446)DigSig-SigVer
ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2)ECDSA SigVer for TLSv1.2 and IKEv2 servicesECDSA SigVer (FIPS186-4): (A4446)DigSig-SigVer
Block Cipher (SSHv2)Block Cipher for SSHv2 serviceAES-CBC: (A4446) Key Length: 128, 256 AES-GCM: (A4446) Key Length: 128, 256BC-Auth BC-UnAuth
Block Cipher (TLSv1.2)Block Cipher for TLSv1.2 serviceAES-GCM: (A4446) Key Length: 128, 256 AES-CBC: (A4446) Key Length: 128, 256BC-Auth BC-UnAuth
Block Cipher (IPSec/IKE)Block Cipher for IPSec/IKEv2 serviceAES-CBC: (A4446) AES-GCM: (A4446)BC-Auth BC-UnAuth
Block Cipher (SNMPv3)Block Cipher for SNMPv3 serviceAES-CBC: (A4446) KDF SNMP: (A4446)BC-UnAuth
MAC (SSHv2)MAC for SSHv2 serviceHMAC-SHA-1: (A4446) HMAC-SHA2- 256: (A4446) SHA-1: (A4446) SHA2-256: (A4446)MAC
MAC (TLSv1.2)Message Authentication for TLSv1.2 servicesHMAC-SHA-1: (A4446) HMAC-SHA2- 256: (A4446) HMAC-SHA2- 384: (A4446) SHA-1: (A4446) SHA2-256: (A4446) SHA2-384: (A4446)MAC
MAC (IPSec/IKEv2)Message Authentication for IPSec/IKEv2 servicesHMAC-SHA2- 256: (A4446) HMAC-SHA2- 384: (A4446) HMAC-SHA2- 512: (A4446) SHA2-256: (A4446) SHA2-384: (A4446) SHA2-512: (A4446)MAC
MAC (SNMPv3)Message Authentication for SNMPv3 serviceHMAC-SHA-1: (A4446) SHA-1: (A4446) KDF SNMP: (A4446) HMAC-SHA2- 256: (A4446) HMAC-SHA2- 384: (A4446) SHA2-256: (A4446) SHA2-384: (A4446) HMAC-SHA2- 224: (A4446) SHA2-224: (A4446)MAC
Firmware Load TestMAC for firmware load testHMAC-SHA2- 512: (A4446)MAC

AsymKeyPairKeyGen © 2021-2025 Cisco Systems, Inc.

Page 15

Table 6: Security Function Implementations

2.7 Algorithm Specific Information
2.8 RBG and Entropy
Page 16
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Cisco Jitter Entropy SourceNon- Physical256 bitsIntel Atom C3558 (Goldmont), Intel Atom C3858 (Goldmont), Intel Atom C3958 (Goldmont)Full EntropyA2810 (SHA3- 256)

NonPhysical Table 8: Entropy Sources A2810 (SHA3256) The module implements one approved DRBGs based on SP800-90Ar1, including CTR_DRBG with Algo Cert. #A4446. This DRBG is used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). The DRBG is seeded by the entropy source described in the table above. The CTR_DRBG (AES-128/192/256) enables Derivation Function capability. The DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy) and provides at least 256 bits security strength for the following cryptographic keys generation. The Cisco JENT entropy source implementation generates an output that is considered to have full entropy. More information can be found in the public use document for ESV cert #E3.

2.9 Key Generation

The module generates RSA, ECDSA, ECDH, and DH asymmetric key pairs compliant with FIPS 186-4, using NIST SP 800-90Arev1 DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section

5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an

approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).

2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation:

7919 (TLS) and RFC 3526 (IKE).

SSH (RFC 4419): MODP-2048 (ID =

  1. MODP-3072 (ID =
  2. MODP-4096 (ID = 16) © 2021-2025 Cisco Systems, Inc.
Page 17
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Ethernet Port, SFP port, and Console PortEthernet Port, SFP port, and Console PortData InputData input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP port, and Console PortEthernet Port, SFP port, and Console PortData OutputData output from the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP port, Console Port and RESETEthernet Port, SFP port, Console Port and RESETControl InputControl Data input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data.
Ethernet Port, SFP port, Console Port and LEDsEthernet Port, SFP port, Console Port and LEDsStatus OutputStatus Information output from the module.
N/AN/AControl OutputN/A
PowerPowerPowerProvide the Power Supply to the module.

TLS (RFC 7919): ffdhe2048 (ID = 256) ffdhe3072 (ID = 257) ffdhe4096 (ID = 258) IKE (RFC 3526): MODP-2048 (ID =

  1. MODP-3072 (ID =
  2. MODP-4096 (ID = 16) • KAS-ECC Shared Secret Computation: - The module provides SP800-56Arev3 compliant key establishment according to FIPS 140-3 IG D.F scenario 2 path (2) with KAS-ECC shared secret computation. The shared secret computation provides between 128 and 256 bits of encryption strength.
2.11 Industry Protocols

The module supports SSHv2, TLS v1.2, SNMPv3 and IPsec/IKEv2 industrial protocols. Please refer to the Security Function Implementations Table for more information. No parts of IPSec/IKEv2, SNMPv3, SSH and TLS protocols, other than the KDFs, have been tested by the CAVP and CMVP.

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

N/A Table 9: Ports and Interfaces © 2021-2025 Cisco Systems, Inc. N/A

Page 18
Sensitive security parameter
NameDescriptionStrengthStrength per Minute
PasswordThe minimum length is eight (8) characters (94 possible characters). The configuration supports at most ten failed attempts to authenticate in a one- minute period.The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000.Password BasedThe probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000.
RSA- Based CertificateThe modules support RSA public-key based authentication mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 =The probability that a random attempt will succeed is 1/(2^112). Please refer to Description section in this table for more detailsRSA SigVer (FIPS186-4) (A4446)the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112). Please refer to Description section in this table for more details
ECDSA- Based CertificateThe modules support ECDSA public-key based authentication mechanism using a minimum of curve P- 256, which provides 128 bits of security strength. The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000.The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. Please refer to Description section in this table for more detailsECDSA SigVer (FIPS186-4) (A4446)the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128). Please refer to Description section in this table for more details

The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided by the module (data input, data output, control input, control output and status output) as above. The module’s data output interface will be disabled when performing pre-operational self-tests, loading new firmware, zeroizing keys, or when in an error state.

4 Roles, Services, and Authentication
4.1 Authentication Methods

RSABased © 2021-2025 Cisco Systems, Inc.

Page 19
Service
NameRole AccessType
Crypto OfficerCOIdentityPassword RSA-Based Certificate ECDSA-Based Certificate
UserUserIdentityPassword RSA-Based Certificate ECDSA-Based Certificate

ECDSABased and the User role. The module also allows the concurrent operators.

4.2 Roles

Table 11: Roles © 2021-2025 Cisco Systems, Inc.

Page 20
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Show StatusProvide Module's current status (return codes and/or syslog messages)Crypto Officer UserNoneN/ACommand used to show Module's StatusModule's Operationa l Status
Show VersionProvide Module's name and version informationCrypto Officer UserNoneN/ACommand to show versionModule's ID and versioning information
Perform Self-TestsPerform Self-Tests (Pre- operational self-test and Conditional Self-Tests)Crypto Officer User Unauthentic atedNoneGlobal Indicator or syslog messageCommand to trigger Self-TestStatus of the self- tests results
Perform ZeroizationPerform ZeroizationCrypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - User Password: Z - Crypto Officer Password: Z - RADIUS Secret: Z - TACACS+ Secret: ZNoneSyslog messageCommand to zeroize the moduleStatus of the SSPs zeroization
4.3 Approved Services

n (Preoperational N/A N/A the selftests Z © 2021-2025 Cisco Systems, Inc.

Page 21
Service
NameDescriptioSecurity
nnFunctions
nnFunctions
nnFunctions
Page 24
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure NetworkConfigure Module's NetworkCrypto OfficerNoneNoneCommand s to configure the networkStatus of the completion of network configurati on status
Account Manageme ntManage User AccountCrypto OfficerNoneN/ACommand s to create User accountAccount status
Crypto Officer Authenticat ionCO Role Authenticat ionCrypto Officer - Crypto Officer Password: W,ZNoneN/ACO Authenticat ion RequestStatus of the CO authenticat ion
User Authenticat ionUser Role Authenticat ionUser - User Password: W,ZNoneN/AUser role authenticat ion requestStatus of the User role authenticat ion
Configure Bypass CapabilitySets the Bypass capabilityCrypto OfficerNoneNoneCLI Bypass commandsStatus of the completion of Bypass capability configurati on
Configure SSHv2 FunctionConfigure SSHv2 FunctionCrypto Officer - SSH DHKAS-ECC- KeyGen (SSHv2)Global Indicator andCommand s toStatus of the completion

n N/A N/A N/A © 2021-2025 Cisco Systems, Inc. Z W,Z W,Z KAS-ECCKeyGen

Page 25
Service
NameCsps AccessedIndicatorInputOutputDescriptioSecurity
nnFunctions
SSHv2 configurat ion success status messagePrivate Key: G,W,E - SSH DH Public Key: G,R,W - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: G,W,E - SSH ECDH Private Key: G,W,E - SSH ECDH Public Key: G,R,W - SSH Peer ECDH Public Key: W,E - SSH ECDH Shared Secret: G,W,E - SSH RSA Private Key: G,W,E - SSH RSA Public Key: G,R,W - SSH ECDSA Private Key: G,W,E - SSH ECDSA Public Key: G,R,W - SSH Session Encryption Key: G,W,E - SSH Session Authenticatio n Key: G,W,ESSHv2 configurat ion success status messageconfigure SSHv2of the SSHv2 configurati onKAS-FFC- KeyGen (SSHv2) KAS-ECC (SSHv2) KAS-FFC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2)

n © 2021-2025 Cisco Systems, Inc. KAS-FFCKeyGen with AESGCM) G,W,E G,R,W G,W,E G,W,E G,R,W W,E G,W,E G,W,E G,R,W G,W,E G,R,W G,W,E

Page 26
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure HTTPS over TLSv1.2 FunctionConfigure HTTPS over TLSv1.2 FunctionCrypto Officer - TLS DH Private Key: G,W,E - TLS DH Public Key: G,R,W - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: G,W,E - TLS ECDH Private Key: G,W,E - TLS ECDH Public Key: G,R,W - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: G,W,E - TLS ECDSA Private Key:KAS-ECC- KeyGen (TLSv1.2) KAS-FFC- KeyGen (TLSv1.2) KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2,Global Indicator and HTTPS over TLSv1.2 configurat ion success status messageCommand s to configure TLSv1.2Status of the completion of TLSv1.2 configurati on
TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2)G,W,E - TLS ECDSA Public Key: G,R,W - TLS RSA Private Key: G,W,E - TLS RSA Public Key: G,R,W - TLS Master Secret: G,W,E - TLS Session Encryption Key: G,W,E - TLS Session Authenticatio n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,ETLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2)
Configure IPsec/IKEv 2 FunctionConfigure IPSec/IKEv 2 FunctionCrypto Officer - IPSec/IKE DH Private Key: G,W,E - IPSec/IKE DH Public Key: G,R,W - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKEKAS-ECC- KeyGen (IKEv2) KAS-FFC- KeyGen (IKEv2) KAS-ECC (IKEv2) KAS-FFC (IKEv2) RSA KeyGen (SSHv2,Global Indicator with IPsec/IKE v2 configurat ion success status messageCommand s to configure IPsec/IKEv 2Status of the completion of IPsec/IKEv 2 configurati on

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen with AESGCM) G,W,E G,W,E G,W,E G,W,E G,R,W G,W,E G,W,E G,R,W W,E G,W,E

Page 27

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen G,W,E G,R,W G,W,E G,R,W G,W,E G,W,E G,W,E G,W,E G,W,E W,E

Page 28
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE ) MAC (IPSec/IKE v2)DH Shared Secret: G,W,E - IPSec/IKE ECDH Private Key: G,W,E - IPSec/IKE ECDH Public Key: G,R,W - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKE ECDH Shared Secret: G,W,E - IPSec/IKE ECDSA Private Key: G,W,E - IPSec/IKE ECDSA Public Key: G,R,W - IPSec/IKE RSA Private Key: G,W,E - IPSec/IKE RSA Public Key: G,R,W - IPSec/IKE Pre-shared Secret: G,W,E - SKEYSEED: G,W,E - IPSec/IKE Session Encryption Key: G,W,E - IPSec/IKE Authenticatio n Key: G,W,ETLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE ) MAC (IPSec/IKE v2)
Page 29
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure SNMPv3 FunctionConfigure SNMPv3 FunctionCrypto Officer - SNMPv3 Shared Secret: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticatio n Key: G,W,EBlock Cipher (SNMPv3) MAC (SNMPv3)Global Indicator and SNMPv3 configurat ion success status messageCommand s to configure SNMPv3Status of the completion of SNMPv3 configurati on
Run SSHv2 FunctionExecute SSHv2 FunctionCrypto Officer - SSH DH Private Key: G,W,E - SSH DH Public Key: G,R,W - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: G,W,E - SSH ECDH Private Key: G,W,E - SSH ECDH Public Key: G,R,W - SSH Peer ECDH Public Key:KAS-ECC- KeyGen (SSHv2) KAS-FFC- KeyGen (SSHv2) KAS-ECC (SSHv2) KAS-FFC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2)Global Indicator and successfu l SSHv2 log messageInitiate SSHv2 tunnel establishm entStatus of SSHv2 tunnel establishm ent

n KAS-ECCKeyGen KAS-FFCKeyGen with AESGCM) © 2021-2025 Cisco Systems, Inc. G,W,E G,W,E G,W,E G,W,E G,W,E G,R,W G,W,E G,W,E G,R,W

Page 30
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2)W,E - SSH ECDH Shared Secret: G,W,E - SSH RSA Private Key: G,W,E - SSH RSA Public Key: G,R,W - SSH ECDSA Private Key: G,W,E - SSH ECDSA Public Key: G,R,W - SSH Session Encryption Key: G,W,E - SSH Session Authenticatio n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E - RADIUS Secret: W,E - TACACS+ Secret: R,E User - SSH DH Private Key: G,W,EECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (SSHv2) MAC (SSHv2)
Page 31
Service
NameDescriptioSecurity
nnFunctions
Page 32
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run HTTPS over TLSv1.2 FunctionExecute HTTPS over TLSv1.2 functionCrypto Officer - TLS DH Private Key: G,W,E - TLS DH Public Key: G,R,W - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: G,W,E - TLS ECDH Private Key: G,W,E - TLS ECDH Public Key: G,R,W - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: G,W,E - TLS ECDSA Private Key: G,W,E - TLSKAS-ECC- KeyGen (TLSv1.2) KAS-FFC- KeyGen (TLSv1.2) KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2)Global Indicator and successfu l HTTPS over TLSv1.2 log messageInitiate TLSv1.2 tunnel establishm ent requestStatus of TLSv1.2 tunnel establishm ent

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen with AESGCM) G,W,E G,W,E G,W,E G,W,E G,R,W G,W,E G,W,E G,R,W W,E G,W,E G,W,E

Page 33
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2)ECDSA Public Key: G,R,W - TLS RSA Private Key: G,W,E - TLS RSA Public Key: G,R,W - TLS Master Secret: G,W,E - TLS Session Encryption Key: G,W,E - TLS Session Authenticatio n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E User - TLS DH Private Key: G,W,E - TLS DH Public Key: G,R,W - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: G,W,E - TLS ECDHECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (TLSv1.2) MAC (TLSv1.2)
Page 34
Service
NameDescriptioSecurity
nnFunctions
Page 35
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run IPSec/IKEv 2 FunctionExecute IPsec/IKEv 2 FunctionCrypto Officer - IPSec/IKE DH Private Key: G,W,E - IPSec/IKE DH Public Key: G,R,W - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: G,W,E - IPSec/IKE ECDH Private Key: G,W,E - IPSec/IKE ECDH Public Key: G,R,W - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKE ECDH Shared Secret: G,W,E - IPSec/IKE ECDSA Private Key: G,W,E - IPSec/IKE ECDSA Public Key: G,R,W - IPSec/IKE RSA Private Key: G,W,E - IPSec/IKE RSA PublicKAS-ECC- KeyGen (IKEv2) KAS-FFC- KeyGen (IKEv2) KAS-ECC (IKEv2) KAS-FFC (IKEv2) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2 and IKEv2) RSA SigVer (SSHv2, TLSv1.2, and IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, and IKEv2) Block Cipher (IPSec/IKE ) MACGlobal Indicator and succesful IPsec/IKE v2 log messageInitiate IPsec/IKEv 2 tunnel establishm ent requestStatus of IPSec/IKE v2 tunnel establishm ent

n © 2021-2025 Cisco Systems, Inc. KAS-ECCKeyGen KAS-FFCKeyGen ) G,W,E G,W,E W,E G,W,E G,W,E G,R,W W,E G,W,E G,W,E G,R,W

Page 36
Service
NameCsps AccessedDescriptioSecurity
nnFunctions
(IPSec/IKE v2)Key: G,R,W - IPSec/IKE Pre-shared Secret: G,W,E - SKEYSEED: G,W,E - IPSec/IKE Session Encryption Key: G,W,E - IPSec/IKE Authenticatio n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E User - IPSec/IKE DH Private Key: G,W,E - IPSec/IKE DH Public Key: G,R,W - IPSec/IKE Peer DH Public Key: W,E - IPSec/IKE DH Shared Secret: G,W,E - IPSec/IKE ECDH Private Key: G,W,E - IPSec/IKE(IPSec/IKE v2)
Page 37
Service
NameDescriptioSecurity
nnFunctions
Page 38
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run SNMPv3 FunctionExecute SNMPv3 FunctionCrypto Officer - SNMPv3 Shared Secret: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticatio n Key: G,W,E User - SNMPv3 Shared Secret: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticatio n Key: G,W,EBlock Cipher (SNMPv3) MAC (SNMPv3)Global Indicator and successfu l SNMPv3 log messageInitiate SNMPv3 tunnel establishm ent requestStatus of SNMPv3 tunnel establishm ent
Firmware UpdateUpdate the existing firmware imageCrypto Officer - Firmware Load Test Key: RFirmware Load TestGlobal indicator and successfu l Firmware Loading status messageCommand s to load new firmware imageOutcome of the Firmware Load Test
4.4 Non-Approved Services
4.5 External Software/Firmware Loaded
Page 39

The module supports the firmware load test by using HMAC-SHA2-512 (HMAC Cert. #A4446) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails.

4.6 Bypass Actions and Status

The module implements alternating Bypass service. Traffic output from the module’s data output interface can be cryptographically protected via IPSec/IKE VPN, or passed as plaintext (Bypass state), depending on the VPN tunnel establishment on the dedicated data output interface. The operator shall assume Crypto Officer role so as to configure IPSec/IKE VPN capability. If no IPSec/IKE VPN was configured, Module would enter the Bypass state. Before the module executes the Bypass service (sending out plaintext traffic via the data output interface), the module would conduct two independent internal actions to prevent the inadvertent bypass of plaintext data due to a single error. The Crypto Officer can use commands “show access-list” and “show crypto ipsec sa” to verify the module’s Bypass status. In Bypass tests fail, the module would enter an error state, and drop the traffic.

4.7 Cryptographic Output Actions and Status

The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.

4.8 Additional Information

The module supports unauthenticated service. The unauthenticated User/Operators can trigger the self-test service by power-cycling the module, and is able to observe the module’s LEDs status.

5 Software/Firmware Security
5.1 Integrity Techniques

The module is provided in the form of binary executable code. To ensure firmware security, the module is protected by RSA 2048 bits with SHA2-512 (RSA Cert. #A4446) algorithm. A Firmware Integrity Test Key (non-SSP) was preloaded to the module’s binary at the factory and used for firmware integrity test only at the pre-operational self-test. The module uses the RSA

2048 bits modulus public key to verify the digital signature. If the firmware integrity test fails, the

module would enter to an Error state with all crypto functionality inhibited.

5.2 Initiate on Demand
Page 40
MechanismInspectionInspection Guidance
Frequency
Tamper labels (4 or 10) with Part number: AIR-AP-FIPSKIT=Recommend 30 DaysVisible inspection of platform for residual evidence of tampering
Opacity shield (1) with Part number: 800-106088-01 or FPR1K-RM-FIPS- KITRecommend 30 DaysVisible inspection of platform for evidence of tampering, removal or access
Production grade componentsN/AN/A

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the firmware integrity test on-demand.

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited

7 Physical Security
7.1 Mechanisms and Actions Required

N/A Table 13: Mechanisms and Actions Required N/A The module utilizes a production-grade enclosure and removable cover along with tamper evidence labels as the physical security mechanisms. Step 1: Turn off and unplug the module. Step 2: Clean the chassis of any grease, dirt, oil or any other material other than the surface coating from manufacture before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Step 3: Apply a label to cover the module as shown in the figures below. The tamper evident labels are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the module will damage the tamper evident labels or the material of the security appliance cover. Because the tamper evident labels have non-repeated serial numbers, they may be inspected for damage and compared against the applied serial numbers to verify that the security appliance has not been tampered with. Tamper evident labels can also be inspected for signs of tampering, which include the following: curled corners, rips, and slices. The word “FIPS” may appear if the label was peeled back.

7.2 User Placed Tamper Seals
Page 41

FPR-1010 Placement: Figure 3: FPR-1010 Front view TEL 1 Figure 4: FPR-1010 Back view Figure 5: FPR-1010 Left view Figure 6: FPR-1010 Right view © 2021-2025 Cisco Systems, Inc.

Page 42

Figure 7: FPR-1010 Top View TEL 3 TEL 2 TEL 4 Figure 8: FPR-1010 Bottom view © 2021-2025 Cisco Systems, Inc.

Page 43

FPR-1120/1140/1150 Placement: Figure 9: FPR-1140 Front View TEL 1 TEL 2 Figure 10: FPR-1140 Rear View TEL 4 Figure 11: FPR-1140 Left View TEL 5 © 2021-2025 Cisco Systems, Inc. TEL 3 Figure 12: FPR-1140 Right View

Page 44

TEL 6 TEL 7 TEL 5 TEL 4 TEL 1 TEL 3 TEL 2 © 2021-2025 Cisco Systems, Inc. Figure 13: FPR-1140 Top View

Page 45

TEL 8 TEL 10 TEL 9 Figure 14: FPR-1140 Bottom View Surface Preparation: Clean the chassis of any grease, dirt, or oil before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Operator Responsible for Securing Unused Seals: It is recommended seals be stored in a secure location under controlled access Part Numbers: AIR-AP-FIPSKIT=

7.3 Filler Panels

FPR1010 Opacity Shield 800-106088-01 Step 1: Slide the 1010 into the opacity case Step 2: Add three screws to bottom of opacity into the 1010 or 1010E. © 2021-2025 Cisco Systems, Inc.

Page 46

FPR1120, 1140 and 1150 Opacity Shield FPR1K-RM-FIPS-KIT Step 1: Attach the Slide Rail Locking Bracket, #2 in diagram to the Side of the Chassis using the countersink screws #3 in diagram. Step 2: Attach the Cable Management Bracket (#1) to the Slide Rail Locking Bracket (#2) using the countersink screws (#3) © 2021-2025 Cisco Systems, Inc.

Page 47
Sensitive security parameter
NameTypeDescription
DRAMDynamicVolatile Memory
FlashStaticNon-Volatile Memory
Service
NameApproved FunctionsTypeFromToDistributio n Type
Peer Public Key InputElectroni cPlaintextExternal (OutsideModuleAutomated

Step 3: Route the Cables through the Cable Management Brackets Step 4: Attach the FIPS Opacity Shield (#1) to the Cable Management Brackets (#3) using the countersink screws (#2)

8 Non-Invasive Security
9 Sensitive Security Parameters Management
9.1 Storage Areas
9.2 SSP Input-Output Methods
Page 48
Service
NameApproved FunctionsTypeFrom of the Module's Boundary )ToDistributio n TypeEntry Type
Module Public Key OutputPlaintextModuleExternal (Outside of the Module's Boundary )AutomatedElectroni c
Password/Secre t Input via SSHv2 encrypted by GCMKTS (SSHv2 with AES- GCM)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via SSHv2 encrypted by AES and HMACKTS (SSHv2 with AES and HMAC)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via TLS encrypted by GCMKTS (TLSv1.2 with AES- GCM)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
Password/Secre t Input via TLS encrypted by AES and HMACKTS (TLSv1.2 with AES and HMAC)Encrypte dExternal (Outside of the Module's Boundary )ModuleAutomatedElectroni c
ZeroizationDescriptionRationaleOperator
MethodInitiation
Zeroization CommandCO issues zeroization servicethe zeroization command will erase all SSPs stored in the DRAM or in the Flash of the module.CO issues command 'configure factory- default'

) ) ) ) ) m ) c d c with AESGCM) d c d c with AESGCM) d c Table 15: SSP Input-Output Methods

9.3 SSP Zeroization Methods

© 2021-2025 Cisco Systems, Inc. 'configure factorydefault'

Page 49
Sensitive security parameter
NameTypeDescriptionStrengthUse
DRBG Entropy InputEntropy Input - CSPUsed to seed the DRBG384 bits - at least 256 bitsCounter DRBG (A4446)
DRBG SeedDRBG Seed - CSPUsed in DRBG Generation256 bits - 256 bitsCounter DRBG (A4446)
DRBG Internal State V valueDRBG Internal State V value - CSPUsed in DRBG Generation256 bits - 256 bitsCounter DRBG (A4446)
DRBG KeyDRBG Key - CSPUsed in DRBG Generation256 bits - 256 bitsCounter DRBG (A4446)
User PasswordAuthenticati on Data - CSPUser authenticati on8-30 Characte rs - 8-30 Characte rs
Crypto Officer PasswordAuthenticati on Data - CSPCrypto Officer authenticati on8-30 Characte rs - 8-30 Characte rs
RADIUS SecretAuthenticati on Data - CSPRADIUS Server Authenticati on16 Characte rs - 16 Characte rs
TACACS+ SecretAuthenticati on Data - CSPTACACS+ Authenticati on16 Characte rs - 16
ZeroizationDescriptionRationaleOperator
MethodInitiation
Session terminationZeroization upon session terminationSession termination will automatically zeroize all session based temporary SSPsTerminate session
RebootZeroization upon rebooting the moduleReboot to zeroize all temporary SSPs stored in Module's DRAMReboot

Table 16: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement. © 2021-2025 Cisco Systems, Inc.

Page 50
Sensitive security parameter
NameTypeDescriptionStrengthUse
Firmware Load Test KeyPublic Key - CSPUsed for Firmware Load Test112 bits - 112 bitsFirmware Load Test
SSH DH Private KeyPrivate Key - CSPUsed to derive the SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)KAS- FFC- KeyGen (SSHv2)
SSH DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- KeyGen (SSHv2)
SSH Peer DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)
SSH DH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKDF SSH (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)
SSH ECDH Private KeyPrivate Key - CSPUsed to derive the SSH ECDH Shared SecretCurves: 256, 384, 521 bits - 128 to 256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS- ECC- KeyGen (SSHv2)
SSH ECDH Public KeyPublic Key - PSPUsed to derive SSH ECDHE Shared SecretCurves: 256, 384, 521 bits - 128-256 bitsKAS-ECC- KeyGen (SSHv2)
SSH Peer ECDH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretCurves: 256, 384, 521 bits - 128 to 256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
SSH ECDH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysCurves: 256, 384, 521 bits - 128 to 256 bitsKDF SSH (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)
SSH RSA Private KeyPrivate Key - CSPUsed for SSH session authenticati onModulus 2048 and 3072 bits - 112- 128 bitsRSA SigGen (FIPS186-4) (A4446)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH RSA Public KeyPublic Key - PSPUsed for SSH sessions aiuthenticati onModulus 2048 and 3072 bits - 112- 128 bitsRSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH ECDSA Private KeyPrivate Key - CSPUsed for SSH session authenticati onCurves: 256, 384, 521 bits - 128 to 256 bitsECDSA SigGen (FIPS186-4) (A4446)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
SSH ECDSA Public KeyPublic Key - PSPUsed for SSH sessions aiuthenticati onCurves: 256, 384, 521 bits - 128 to 256 bitsECDSA KeyGen (FIPS186- 4) (A4446)
SSH Session Encryption KeySession Key - CSPUsed for SSH Session confidentialit y protection128-256 bits - 128-256 bitsBlock Cipher (SSHv2)KAS-ECC (SSHv2) KAS-FFC (SSHv2)
SSH Session Authenticati on KeySession Key - CSPUsed for SSH Session integrity protectionAt least 160 bits - At least 160 bitsMAC (SSHv2)KAS-ECC (IKEv2) KAS-FFC (IKEv2)
TLS DH Private KeyPrivate Key - CSPUsed to Derive TLS DH Shared Secretffdhe204 8 - 112 bitsKAS-FFC- SSC Sp800-KAS- FFC- KeyGen
(TLSv1.2 )56Ar3 (A4446)(TLSv1.2 )
TLS DH Public KeyPublic Key - PSPUsed to Derive TLS DH Shared Secretffdhe204 8 - 112 bitsKAS-FFC- KeyGen (TLSv1.2)
TLS Peer DH Public KeyPublic Key - PSPUsed to derive TLS DH Shared Secretffdhe204 8 - 112 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)
TLS DH Shared SecretShared Secret - CSPUsed to Derive TLS Session Encryption Key and TLS Session Authenticati on Keyffdhe204 8 - 112 bitsTLS v1.2 KDF RFC7627 (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)
TLS ECDH Private KeyPrivate Key - CSPUsed to Derive TLS ECDH Shared SecretCurves P-256, P- 384, and P-521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS- ECC- KeyGen (TLSv1.2 )
TLS ECDH Public KeyPublic Key - PSPUsed to Derive TS ECDH Shared SecretCurves P-256, P- 384, and P-521 - 128-256 bitsKAS-ECC- KeyGen (TLSv1.2)
TLS Peer ECDH Public KeyPublic Key - PSPUsed to derive IKE ECDH Shared SecretCurves: P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
TLS ECDH Shared SecretShared Secret - CSPUsed to Derive TLS Session Encryption Key and TLS Session Authenticati on KeyCurves p-256, P- 384, P- 521 - 128-256 bitsTLS v1.2 KDF RFC7627 (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)
TLS ECDSA Private KeyPrivate Key - CSPUsed to support CO and Admin HTTPS interfacesCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigGen (FIPS186-4) (A4446)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
TLS ECDSA Public KeyPublic Key - PSPUsed to support CO and User HTTPS InterfacesCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
TLS RSA Private KeyPrivate Key - CSPUsed to support CO and Admin HTTPS InterfacesModulus 2048 and 3072 bits - 112- 128 bitsRSA SigGen (FIPS186-4) (A4446)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS RSA Public KeyPublic Key - PSPUsed to support CO and User HTTPS interfacesModulus 2048 and 3072 bits - 112- 128 bitsRSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS Master SecretMaster Secret - CSPUsed to protect HTTPS Session. Pre-master secretAt least 112 bits - At least 112 bitsTLS v1.2 KDF RFC7627 (A4446)
TLS Session Encryption KeySession Key - CSPUsed to protect HTTPS Session. TLS Master secret128-256 bits - 128-256 bitsBlock Cipher (TLSv1.2)KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2)
TLS Session Authenticati on KeySession Key - CSPUsed to protect HTTPS Session. TLS master secretat least 112 bits - at least 112 bitsMAC (TLSv1.2)KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2)
IPSec/IKE DH Private KeyPrivate Key - CSPUsed to derive IPSec/IKE DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)KAS- FFC- KeyGen (IKEv2)
IPSec/IKE DH Public KeyPublic Key - PSPUsed to derive IPSec/IKE DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- KeyGen (IKEv2)
IPSec/IKE Peer DH Public KeyPublic Key - PSPUsed to derive IPSec/IKE DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKAS-FFC- SSC Sp800- 56Ar3 (A4446)
IPSec/IKE DH Shared SecretShared Secret - CSPUsed to derive IPSec/IKE Session Encryption Keys, IPSec/IKE Authenticati on KeysMODP- 2048, MODP- 3072, MODP- 4096 - 112-152 bitsKDF IKEv2 (A4446)KAS-FFC- SSC Sp800- 56Ar3 (A4446)
IPSec/IKE ECDH Private KeyPrivate Key - CSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)KAS- ECC- KeyGen (IKEv2)
IPSec/IKE ECDH Public KeyPublic Key - PSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC- KeyGen (IKEv2)
IPSec/IKE Peer ECDH Public KeyPublic Key - PSPUsed to derive IPSec/IKE ECDH Shared SecretsCurves P-256, P- 384, P- 521 - 128-256 bitsKAS-ECC- SSC Sp800- 56Ar3 (A4446)
IPSec/IKE ECDH Shared SecretShared Secret - CSPUsed to derive IPSec/IKE ECDHCurves P-256, P- 384, P- 521 -KDF IKEv2 (A4446)KAS-ECC- SSC Sp800- 56Ar3 (A4446)
Shared SecretsShared Secrets128-256 bits
IPSec/IKE ECDSA Private KeyPrivate Key - CSPUsed for IPSec/IKE peer authenticati onCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA SigGen (FIPS186-4) (A4446)ECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
IPSec/IKE ECDSA Public KeyPublic Key - PSPUsed for IPSec/IKE peer authenticati onCurves P-256, P- 384, P- 521 - 128-256 bitsECDSA KeyGen (SSHv2, TLSv1.2 and IKEv2)
IPSec/IKE RSA Private KeyPrivate Key - CSPUsed for IPSec/IKE peer authenticati onModulus 2048 or 3072 - 112 or 128 bitsRSA SigGen (FIPS186-4) (A4446)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
IPSec/IKE RSA Public KeyPublic Key - PSPUsed for IPSec/IKE peer authenticati onModulus 2048 or 3072 - 112 or 128 bitsRSA KeyGen (SSHv2, TLSv1.2, IKEv2)
IPSec/IKE Pre-shared Secretshared secret - CSPUsed for IPSec/IKE peer authenticati on16-32 bytes character s - 16-32 bytes character s
SKEYSEEDKeying Material - CSPKeying material used to derive the IPSec/IKE Session Encryption Key and IPSec/IKE Authenticati on Key160 bits - 160 bitsKDF IKEv2 (A4446)
IPSec/IKE Session Encryption KeySession Key - CSPUsed to secure IPSec/IKEv2 session confidentialit y128-256 bits - 128-256 bitsBlock Cipher (IPSec/IKE)KAS-ECC (IKEv2) KAS-FFC (IKEv2)

© 2021-2025 Cisco Systems, Inc. MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, KASFFCKeyGen KAS-FFCSSC Sp80056Ar3 KAS-FFCKeyGen KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KASECCKeyGen KAS-ECCKeyGen KAS-ECCSSC Sp80056Ar3

Page 51

© 2021-2025 Cisco Systems, Inc. - 112128 bits - 112128 bits KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 (FIPS1864) (A4446) KASFFCKeyGen KAS-FFCSSC

Page 52

P-256, P384, P521 128-256 p-256, P384, P521 128-256 © 2021-2025 Cisco Systems, Inc. ) KAS-FFCKeyGen KAS-FFCSSC Sp80056Ar3 KASECCKeyGen ) KAS-FFCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCKeyGen KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3

Page 53

© 2021-2025 Cisco Systems, Inc. P-256, P384, P521 128-256 P-256, P384, P521 128-256 - 112128 bits - 112128 bits MODP2048, MODP3072, KASFFCKeyGen KAS-FFCSSC Sp80056Ar3

Page 54

© 2021-2025 Cisco Systems, Inc. MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, P-256, P384, P521 128-256 P-256, P384, P521 128-256 P-256, P384, P521 128-256 P-256, P384, P521 KAS-FFCKeyGen KAS-FFCSSC Sp80056Ar3 KAS-FFCSSC Sp80056Ar3 KASECCKeyGen KAS-ECCSSC Sp80056Ar3 KAS-ECCKeyGen KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3

Page 56
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseRelated SSPs
IPSec/IKE Authenticati on KeySession Key - CSPUsed to secure IPSec/IKEv2 session integrityat least 160 bits - at least 160 bitsKAS-ECC (IKEv2) KAS-FFC (IKEv2)MAC (IPSec/IKEv 2)
SNMPv3 Shared SecretAuthenticati on Secret - CSPUsed for SNMPv3 user authenticati on8-32 character s - N/A
SNMPv3 Encryption KeyEncryption Key - CSPUsed to protect SNMPv3 traffic confidentialit y128 bits - 128 bitsKDF SNMP (A4446)Block Cipher (SNMPv3)
SNMPv3 Authenticati on KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 112 bits - At least 112 bitsKDF SNMP (A4446)MAC (SNMPv3)
DRBG Entropy InputDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootUntil RebootDRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG SeedDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootUntil RebootDRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG Internal State V valueDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With
DRBG KeyDRAM:Plainte xtZeroizatio nUntil RebootDRBG Entropy Input:Used With
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseRelated SSPs
IPSec/IKE Authenticati on KeySession Key - CSPUsed to secure IPSec/IKEv2 session integrityat least 160 bits - at least 160 bitsKAS-ECC (IKEv2) KAS-FFC (IKEv2)MAC (IPSec/IKEv 2)
SNMPv3 Shared SecretAuthenticati on Secret - CSPUsed for SNMPv3 user authenticati on8-32 character s - N/A
SNMPv3 Encryption KeyEncryption Key - CSPUsed to protect SNMPv3 traffic confidentialit y128 bits - 128 bitsKDF SNMP (A4446)Block Cipher (SNMPv3)
SNMPv3 Authenticati on KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 112 bits - At least 112 bitsKDF SNMP (A4446)MAC (SNMPv3)
DRBG Entropy InputDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootUntil RebootDRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG SeedDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootUntil RebootDRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With
DRBG Internal State V valueDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootUntil RebootDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With
DRBG KeyDRAM:Plainte xtZeroizatio nUntil RebootDRBG Entropy Input:Used With

s - N/A y 2) Table 17: SSP Table 1 © 2021-2025 Cisco Systems, Inc. n n n n n n n n

Page 57
Sensitive security parameter
NameStorageZeroizationInput
User PasswordFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
Crypto Officer PasswordFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
RADIUS SecretFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted
Page 58
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs
TACACS+ SecretFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC
Firmware Load Test KeyFlash:Plaintex tN/A
SSH DH Private KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile SSH tunnel is onSSH DH Public Key:Paired With SSH Peer DH Public Key:Used With
SSH DH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootModule Public Key OutputWhile SSH tunnel is onSSH DH Private Key:Paired With
SSH Peer DH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootPeer Public Key InputWhile SSH tunnel is onSSH DH Private Key:Used With
SSH DH Shared SecretDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile SSH tunnel is onSSH DH Private Key:Derived From SSH DH Public Key:Derived From
SSH ECDH Private KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile SSH tunnel is onSSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used With
SSH ECDH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootModule Public Key OutputWhile SSH tunnel is onSSH ECDH Private Key:Paired With
SSH Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootPeer Public Key InputWhile SSH tunnel is onSSH ECDH Private Key:Used With
SSH ECDH Shared SecretDRAM:Plainte xtZeroizatio n Command Session terminatioWhile SSH tunnel is onSSH ECDH Private Key:Derived From SSH ECDH Public Key:Derived From
SSH RSA Private KeyFlash:Plaintex tZeroizatio n CommandSSH RSA Public Key:Paired With
SSH RSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputSSH RSA Private Key:Paired With
SSH ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandSSH ECDSA Public Key:Paired With
SSH ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputSSH ECDSA Private Key:Paired With
SSH Session Encryption KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile SSH tunnel is onSSH Session Authentication Key:Used With
SSH Session Authenticati on KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile SSH tunnel is onSSH Session Encryption Key:Used With
TLS DH Private KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile TLS tunnel is onTLS DH Public Key:Paired With TLS Peer DH Public Key:Used With
TLS DH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootModule Public Key OutputWhile TLS tunnel is onTLS DH Private Key:Paired With
TLS Peer DH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatioPeer Public Key Inputwhile TLS tunnel is onTLS DH Private Key:Used With
TLS DH Shared SecretDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile TLS tunnel is onTLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From
TLS ECDH Private KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile TLS tunnel is onTLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used With
TLS ECDH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootModule Public Key OutputWhile TLS tunnel is onTLS ECDH Private Key:Paired With
TLS Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootPeer Public Key Inputwhile TLS tunnel is onTLS ECDH Private Key:Used With
TLS ECDH Shared SecretDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile TLS tunnel is onTLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From
TLS ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandTLS ECDSA Public Key:Paired With
TLS ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputTLS ECDSA Private Key:Paired With
TLS RSA Private KeyFlash:Plaintex tZeroizatio n CommandTLS RSA Public Key:Paired With
TLS RSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputTLS RSA Private Key:Paired With
TLS Master SecretDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile TLS tunnel is onTLS ECDH Shared Secret:Derived From
TLS Session Encryption KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile TLS tunnel is onTLS Session Authentication Key:Used With
TLS Session Authenticati on KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile TLS tunnel is onTLS Session Encryption Key:Used With
IPSec/IKE DH Private KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Public Key:Paired With IPSec/IKE Peer DH Public Key:Used With
IPSec/IKE DH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootModule Public Key OutputWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Private Key:Paired With
IPSec/IKE Peer DH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootPeer Public Key Inputwhile IPSec/IKE tunnel is onIPsec/IKE DH Private Key:Used With
IPSec/IKE DH Shared SecretDRAM:Plainte xtZeroizatio n CommandWhile IPSec/IKESKEYSEED:Used With
v2 tunnel is onSession terminatio n Rebootv2 tunnel is on
IPSec/IKE ECDH Private KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile IPSec/IKE v2 tunnel is onIPSec/IKE ECDH Public Key:Paired With IPSec/IKE Peer ECDH Public Key:Used With
IPSec/IKE ECDH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootModule Public Key OutputWhile IPSec/IKE v2 tunnel is onIPSec/IKE ECDH Private Key:Paired With
IPSec/IKE Peer ECDH Public KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootPeer Public Key InputWhile IPSec/IKE v2 tunnel is onIPSec/IKE ECDH Private Key:Used With
IPSec/IKE ECDH Shared SecretDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile IPSec/IKE v2 tunnel is onSKEYSEED:Used With
IPSec/IKE ECDSA Private KeyFlash:Plaintex tZeroizatio n CommandIPSec/IKE ECDSA Public Key:Paired With
IPSec/IKE ECDSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputIPSec/IKE ECDSA Private Key:Paired With
IPSec/IKE RSA Private KeyFlash:Plaintex tZeroizatio n CommandIPSec/IKE RSA Public Key:Paired With
IPSec/IKE RSA Public KeyFlash:Plaintex tZeroizatio n CommandModule Public Key OutputIPSec/IKE RSA Private Key:Paired With
IPSec/IKE Pre-shared SecretFlash:Encrypt edZeroizatio n Command SessionPassword/Sec ret Input via SSHv2 encrypted byWhile IPSec/IKE v2 tunnel is onSKEYSEED:Deriv ed to
GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC Password/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMACterminatio n RebootGCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC Password/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC
SKEYSEEDDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From IPSec/IKE Pre- shared Secret:Derived From
IPSec/IKE Session Encryption KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From
IPSec/IKE Authenticati on KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile IPSec/IKE v2 tunnel is onIPSec/IKE DH Shared Secret:Derived From IPSec/IKE ECDH Shared Secret:Derived From
SNMPv3 Shared SecretFlash:Encrypt edZeroizatio n CommandPassword/Sec ret Input via TLS encrypted by GCMWhile SNMPv3 tunnel is onSNMPv3 Encryption Key:Derive To SNMPv3
Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMACPassword/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMACAuthentication Key:Derive To
SNMPv3 Encryption KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile SNMPv3 tunnel is onSNMPv3 Shared Secret:Derived From
SNMPv3 Authenticati on KeyDRAM:Plainte xtZeroizatio n Command Session terminatio n RebootWhile SNMPv3 tunnel is onSNMPv3 Shared Secret:Derived From SNMPv3 Encryption Key:Used With
Page 65
9.5 Transitions
Page 66
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTest PropertiesIndicatorConditions
RSA SigVer (FIPS186-4) (A4446)RSA SigVer (FIPS186-4) (A4446)KATSW/FW IntegrityRSA SigVerRSA SigVer 2048 bits with SHA2-512Module is in normal state
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassN/AN/AModule is in normal state
AES-CBC Encrypt KAT (A4446)AES-CBC Encrypt KAT (A4446)KATCASTEncryptModule is in normal state256 bitsPower Up
AES-CBC Decrypt KAT (A4446)AES-CBC Decrypt KAT (A4446)KATCASTDecryptModule is in normal state256 bitsPower Up
AES-GCM Authenticated Encrypt KAT (A4446)AES-GCM Authenticated Encrypt KAT (A4446)KATCASTAuthenticated EncryptModule is in normal state256 bitsPower Up
AES-GCM Authenticated Decrypt KAT (A4446)AES-GCM Authenticated Decrypt KAT (A4446)KATCASTAuthenticated DecryptModule is in normal state256 bitsPower Up
Counter DRBGCounter DRBGKATCASTInstantiate KATModule is in normal stateAES-128Power Up
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsTest PropertiesIndicatorConditions
RSA SigVer (FIPS186-4) (A4446)RSA SigVer (FIPS186-4) (A4446)KATSW/FW IntegrityRSA SigVerRSA SigVer 2048 bits with SHA2-512Module is in normal state
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassN/AN/AModule is in normal state
AES-CBC Encrypt KAT (A4446)AES-CBC Encrypt KAT (A4446)KATCASTEncryptModule is in normal state256 bitsPower Up
AES-CBC Decrypt KAT (A4446)AES-CBC Decrypt KAT (A4446)KATCASTDecryptModule is in normal state256 bitsPower Up
AES-GCM Authenticated Encrypt KAT (A4446)AES-GCM Authenticated Encrypt KAT (A4446)KATCASTAuthenticated EncryptModule is in normal state256 bitsPower Up
AES-GCM Authenticated Decrypt KAT (A4446)AES-GCM Authenticated Decrypt KAT (A4446)KATCASTAuthenticated DecryptModule is in normal state256 bitsPower Up
Counter DRBGCounter DRBGKATCASTInstantiate KATModule is in normal stateAES-128Power Up
Counter DRBG Generate KAT (A4446)Counter DRBG Generate KAT (A4446)KATCASTGenerate KATModule is in normal stateAES-128Power Up
Counter DRBG Reseed KAT (A4446)Counter DRBG Reseed KAT (A4446)KATCASTReseed KATModule is in normal stateAES-128Power Up
ECDSA SigGen (FIPS186-4) KAT (A4446)ECDSA SigGen (FIPS186-4) KAT (A4446)KATCASTECDSA SigGen KATModule is in normal stateP-256 curve with SHA2-256Power Up
ECDSA SigVer (FIPS186-4) KAT (A4446)ECDSA SigVer (FIPS186-4) KAT (A4446)KATCASTECDSA SigVer KATModule is in normal stateP-256 curve with SHA2-256Power Up
HMAC-SHA-1 KAT (A4446)HMAC-SHA-1 KAT (A4446)KATCASTHMAC-SHA-1Module is in normal stateSHA-1Power Up
HMAC-SHA2- 256 KAT (A4446)HMAC-SHA2- 256 KAT (A4446)KATCASTHMAC-SHA2- 256Module is in normal stateSHA2-256Power Up
HMAC-SHA2- 384 KAT (A4446)HMAC-SHA2- 384 KAT (A4446)KATCASTHMAC-SHA2- 384Module is in normal stateSHA2-384Power Up
HMAC-SHA2- 512 KAT (A4446)HMAC-SHA2- 512 KAT (A4446)KATCASTHMAC-SHA2- 512Module is in normal stateSHA2-512Power Up
KAS-ECC- SSC Sp800- 56Ar3 KAT (A4446)KAS-ECC- SSC Sp800- 56Ar3 KAT (A4446)KATCASTPrimitive Z KATModule is in normal stateP-256 CurvePower Up
KAS-FFC- SSC Sp800- 56Ar3 KAT (A4446)KAS-FFC- SSC Sp800- 56Ar3 KAT (A4446)KATCASTPrimitive Z KATModule is in normal stateMODP- 2048Power Up
RSA SigGen (FIPS186-4) KAT (A4446)RSA SigGen (FIPS186-4) KAT (A4446)KATCASTRSA SigGen KATModule is in normal state2048 bit modulus with SHA2- 256Power Up
RSA SigVer (FIPS186-4) KAT (A4446)RSA SigVer (FIPS186-4) KAT (A4446)KATCASTRSA SigVer KATModule is in normal state2048 bit modulus with SHA2- 256Power Up
KDF IKEv2 KAT (A4446)KDF IKEv2 KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
KDF SNMP KAT (A4446)KDF SNMP KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
KDF SSH KAT (A4446)KDF SSH KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
TLS v1.2 KDF RFC7627 KAT (A4446)TLS v1.2 KDF RFC7627 KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
SHA-1 KAT (A4446)SHA-1 KAT (A4446)KATCASTN/AModule is in normal stateN/APower Up
ECDSA KeyGen (FIPS186-4) PCT (A4446)ECDSA KeyGen (FIPS186-4) PCT (A4446)PCTPCTECDSAModule is in normal stateCurve P- 256 with SHA2-256Performs all required pair-wise consistency tests on the newly generated key pairs before the first operational use.
RSA KeyGen (FIPS186-4) PCT (A4446)RSA KeyGen (FIPS186-4) PCT (A4446)PCTPCTRSAModule is in normal state2048 bit ModulusPerforms all required pair-wise consistency tests on the newly generated key pairs before the first operational use.
KAS-ECC- SSC Sp800- 56Ar3 PCT (A4446)KAS-ECC- SSC Sp800- 56Ar3 PCT (A4446)PCTPCTN/AModule is in normal stateCurve P- 256 with SHA2-256Performs all required pair-wise consistency tests on the newly generated key pairs before the
KAS-FFC- SSC Sp800- 56Ar3 PCT (A4446)KAS-FFC- SSC Sp800- 56Ar3 PCT (A4446)PCTPCTN/AModule is in normal stateMODP- 2048Performs all required pair-wise consistency tests on the newly generated key pairs before the first operational use.
Firmware Load TestFirmware Load TestKATSW/FW LoadN/AModule is in normal stateHMAC- SHA2-512When firmware has been uploaded to the module
Conditional BypassConditional BypassN/ABypassN/AModule is in normal stateN/APerforms conditional bypass test before first operational use of bypass service
Entropy 90B Start-up Repetition Count Test (RCT)Entropy 90B Start-up Repetition Count Test (RCT)RCTCASTDesigned to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output value for a long period of timeModule is in normal stateRepetition Count TestPower Up
Entropy 90B Start-up Adaptive Proportion Test (APT)Entropy 90B Start-up Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of some physical failure or environmentalModule is in normal stateAdaptive Proportion TestPower Up
Entropy 90B Continuous Repetition Count Test (RCT)Entropy 90B Continuous Repetition Count Test (RCT)RCTCASTDesigned to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output value for a long period of timeModule is in normal stateRepetition Count TestEntropy data is generated from the Entropy Source - Continuous
Entropy 90B Continuous Adaptive Proportion Test (APT)Entropy 90B Continuous Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of some physical failure or environmental change affecting the noise sourceModule is in normal stateAdaptive Proportion TestEntropy data is generated from the Entropy Source - Continuous
RSA SigVer (FIPS186-4) (A4446)RSA SigVer (FIPS186-4) (A4446)KATSW/FW IntegrityRecommend 60 DaysReboot
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassRecommend 60 DaysReboot

timeline exists in which any of the implemented algorithms will transition from approved to non-approved.

10 Self-Tests
10.1 Pre-Operational Self-Tests

N/A N/A N/A Table 19: Pre-Operational Self-Tests The module performs the following self-tests, including the pre-operational self-tests and Conditional self-tests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the

10.2 Conditional Self-Tests
Page 67

KAS-ECCSSC Sp80056Ar3 KAT KAS-FFCSSC Sp80056Ar3 KAT HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 MODP2048 with SHA2256 with SHA2256 © 2021-2025 Cisco Systems, Inc.

Page 68

N/A N/A N/A N/A N/A KAS-ECCSSC Sp80056Ar3 PCT © 2021-2025 Cisco Systems, Inc. N/A N/A N/A N/A N/A N/A

Page 69

KAS-FFCSSC Sp80056Ar3 PCT MODP2048 N/A HMACSHA2-512 N/A N/A N/A N/A © 2021-2025 Cisco Systems, Inc.

Page 70
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
Entropy 90B Continuous Repetition Count Test (RCT)Entropy 90B Continuous Repetition Count Test (RCT)RCTCASTDesigned to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output value for a long period of timeRepetition Count TestModule is in normal stateEntropy data is generated from the Entropy Source - Continuous
Entropy 90B Continuous Adaptive Proportion Test (APT)Entropy 90B Continuous Adaptive Proportion Test (APT)APTCASTDesigned to detect a large loss of entropy that might occur as a result of some physical failure or environmental change affecting the noise sourceAdaptive Proportion TestModule is in normal stateEntropy data is generated from the Entropy Source - Continuous
RSA SigVer (FIPS186-4) (A4446)RSA SigVer (FIPS186-4) (A4446)KATSW/FW IntegrityRecommend 60 DaysReboot
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassRecommend 60 DaysReboot
AES-CBC Encrypt KAT (A4446)AES-CBC Encrypt KAT (A4446)KATCASTRecommend 60 DaysReboot
AES-CBC Decrypt KAT (A4446)AES-CBC Decrypt KAT (A4446)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Encrypt KAT (A4446)AES-GCM Authenticated Encrypt KAT (A4446)KATCASTRecommend 60 DaysReboot
AES-GCM Authenticated Decrypt KAT (A4446)AES-GCM Authenticated Decrypt KAT (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG Instantiate KAT (A4446)Counter DRBG Instantiate KAT (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG Generate KAT (A4446)Counter DRBG Generate KAT (A4446)KATCASTRecommend 60 DaysReboot
Counter DRBG Reseed KAT (A4446)Counter DRBG Reseed KAT (A4446)KATCASTRecommend 60 DaysReboot
ECDSA SigGen (FIPS186-4) KAT (A4446)ECDSA SigGen (FIPS186-4) KAT (A4446)KATCASTRecommend 60 DaysReboot
ECDSA SigVer (FIPS186-4) KAT (A4446)ECDSA SigVer (FIPS186-4) KAT (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA-1 KAT (A4446)HMAC-SHA-1 KAT (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 256 KAT (A4446)HMAC-SHA2- 256 KAT (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 384 KAT (A4446)HMAC-SHA2- 384 KAT (A4446)KATCASTRecommend 60 DaysReboot
HMAC-SHA2- 512 KAT (A4446)HMAC-SHA2- 512 KAT (A4446)KATCASTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800-56Ar3 KAT (A4446)KAS-ECC-SSC Sp800-56Ar3 KAT (A4446)KATCASTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800-56Ar3 KAT (A4446)KAS-FFC-SSC Sp800-56Ar3 KAT (A4446)KATCASTRecommend 60 DaysReboot
RSA SigGen (FIPS186-4) KAT (A4446)RSA SigGen (FIPS186-4) KAT (A4446)KATCASTRecommend 60 DaysReboot
RSA SigVer (FIPS186-4) KAT (A4446)RSA SigVer (FIPS186-4) KAT (A4446)KATCASTRecommend 60 DaysReboot
KDF IKEv2 KAT (A4446)KDF IKEv2 KAT (A4446)KATCASTRecommend 60 DaysReboot
KDF SNMP KAT (A4446)KDF SNMP KAT (A4446)KATCASTRecommend 60 DaysReboot
KDF SSH KAT (A4446)KDF SSH KAT (A4446)KATCASTRecommend 60 DaysReboot
TLS v1.2 KDF RFC7627 KAT (A4446)TLS v1.2 KDF RFC7627 KAT (A4446)KATCASTRecommend 60 DaysReboot
SHA-1 KAT (A4446)SHA-1 KAT (A4446)KATCASTRecommend 60 DaysReboot
ECDSA KeyGen (FIPS186-4) PCT (A4446)ECDSA KeyGen (FIPS186-4) PCT (A4446)PCTPCTRecommend 60 DaysReboot
RSA KeyGen (FIPS186-4) PCT (A4446)RSA KeyGen (FIPS186-4) PCT (A4446)PCTPCTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800-56Ar3 PCT (A4446)KAS-ECC-SSC Sp800-56Ar3 PCT (A4446)PCTPCTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800-56Ar3 PCT (A4446)KAS-FFC-SSC Sp800-56Ar3 PCT (A4446)PCTPCTRecommend 60 DaysReboot
Firmware Load TestFirmware Load TestKATSW/FW LoadN/AN/A
Conditional BypassConditional BypassN/ABypassN/AN/A
Entropy 90B Start-up Repetition Count Test (RCT)Entropy 90B Start-up Repetition Count Test (RCT)RCTCASTN/AN/A
Entropy 90B Start-up Adaptive Proportion Test (APT)Entropy 90B Start-up Adaptive Proportion Test (APT)APTCASTN/AN/A
Entropy 90B Continuous Repetition Count Test (RCT)Entropy 90B Continuous Repetition Count Test (RCT)RCTCASTN/AN/A
Entropy 90B ContinuousEntropy 90B ContinuousAPTCASTN/AN/A

Table 20: Conditional Self-Tests The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.3 Periodic Self-Test Information

N/A Table 21: Pre-Operational Periodic Information © 2021-2025 Cisco Systems, Inc.

Page 73
Service
NameDescriptionRole AccessIndicator
Error StateIf self-test tests fail, the module is put into an error stateSelf-test failureSystem HaltReboot the module

Table 22: Conditional Periodic Information

10.4 Error States

Table 23: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The validated module firmware was installed onto the respective test platforms listed in Table 2 above. Any firmware loaded into the module that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation. The Crypto Officer must configure and enforce the following initialization steps. Step 1: The Crypto Officer must install opacity shields as described in section 7 above. Step 2: The Crypto Officer must apply tamper evidence labels as described in section 7 above. Step 3: The Crypto Officer must securely store any unused tamper evidence labels. Note: Each module has a Type A USB 2.0 port, but it is considered to be disabled once the Crypto Officer has applied the TEL #8. Step 4: Crypto Officer performs the following configurations: ciscoasa# configure terminal Note, the Crypto Officer needs to connect the platform to cisco.com to obtain the license for ASA from Cisco. ciscoasa(config)# license smart register idtoken [token data] ciscoasa(config)#license smart © 2021-2025 Cisco Systems, Inc.

Page 74

ciscoasa(config-smart-lic)# show license all Smart Licensing Status ====================== Smart Licensing is ENABLED -ORStep

  1. Crypto officer shall perform zeroization operation if the module was previously used before the approved mode configuration. ciscoasa(config-smart-lic)# show license summary Smart Licensing is ENABLED Step 6: Enable “Approved Mode” to allow the module to startup the cryptographic module, such as run power-on self-tests and bypass test by using the following command: ciscoasa(config)# fips enable Note: Startup operational mode will not take effect until you save configuration and reboot the device Rebooting the device will force new self-test Step 7: Crypto Officer can verify the version installed and running ciscoasa(config)# show version Step 8: Crypto Officer will need to configure ASA ciscoasa> en ciscoasa# conf t ciscoasa(config)# Step 9: Assign users a Privilege Level of
  2. Step 10: Configure IP address for unit and all distant endpoints. Step 11: Define RADIUS and TACACS+ shared secret keys that are at least 8 characters long and secure traffic between the security module and the RADIUS/TACACS+ server via secure (IPSec, TLS) tunnel. Note: Perform this step only if RADIUS/TACAS+ is configured, otherwise skip over and proceed to next step. Step 12: Configure the security module so that any remote connections via Telnet are secured through IPSec. Step 13: Configure the security module so that only approved algorithms are used for IPsec tunnels. Step 14: Configure the security module so that error messages can only be viewed by Crypto Officer. Step 15: Disable the TFTP server. © 2021-2025 Cisco Systems, Inc.
Page 75

Step 16: Disable HTTP for performing system management in approved mode of operation. HTTPS with TLS should always be used for Web-based management. Step 17: Ensure that installed digital certificates are signed using approved algorithms.

11.2 Administrator Guidance

Specific Admin guidance can be found in the ASA 9.20 VPN CLI configuration guide: https://www.cisco.com/c/en/us/td/docs/security/asa/asa920/configuration/vpn/asa-920-vpnconfig.html

11.3 Non-Administrator Guidance

Specific Non-Admin guidance can be found in the Firepower 1000 Series Datasheet and the Firepower 1100 Series Hardware Installation Guide: https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78742469.html and https://www.cisco.com/c/en/us/td/docs/security/firepower/1100/hw/guide/hwinstall-1100/overview.html

12 Mitigation of Other Attacks

N/A for this module. © 2021-2025 Cisco Systems, Inc.

Referenced URLs